import OpenSSL 1.0.0e

81 files changed, 1444 insertions, 641 deletions

diff --git a/src/lib/libcrypto/LPdir_vms.c b/src/lib/libcrypto/LPdir_vms.c
index 85b427a623..7613bd254e 100644
--- a/src/lib/libcrypto/LPdir_vms.c
+++ b/src/lib/libcrypto/LPdir_vms.c
@@ -40,22 +40,18 @@
 #ifndef LPDIR_H
 #include "LPdir.h"
 #endif
+#include "vms_rms.h"
 
-/* Because some compiler options hide this macor */
+/* Some compiler options hide EVMSERR. */
 #ifndef EVMSERR
-#define EVMSERR         65535  /* error for non-translatable VMS errors */
+# define EVMSERR        65535  /* error for non-translatable VMS errors */
 #endif
 
 struct LP_dir_context_st
 {
   unsigned long VMS_context;
-#ifdef NAML$C_MAXRSS
-  char filespec[NAML$C_MAXRSS+1];
-  char result[NAML$C_MAXRSS+1];
-#else
-  char filespec[256];
-  char result[256];
-#endif
+  char filespec[ NAMX_MAXRSS+ 1];
+  char result[ NAMX_MAXRSS+ 1];
   struct dsc$descriptor_d filespec_dsc;
   struct dsc$descriptor_d result_dsc;
 };
@@ -66,6 +62,16 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
   char *p, *r;
   size_t l;
   unsigned long flags = 0;
+
+/* Arrange 32-bit pointer to (copied) string storage, if needed. */
+#if __INITIAL_POINTER_SIZE == 64
+# pragma pointer_size save
+# pragma pointer_size 32
+        char *ctx_filespec_32p;
+# pragma pointer_size restore
+        char ctx_filespec_32[ NAMX_MAXRSS+ 1];
+#endif /* __INITIAL_POINTER_SIZE == 64 */
+
 #ifdef NAML$C_MAXRSS
   flags |= LIB$M_FIL_LONG_NAMES;
 #endif
@@ -93,13 +99,7 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
 
       filespeclen += 4;         /* "*.*;" */
 
-      if (filespeclen >
-#ifdef NAML$C_MAXRSS
-          NAML$C_MAXRSS
-#else
-          255
-#endif
-          )
+      if (filespeclen > NAMX_MAXRSS)
         {
           errno = ENAMETOOLONG;
           return 0;
@@ -115,14 +115,21 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
 
       strcpy((*ctx)->filespec,directory);
       strcat((*ctx)->filespec,"*.*;");
+
+/* Arrange 32-bit pointer to (copied) string storage, if needed. */
+#if __INITIAL_POINTER_SIZE == 64
+# define CTX_FILESPEC ctx_filespec_32p
+        /* Copy the file name to storage with a 32-bit pointer. */
+        ctx_filespec_32p = ctx_filespec_32;
+        strcpy( ctx_filespec_32p, (*ctx)->filespec);
+#else /* __INITIAL_POINTER_SIZE == 64 */
+# define CTX_FILESPEC (*ctx)->filespec
+#endif /* __INITIAL_POINTER_SIZE == 64 [else] */
+
       (*ctx)->filespec_dsc.dsc$w_length = filespeclen;
       (*ctx)->filespec_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
       (*ctx)->filespec_dsc.dsc$b_class = DSC$K_CLASS_S;
-      (*ctx)->filespec_dsc.dsc$a_pointer = (*ctx)->filespec;
-      (*ctx)->result_dsc.dsc$w_length = 0;
-      (*ctx)->result_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
-      (*ctx)->result_dsc.dsc$b_class = DSC$K_CLASS_D;
-      (*ctx)->result_dsc.dsc$a_pointer = 0;
+      (*ctx)->filespec_dsc.dsc$a_pointer = CTX_FILESPEC;
     }
 
   (*ctx)->result_dsc.dsc$w_length = 0;
diff --git a/src/lib/libcrypto/ecdsa/ecdsatest.c b/src/lib/libcrypto/ecdsa/ecdsatest.c
index aa4e1481a8..26a4a9ee7c 100644
--- a/src/lib/libcrypto/ecdsa/ecdsatest.c
+++ b/src/lib/libcrypto/ecdsa/ecdsatest.c
@@ -168,10 +168,9 @@ int fbytes(unsigned char *buf, int num)
                 return 0;
                 }
         fbytes_counter ++;
-        ret = BN_bn2bin(tmp, buf);      
-        if (ret == 0 || ret != num)
+        if (num != BN_num_bytes(tmp) || !BN_bn2bin(tmp, buf))
                 ret = 0;
-        else
+        else 
                 ret = 1;
         if (tmp)
                 BN_free(tmp);
diff --git a/src/lib/libcrypto/jpake/jpake.c b/src/lib/libcrypto/jpake/jpake.c
index 086d9f47e0..8e4b633ccc 100644
--- a/src/lib/libcrypto/jpake/jpake.c
+++ b/src/lib/libcrypto/jpake/jpake.c
@@ -282,8 +282,37 @@ int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx)
     return 1;
     }
 
+/* g^x is a legal value */
+static int is_legal(const BIGNUM *gx, const JPAKE_CTX *ctx)
+    {
+    BIGNUM *t;
+    int res;
+    
+    if(BN_is_negative(gx) || BN_is_zero(gx) || BN_cmp(gx, ctx->p.p) >= 0)
+        return 0;
+
+    t = BN_new();
+    BN_mod_exp(t, gx, ctx->p.q, ctx->p.p, ctx->ctx);
+    res = BN_is_one(t);
+    BN_free(t);
+
+    return res;
+    }
+
 int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received)
     {
+    if(!is_legal(received->p1.gx, ctx))
+        {
+        JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL);
+        return 0;
+        }
+
+    if(!is_legal(received->p2.gx, ctx))
+        {
+        JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL);
+        return 0;
+        }
+
    /* verify their ZKP(xc) */
     if(!verify_zkp(&received->p1, ctx->p.g, ctx))
         {
diff --git a/src/lib/libcrypto/jpake/jpake.h b/src/lib/libcrypto/jpake/jpake.h
index 693ea188cb..fd143b4d9b 100644
--- a/src/lib/libcrypto/jpake/jpake.h
+++ b/src/lib/libcrypto/jpake/jpake.h
@@ -115,6 +115,8 @@ void ERR_load_JPAKE_strings(void);
 #define JPAKE_F_VERIFY_ZKP                               100
 
 /* Reason codes. */
+#define JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL                 108
+#define JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL                 109
 #define JPAKE_R_G_TO_THE_X4_IS_ONE                       105
 #define JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH             106
 #define JPAKE_R_HASH_OF_KEY_MISMATCH                     107
diff --git a/src/lib/libcrypto/jpake/jpake_err.c b/src/lib/libcrypto/jpake/jpake_err.c
index 1b95067967..a9a9dee75c 100644
--- a/src/lib/libcrypto/jpake/jpake_err.c
+++ b/src/lib/libcrypto/jpake/jpake_err.c
@@ -1,6 +1,6 @@
 /* crypto/jpake/jpake_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2010 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -80,6 +80,8 @@ static ERR_STRING_DATA JPAKE_str_functs[]=
 
 static ERR_STRING_DATA JPAKE_str_reasons[]=
         {
+{ERR_REASON(JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL),"g to the x3 is not legal"},
+{ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL),"g to the x4 is not legal"},
 {ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_ONE)  ,"g to the x4 is one"},
 {ERR_REASON(JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH),"hash of hash of key mismatch"},
 {ERR_REASON(JPAKE_R_HASH_OF_KEY_MISMATCH),"hash of key mismatch"},
diff --git a/src/lib/libcrypto/pqueue/pqueue.c b/src/lib/libcrypto/pqueue/pqueue.c
index 99a6fb874d..eab13a1250 100644
--- a/src/lib/libcrypto/pqueue/pqueue.c
+++ b/src/lib/libcrypto/pqueue/pqueue.c
@@ -167,14 +167,13 @@ pqueue_pop(pqueue_s *pq)
 pitem *
 pqueue_find(pqueue_s *pq, unsigned char *prio64be)
         {
-        pitem *next, *prev = NULL;
+        pitem *next;
         pitem *found = NULL;
 
         if ( pq->items == NULL)
                 return NULL;
 
-        for ( next = pq->items; next->next != NULL; 
-                  prev = next, next = next->next)
+        for ( next = pq->items; next->next != NULL; next = next->next)
                 {
                 if ( memcmp(next->priority, prio64be,8) == 0)
                         {
diff --git a/src/lib/libcrypto/rand/rand_nw.c b/src/lib/libcrypto/rand/rand_nw.c
index f177ffbe82..8d5b8d2e32 100644
--- a/src/lib/libcrypto/rand/rand_nw.c
+++ b/src/lib/libcrypto/rand/rand_nw.c
@@ -160,8 +160,8 @@ int RAND_poll(void)
          rdtsc
          mov tsc, eax        
       }
-#else
-      asm volatile("rdtsc":"=A" (tsc));
+#elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+      asm volatile("rdtsc":"=a"(tsc)::"edx");
 #endif
 
       RAND_add(&tsc, sizeof(tsc), 1);
diff --git a/src/lib/libcrypto/vms_rms.h b/src/lib/libcrypto/vms_rms.h
new file mode 100755
index 0000000000..00a00d993f
--- /dev/null
+++ b/src/lib/libcrypto/vms_rms.h
@@ -0,0 +1,51 @@
+
+#ifdef NAML$C_MAXRSS
+
+# define CC_RMS_NAMX cc$rms_naml
+# define FAB_NAMX fab$l_naml
+# define FAB_OR_NAML( fab, naml) naml
+# define FAB_OR_NAML_DNA naml$l_long_defname
+# define FAB_OR_NAML_DNS naml$l_long_defname_size
+# define FAB_OR_NAML_FNA naml$l_long_filename
+# define FAB_OR_NAML_FNS naml$l_long_filename_size
+# define NAMX_ESA naml$l_long_expand
+# define NAMX_ESL naml$l_long_expand_size
+# define NAMX_ESS naml$l_long_expand_alloc
+# define NAMX_NOP naml$b_nop
+# define SET_NAMX_NO_SHORT_UPCASE( nam) nam.naml$v_no_short_upcase = 1
+
+# if __INITIAL_POINTER_SIZE == 64
+#  define NAMX_DNA_FNA_SET(fab) fab.fab$l_dna = (__char_ptr32) -1; \
+   fab.fab$l_fna = (__char_ptr32) -1;
+# else /* __INITIAL_POINTER_SIZE == 64 */
+#  define NAMX_DNA_FNA_SET(fab) fab.fab$l_dna = (char *) -1; \
+   fab.fab$l_fna = (char *) -1;
+# endif /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+# define NAMX_MAXRSS NAML$C_MAXRSS
+# define NAMX_STRUCT NAML
+
+#else /* def NAML$C_MAXRSS */
+
+# define CC_RMS_NAMX cc$rms_nam
+# define FAB_NAMX fab$l_nam
+# define FAB_OR_NAML( fab, naml) fab
+# define FAB_OR_NAML_DNA fab$l_dna
+# define FAB_OR_NAML_DNS fab$b_dns
+# define FAB_OR_NAML_FNA fab$l_fna
+# define FAB_OR_NAML_FNS fab$b_fns
+# define NAMX_ESA nam$l_esa
+# define NAMX_ESL nam$b_esl
+# define NAMX_ESS nam$b_ess
+# define NAMX_NOP nam$b_nop
+# define NAMX_DNA_FNA_SET(fab)
+# define NAMX_MAXRSS NAM$C_MAXRSS
+# define NAMX_STRUCT NAM
+# ifdef NAM$M_NO_SHORT_UPCASE
+#  define SET_NAMX_NO_SHORT_UPCASE( nam) naml.naml$v_no_short_upcase = 1
+# else /* def NAM$M_NO_SHORT_UPCASE */
+#  define SET_NAMX_NO_SHORT_UPCASE( nam)
+# endif /* def NAM$M_NO_SHORT_UPCASE [else] */
+
+#endif /* def NAML$C_MAXRSS [else] */
+
diff --git a/src/lib/libcrypto/x509v3/v3_addr.c b/src/lib/libcrypto/x509v3/v3_addr.c
index 9087d66e0a..0d70e8696d 100644
--- a/src/lib/libcrypto/x509v3/v3_addr.c
+++ b/src/lib/libcrypto/x509v3/v3_addr.c
@@ -177,12 +177,18 @@ static int i2r_address(BIO *out,
   unsigned char addr[ADDR_RAW_BUF_LEN];
   int i, n;
 
+  if (bs->length < 0)
+    return 0;
   switch (afi) {
   case IANA_AFI_IPV4:
+    if (bs->length > 4)
+      return 0;
     addr_expand(addr, bs, 4, fill);
     BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]);
     break;
   case IANA_AFI_IPV6:
+    if (bs->length > 16)
+      return 0;
     addr_expand(addr, bs, 16, fill);
     for (n = 16; n > 1 && addr[n-1] == 0x00 && addr[n-2] == 0x00; n -= 2)
       ;
diff --git a/src/lib/libcrypto/x509v3/v3_asid.c b/src/lib/libcrypto/x509v3/v3_asid.c
index 56702f86b9..3f434c0603 100644
--- a/src/lib/libcrypto/x509v3/v3_asid.c
+++ b/src/lib/libcrypto/x509v3/v3_asid.c
@@ -61,7 +61,6 @@
 
 #include <stdio.h>
 #include <string.h>
-#include <assert.h>
 #include "cryptlib.h"
 #include <openssl/conf.h>
 #include <openssl/asn1.h>
@@ -172,11 +171,11 @@ static int ASIdOrRange_cmp(const ASIdOrRange * const *a_,
 {
   const ASIdOrRange *a = *a_, *b = *b_;
 
-  assert((a->type == ASIdOrRange_id && a->u.id != NULL) ||
+  OPENSSL_assert((a->type == ASIdOrRange_id && a->u.id != NULL) ||
          (a->type == ASIdOrRange_range && a->u.range != NULL &&
           a->u.range->min != NULL && a->u.range->max != NULL));
 
-  assert((b->type == ASIdOrRange_id && b->u.id != NULL) ||
+  OPENSSL_assert((b->type == ASIdOrRange_id && b->u.id != NULL) ||
          (b->type == ASIdOrRange_range && b->u.range != NULL &&
           b->u.range->min != NULL && b->u.range->max != NULL));
 
@@ -215,7 +214,7 @@ int v3_asid_add_inherit(ASIdentifiers *asid, int which)
   if (*choice == NULL) {
     if ((*choice = ASIdentifierChoice_new()) == NULL)
       return 0;
-    assert((*choice)->u.inherit == NULL);
+    OPENSSL_assert((*choice)->u.inherit == NULL);
     if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL)
       return 0;
     (*choice)->type = ASIdentifierChoice_inherit;
@@ -250,7 +249,7 @@ int v3_asid_add_id_or_range(ASIdentifiers *asid,
   if (*choice == NULL) {
     if ((*choice = ASIdentifierChoice_new()) == NULL)
       return 0;
-    assert((*choice)->u.asIdsOrRanges == NULL);
+    OPENSSL_assert((*choice)->u.asIdsOrRanges == NULL);
     (*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp);
     if ((*choice)->u.asIdsOrRanges == NULL)
       return 0;
@@ -286,7 +285,7 @@ static void extract_min_max(ASIdOrRange *aor,
                             ASN1_INTEGER **min,
                             ASN1_INTEGER **max)
 {
-  assert(aor != NULL && min != NULL && max != NULL);
+  OPENSSL_assert(aor != NULL && min != NULL && max != NULL);
   switch (aor->type) {
   case ASIdOrRange_id:
     *min = aor->u.id;
@@ -373,7 +372,7 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
 int v3_asid_is_canonical(ASIdentifiers *asid)
 {
   return (asid == NULL ||
-          (ASIdentifierChoice_is_canonical(asid->asnum) ||
+          (ASIdentifierChoice_is_canonical(asid->asnum) &&
            ASIdentifierChoice_is_canonical(asid->rdi)));
 }
 
@@ -395,7 +394,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
   /*
    * We have a list.  Sort it.
    */
-  assert(choice->type == ASIdentifierChoice_asIdsOrRanges);
+  OPENSSL_assert(choice->type == ASIdentifierChoice_asIdsOrRanges);
   sk_ASIdOrRange_sort(choice->u.asIdsOrRanges);
 
   /*
@@ -413,7 +412,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
     /*
      * Make sure we're properly sorted (paranoia).
      */
-    assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0);
+    OPENSSL_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0);
 
     /*
      * Check for overlaps.
@@ -472,7 +471,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
     }
   }
 
-  assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */
+  OPENSSL_assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */
 
   ret = 1;
 
@@ -709,9 +708,9 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
   int i, ret = 1, inherit_as = 0, inherit_rdi = 0;
   X509 *x;
 
-  assert(chain != NULL && sk_X509_num(chain) > 0);
-  assert(ctx != NULL || ext != NULL);
-  assert(ctx == NULL || ctx->verify_cb != NULL);
+  OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0);
+  OPENSSL_assert(ctx != NULL || ext != NULL);
+  OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL);
 
   /*
    * Figure out where to start.  If we don't have an extension to
@@ -724,7 +723,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
   } else {
     i = 0;
     x = sk_X509_value(chain, i);
-    assert(x != NULL);
+    OPENSSL_assert(x != NULL);
     if ((ext = x->rfc3779_asid) == NULL)
       goto done;
   }
@@ -757,7 +756,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
    */
   for (i++; i < sk_X509_num(chain); i++) {
     x = sk_X509_value(chain, i);
-    assert(x != NULL);
+    OPENSSL_assert(x != NULL);
     if (x->rfc3779_asid == NULL) {
       if (child_as != NULL || child_rdi != NULL)
         validation_err(X509_V_ERR_UNNESTED_RESOURCE);
@@ -800,7 +799,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
   /*
    * Trust anchor can't inherit.
    */
-  assert(x != NULL);
+  OPENSSL_assert(x != NULL);
   if (x->rfc3779_asid != NULL) {
     if (x->rfc3779_asid->asnum != NULL &&
         x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit)
diff --git a/src/lib/libssl/src/ACKNOWLEDGMENTS b/src/lib/libssl/src/ACKNOWLEDGMENTS
new file mode 100644
index 0000000000..fb6dd912c4
--- /dev/null
+++ b/src/lib/libssl/src/ACKNOWLEDGMENTS
@@ -0,0 +1,25 @@
+The OpenSSL project depends on volunteer efforts and financial support from
+the end user community. That support comes in the form of donations and paid
+sponsorships, software support contracts, paid consulting services
+and commissioned software development.
+
+Since all these activities support the continued development and improvement
+of OpenSSL we consider all these clients and customers as sponsors of the
+OpenSSL project.
+
+We would like to identify and thank the following such sponsors for their past
+or current significant support of the OpenSSL project:
+
+Very significant support:
+
+        OpenGear: www.opengear.com
+
+Significant support:
+
+        PSW Group: www.psw.net
+
+Please note that we ask permission to identify sponsors and that some sponsors
+we consider eligible for inclusion here have requested to remain anonymous.
+
+Additional sponsorship or financial support is always welcome: for more
+information please contact the OpenSSL Software Foundation.
diff --git a/src/lib/libssl/src/Makefile.shared b/src/lib/libssl/src/Makefile.shared
index 3569832f1b..e753f44e18 100644
--- a/src/lib/libssl/src/Makefile.shared
+++ b/src/lib/libssl/src/Makefile.shared
@@ -135,7 +135,7 @@ LINK_SO_A_VIA_O=	\
   ALL=$$ALLSYMSFLAGS; ALLSYMSFLAGS=; NOALLSYMSFLAGS=; \
   ( $(SET_X); \
     ld $(LDFLAGS) -r -o lib$(LIBNAME).o $$ALL lib$(LIBNAME).a $(LIBEXTRAS) ); \
-  $(LINK_SO) && rm -f $(LIBNAME).o
+  $(LINK_SO) && rm -f lib$(LIBNAME).o
 
 LINK_SO_A_UNPACKED=     \
   UNPACKDIR=link_tmp.$$$$; rm -rf $$UNPACKDIR; mkdir $$UNPACKDIR; \
@@ -207,17 +207,29 @@ link_app.bsd:
         fi; $(LINK_APP)
 
 # For Darwin AKA Mac OS/X (dyld)
-# link_o.darwin produces .so, because we let it use dso_dlfcn module,
-# which has .so extension hard-coded. One can argue that one should
-# develop special dso module for MacOS X. At least manual encourages
-# to use native NSModule(3) API and refers to dlfcn as termporary hack.
+# Originally link_o.darwin produced .so, because it was hard-coded
+# in dso_dlfcn module. At later point dso_dlfcn switched to .dylib
+# extension in order to allow for run-time linking with vendor-
+# supplied shared libraries such as libz, so that link_o.darwin had
+# to be harmonized with it. This caused minor controversy, because
+# it was believed that dlopen can't be used to dynamically load
+# .dylib-s, only so called bundle modules (ones linked with -bundle
+# flag). The belief seems to be originating from pre-10.4 release,
+# where dlfcn functionality was emulated by dlcompat add-on. In
+# 10.4 dlopen was rewritten as native part of dyld and is documented
+# to be capable of loading both dynamic libraries and bundles. In
+# order to provide compatibility with pre-10.4 dlopen, modules are
+# linked with -bundle flag, which makes .dylib extension misleading.
+# It works, because dlopen is [and always was] extension-agnostic.
+# Alternative to this heuristic approach is to develop specific
+# MacOS X dso module relying on whichever "native" dyld interface.
 link_o.darwin:
         @ $(CALC_VERSIONS); \
         SHLIB=lib$(LIBNAME); \
-        SHLIB_SUFFIX=.so; \
+        SHLIB_SUFFIX=.dylib; \
         ALLSYMSFLAGS='-all_load'; \
         NOALLSYMSFLAGS=''; \
-        SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS)"; \
+        SHAREDFLAGS="$(CFLAGS) `echo $(SHARED_LDFLAGS) | sed s/dynamiclib/bundle/`"; \
         if [ -n "$(LIBVERSION)" ]; then \
                 SHAREDFLAGS="$$SHAREDFLAGS -current_version $(LIBVERSION)"; \
         fi; \
diff --git a/src/lib/libssl/src/apps/ec.c b/src/lib/libssl/src/apps/ec.c
index 31194b48df..896eabc13f 100644
--- a/src/lib/libssl/src/apps/ec.c
+++ b/src/lib/libssl/src/apps/ec.c
@@ -85,9 +85,6 @@ int MAIN(int, char **);
 
 int MAIN(int argc, char **argv)
 {
-#ifndef OPENSSL_NO_ENGINE
-        ENGINE  *e = NULL;
-#endif
         int     ret = 1;
         EC_KEY  *eckey = NULL;
         const EC_GROUP *group;
@@ -254,7 +251,7 @@ bad:
         ERR_load_crypto_strings();
 
 #ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine, 0);
+        setup_engine(bio_err, engine, 0);
 #endif
 
         if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) 
diff --git a/src/lib/libssl/src/apps/ecparam.c b/src/lib/libssl/src/apps/ecparam.c
index e9aa0a184a..465480bedd 100644
--- a/src/lib/libssl/src/apps/ecparam.c
+++ b/src/lib/libssl/src/apps/ecparam.c
@@ -129,9 +129,6 @@ int MAIN(int argc, char **argv)
         char    *infile = NULL, *outfile = NULL, *prog;
         BIO     *in = NULL, *out = NULL;
         int     informat, outformat, noout = 0, C = 0, ret = 1;
-#ifndef OPENSSL_NO_ENGINE
-        ENGINE  *e = NULL;
-#endif
         char    *engine = NULL;
 
         BIGNUM  *ec_p = NULL, *ec_a = NULL, *ec_b = NULL,
@@ -340,7 +337,7 @@ bad:
                 }
 
 #ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine, 0);
+        setup_engine(bio_err, engine, 0);
 #endif
 
         if (list_curves)
diff --git a/src/lib/libssl/src/apps/pkeyparam.c b/src/lib/libssl/src/apps/pkeyparam.c
index 7f18010f9d..6f7a357a36 100644
--- a/src/lib/libssl/src/apps/pkeyparam.c
+++ b/src/lib/libssl/src/apps/pkeyparam.c
@@ -74,7 +74,6 @@ int MAIN(int argc, char **argv)
         EVP_PKEY *pkey=NULL;
         int badarg = 0;
 #ifndef OPENSSL_NO_ENGINE
-        ENGINE *e = NULL;
         char *engine=NULL;
 #endif
         int ret = 1;
@@ -141,7 +140,7 @@ int MAIN(int argc, char **argv)
                 }
 
 #ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine, 0);
+        setup_engine(bio_err, engine, 0);
 #endif
 
         if (infile)
diff --git a/src/lib/libssl/src/apps/pkeyutl.c b/src/lib/libssl/src/apps/pkeyutl.c
index 22a6c4bf39..7eb3f5c544 100644
--- a/src/lib/libssl/src/apps/pkeyutl.c
+++ b/src/lib/libssl/src/apps/pkeyutl.c
@@ -119,17 +119,17 @@ int MAIN(int argc, char **argv)
                 if (!strcmp(*argv,"-in"))
                         {
                         if (--argc < 1) badarg = 1;
-                        infile= *(++argv);
+                        else infile= *(++argv);
                         }
                 else if (!strcmp(*argv,"-out"))
                         {
                         if (--argc < 1) badarg = 1;
-                        outfile= *(++argv);
+                        else outfile= *(++argv);
                         }
                 else if (!strcmp(*argv,"-sigfile"))
                         {
                         if (--argc < 1) badarg = 1;
-                        sigfile= *(++argv);
+                        else sigfile= *(++argv);
                         }
                 else if(!strcmp(*argv, "-inkey"))
                         {
@@ -159,17 +159,17 @@ int MAIN(int argc, char **argv)
                 else if (!strcmp(*argv,"-passin"))
                         {
                         if (--argc < 1) badarg = 1;
-                        passargin= *(++argv);
+                        else passargin= *(++argv);
                         }
                 else if (strcmp(*argv,"-peerform") == 0)
                         {
                         if (--argc < 1) badarg = 1;
-                        peerform=str2fmt(*(++argv));
+                        else peerform=str2fmt(*(++argv));
                         }
                 else if (strcmp(*argv,"-keyform") == 0)
                         {
                         if (--argc < 1) badarg = 1;
-                        keyform=str2fmt(*(++argv));
+                        else keyform=str2fmt(*(++argv));
                         }
 #ifndef OPENSSL_NO_ENGINE
                 else if(!strcmp(*argv, "-engine"))
diff --git a/src/lib/libssl/src/apps/vms_decc_init.c b/src/lib/libssl/src/apps/vms_decc_init.c
new file mode 100755
index 0000000000..f512c8f1bc
--- /dev/null
+++ b/src/lib/libssl/src/apps/vms_decc_init.c
@@ -0,0 +1,188 @@
+#if defined( __VMS) && !defined( OPENSSL_NO_DECC_INIT) && \
+ defined( __DECC) && !defined( __VAX) && (__CRTL_VER >= 70301000)
+# define USE_DECC_INIT 1
+#endif
+
+#ifdef USE_DECC_INIT
+
+/*
+ * 2010-04-26 SMS.
+ *
+ *----------------------------------------------------------------------
+ *
+ *       decc_init()
+ *
+ *    On non-VAX systems, uses LIB$INITIALIZE to set a collection of C
+ *    RTL features without using the DECC$* logical name method.
+ *
+ *----------------------------------------------------------------------
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unixlib.h>
+
+
+/* Global storage. */
+
+/* Flag to sense if decc_init() was called. */
+
+int decc_init_done = -1;
+
+
+/* Structure to hold a DECC$* feature name and its desired value. */
+
+typedef struct
+{
+    char *name;
+    int value;
+} decc_feat_t;
+
+
+/* Array of DECC$* feature names and their desired values.
+ * Note: DECC$ARGV_PARSE_STYLE is the urgent one.
+ */
+
+decc_feat_t decc_feat_array[] =
+{
+ /* Preserve command-line case with SET PROCESS/PARSE_STYLE=EXTENDED */
+ { "DECC$ARGV_PARSE_STYLE", 1 },
+
+ /* Preserve case for file names on ODS5 disks. */
+ { "DECC$EFS_CASE_PRESERVE", 1 },
+
+ /* Enable multiple dots (and most characters) in ODS5 file names,
+  * while preserving VMS-ness of ";version".
+  */
+ { "DECC$EFS_CHARSET", 1 },
+
+ /* List terminator. */
+ { (char *)NULL, 0 }
+};
+
+
+/* LIB$INITIALIZE initialization function. */
+
+static void decc_init( void)
+{
+    char *openssl_debug_decc_init;
+    int verbose = 0;
+    int feat_index;
+    int feat_value;
+    int feat_value_max;
+    int feat_value_min;
+    int i;
+    int sts;
+
+    /* Get debug option. */
+    openssl_debug_decc_init = getenv( "OPENSSL_DEBUG_DECC_INIT");
+    if (openssl_debug_decc_init != NULL)
+    {
+        verbose = strtol( openssl_debug_decc_init, NULL, 10);
+        if (verbose <= 0)
+        {
+            verbose = 1;
+        }
+    }
+
+    /* Set the global flag to indicate that LIB$INITIALIZE worked. */
+    decc_init_done = 1;
+
+    /* Loop through all items in the decc_feat_array[]. */
+
+    for (i = 0; decc_feat_array[ i].name != NULL; i++)
+    {
+        /* Get the feature index. */
+        feat_index = decc$feature_get_index( decc_feat_array[ i].name);
+        if (feat_index >= 0)
+        {
+            /* Valid item.  Collect its properties. */
+            feat_value = decc$feature_get_value( feat_index, 1);
+            feat_value_min = decc$feature_get_value( feat_index, 2);
+            feat_value_max = decc$feature_get_value( feat_index, 3);
+
+            /* Check the validity of our desired value. */
+            if ((decc_feat_array[ i].value >= feat_value_min) &&
+             (decc_feat_array[ i].value <= feat_value_max))
+            {
+                /* Valid value.  Set it if necessary. */
+                if (feat_value != decc_feat_array[ i].value)
+                {
+                    sts = decc$feature_set_value( feat_index,
+                     1,
+                     decc_feat_array[ i].value);
+
+                     if (verbose > 1)
+                     {
+                         fprintf( stderr, " %s = %d, sts = %d.\n",
+                          decc_feat_array[ i].name,
+                          decc_feat_array[ i].value,
+                          sts);
+                     }
+                }
+            }
+            else
+            {
+                /* Invalid DECC feature value. */
+                fprintf( stderr,
+                 " INVALID DECC$FEATURE VALUE, %d: %d <= %s <= %d.\n",
+                 feat_value,
+                 feat_value_min, decc_feat_array[ i].name, feat_value_max);
+            }
+        }
+        else
+        {
+            /* Invalid DECC feature name. */
+            fprintf( stderr,
+             " UNKNOWN DECC$FEATURE: %s.\n", decc_feat_array[ i].name);
+        }
+    }
+
+    if (verbose > 0)
+    {
+        fprintf( stderr, " DECC_INIT complete.\n");
+    }
+}
+
+/* Get "decc_init()" into a valid, loaded LIB$INITIALIZE PSECT. */
+
+#pragma nostandard
+
+/* Establish the LIB$INITIALIZE PSECTs, with proper alignment and
+ * other attributes.  Note that "nopic" is significant only on VAX.
+ */
+#pragma extern_model save
+
+#if __INITIAL_POINTER_SIZE == 64
+# define PSECT_ALIGN 3
+#else
+# define PSECT_ALIGN 2
+#endif
+
+#pragma extern_model strict_refdef "LIB$INITIALIZ" PSECT_ALIGN, nopic, nowrt
+const int spare[ 8] = { 0 };
+
+#pragma extern_model strict_refdef "LIB$INITIALIZE" PSECT_ALIGN, nopic, nowrt
+void (*const x_decc_init)() = decc_init;
+
+#pragma extern_model restore
+
+/* Fake reference to ensure loading the LIB$INITIALIZE PSECT. */
+
+#pragma extern_model save
+
+int LIB$INITIALIZE( void);
+
+#pragma extern_model strict_refdef
+int dmy_lib$initialize = (int) LIB$INITIALIZE;
+
+#pragma extern_model restore
+
+#pragma standard
+
+#else /* def USE_DECC_INIT */
+
+/* Dummy code to avoid a %CC-W-EMPTYFILE complaint. */
+int decc_init_dummy( void);
+
+#endif /* def USE_DECC_INIT */
diff --git a/src/lib/libssl/src/crypto/LPdir_vms.c b/src/lib/libssl/src/crypto/LPdir_vms.c
index 85b427a623..7613bd254e 100644
--- a/src/lib/libssl/src/crypto/LPdir_vms.c
+++ b/src/lib/libssl/src/crypto/LPdir_vms.c
@@ -40,22 +40,18 @@
 #ifndef LPDIR_H
 #include "LPdir.h"
 #endif
+#include "vms_rms.h"
 
-/* Because some compiler options hide this macor */
+/* Some compiler options hide EVMSERR. */
 #ifndef EVMSERR
-#define EVMSERR         65535  /* error for non-translatable VMS errors */
+# define EVMSERR        65535  /* error for non-translatable VMS errors */
 #endif
 
 struct LP_dir_context_st
 {
   unsigned long VMS_context;
-#ifdef NAML$C_MAXRSS
-  char filespec[NAML$C_MAXRSS+1];
-  char result[NAML$C_MAXRSS+1];
-#else
-  char filespec[256];
-  char result[256];
-#endif
+  char filespec[ NAMX_MAXRSS+ 1];
+  char result[ NAMX_MAXRSS+ 1];
   struct dsc$descriptor_d filespec_dsc;
   struct dsc$descriptor_d result_dsc;
 };
@@ -66,6 +62,16 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
   char *p, *r;
   size_t l;
   unsigned long flags = 0;
+
+/* Arrange 32-bit pointer to (copied) string storage, if needed. */
+#if __INITIAL_POINTER_SIZE == 64
+# pragma pointer_size save
+# pragma pointer_size 32
+        char *ctx_filespec_32p;
+# pragma pointer_size restore
+        char ctx_filespec_32[ NAMX_MAXRSS+ 1];
+#endif /* __INITIAL_POINTER_SIZE == 64 */
+
 #ifdef NAML$C_MAXRSS
   flags |= LIB$M_FIL_LONG_NAMES;
 #endif
@@ -93,13 +99,7 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
 
       filespeclen += 4;         /* "*.*;" */
 
-      if (filespeclen >
-#ifdef NAML$C_MAXRSS
-          NAML$C_MAXRSS
-#else
-          255
-#endif
-          )
+      if (filespeclen > NAMX_MAXRSS)
         {
           errno = ENAMETOOLONG;
           return 0;
@@ -115,14 +115,21 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
 
       strcpy((*ctx)->filespec,directory);
       strcat((*ctx)->filespec,"*.*;");
+
+/* Arrange 32-bit pointer to (copied) string storage, if needed. */
+#if __INITIAL_POINTER_SIZE == 64
+# define CTX_FILESPEC ctx_filespec_32p
+        /* Copy the file name to storage with a 32-bit pointer. */
+        ctx_filespec_32p = ctx_filespec_32;
+        strcpy( ctx_filespec_32p, (*ctx)->filespec);
+#else /* __INITIAL_POINTER_SIZE == 64 */
+# define CTX_FILESPEC (*ctx)->filespec
+#endif /* __INITIAL_POINTER_SIZE == 64 [else] */
+
       (*ctx)->filespec_dsc.dsc$w_length = filespeclen;
       (*ctx)->filespec_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
       (*ctx)->filespec_dsc.dsc$b_class = DSC$K_CLASS_S;
-      (*ctx)->filespec_dsc.dsc$a_pointer = (*ctx)->filespec;
-      (*ctx)->result_dsc.dsc$w_length = 0;
-      (*ctx)->result_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
-      (*ctx)->result_dsc.dsc$b_class = DSC$K_CLASS_D;
-      (*ctx)->result_dsc.dsc$a_pointer = 0;
+      (*ctx)->filespec_dsc.dsc$a_pointer = CTX_FILESPEC;
     }
 
   (*ctx)->result_dsc.dsc$w_length = 0;
diff --git a/src/lib/libssl/src/crypto/aes/aes_wrap.c b/src/lib/libssl/src/crypto/aes/aes_wrap.c
index 9feacd65d8..e2d73d37ce 100644
--- a/src/lib/libssl/src/crypto/aes/aes_wrap.c
+++ b/src/lib/libssl/src/crypto/aes/aes_wrap.c
@@ -85,9 +85,9 @@ int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
                         A[7] ^= (unsigned char)(t & 0xff);
                         if (t > 0xff)   
                                 {
-                                A[6] ^= (unsigned char)((t & 0xff) >> 8);
-                                A[5] ^= (unsigned char)((t & 0xff) >> 16);
-                                A[4] ^= (unsigned char)((t & 0xff) >> 24);
+                                A[6] ^= (unsigned char)((t >> 8) & 0xff);
+                                A[5] ^= (unsigned char)((t >> 16) & 0xff);
+                                A[4] ^= (unsigned char)((t >> 24) & 0xff);
                                 }
                         memcpy(R, B + 8, 8);
                         }
@@ -119,9 +119,9 @@ int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
                         A[7] ^= (unsigned char)(t & 0xff);
                         if (t > 0xff)   
                                 {
-                                A[6] ^= (unsigned char)((t & 0xff) >> 8);
-                                A[5] ^= (unsigned char)((t & 0xff) >> 16);
-                                A[4] ^= (unsigned char)((t & 0xff) >> 24);
+                                A[6] ^= (unsigned char)((t >> 8) & 0xff);
+                                A[5] ^= (unsigned char)((t >> 16) & 0xff);
+                                A[4] ^= (unsigned char)((t >> 24) & 0xff);
                                 }
                         memcpy(B + 8, R, 8);
                         AES_decrypt(B, B, key);
diff --git a/src/lib/libssl/src/crypto/aes/asm/aes-armv4.pl b/src/lib/libssl/src/crypto/aes/asm/aes-armv4.pl
index 690244111a..c51ee1fbf6 100644
--- a/src/lib/libssl/src/crypto/aes/asm/aes-armv4.pl
+++ b/src/lib/libssl/src/crypto/aes/asm/aes-armv4.pl
@@ -16,12 +16,20 @@
 # allows to merge logical or arithmetic operation with shift or rotate
 # in one instruction and emit combined result every cycle. The module
 # is endian-neutral. The performance is ~42 cycles/byte for 128-bit
-# key.
+# key [on single-issue Xscale PXA250 core].
 
 # May 2007.
 #
 # AES_set_[en|de]crypt_key is added.
 
+# July 2010.
+#
+# Rescheduling for dual-issue pipeline resulted in 12% improvement on
+# Cortex A8 core and ~25 cycles per byte processed with 128-bit key.
+
+while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
 $s0="r0";
 $s1="r1";
 $s2="r2";
@@ -164,24 +172,24 @@ AES_encrypt:
         ldrb    $t2,[$rounds,#1]
         ldrb    $t3,[$rounds,#0]
         orr     $s0,$s0,$t1,lsl#8
-        orr     $s0,$s0,$t2,lsl#16
-        orr     $s0,$s0,$t3,lsl#24
         ldrb    $s1,[$rounds,#7]
+        orr     $s0,$s0,$t2,lsl#16
         ldrb    $t1,[$rounds,#6]
+        orr     $s0,$s0,$t3,lsl#24
         ldrb    $t2,[$rounds,#5]
         ldrb    $t3,[$rounds,#4]
         orr     $s1,$s1,$t1,lsl#8
-        orr     $s1,$s1,$t2,lsl#16
-        orr     $s1,$s1,$t3,lsl#24
         ldrb    $s2,[$rounds,#11]
+        orr     $s1,$s1,$t2,lsl#16
         ldrb    $t1,[$rounds,#10]
+        orr     $s1,$s1,$t3,lsl#24
         ldrb    $t2,[$rounds,#9]
         ldrb    $t3,[$rounds,#8]
         orr     $s2,$s2,$t1,lsl#8
-        orr     $s2,$s2,$t2,lsl#16
-        orr     $s2,$s2,$t3,lsl#24
         ldrb    $s3,[$rounds,#15]
+        orr     $s2,$s2,$t2,lsl#16
         ldrb    $t1,[$rounds,#14]
+        orr     $s2,$s2,$t3,lsl#24
         ldrb    $t2,[$rounds,#13]
         ldrb    $t3,[$rounds,#12]
         orr     $s3,$s3,$t1,lsl#8
@@ -196,24 +204,24 @@ AES_encrypt:
         mov     $t3,$s0,lsr#8
         strb    $t1,[$rounds,#0]
         strb    $t2,[$rounds,#1]
-        strb    $t3,[$rounds,#2]
-        strb    $s0,[$rounds,#3]
         mov     $t1,$s1,lsr#24
+        strb    $t3,[$rounds,#2]
         mov     $t2,$s1,lsr#16
+        strb    $s0,[$rounds,#3]
         mov     $t3,$s1,lsr#8
         strb    $t1,[$rounds,#4]
         strb    $t2,[$rounds,#5]
-        strb    $t3,[$rounds,#6]
-        strb    $s1,[$rounds,#7]
         mov     $t1,$s2,lsr#24
+        strb    $t3,[$rounds,#6]
         mov     $t2,$s2,lsr#16
+        strb    $s1,[$rounds,#7]
         mov     $t3,$s2,lsr#8
         strb    $t1,[$rounds,#8]
         strb    $t2,[$rounds,#9]
-        strb    $t3,[$rounds,#10]
-        strb    $s2,[$rounds,#11]
         mov     $t1,$s3,lsr#24
+        strb    $t3,[$rounds,#10]
         mov     $t2,$s3,lsr#16
+        strb    $s2,[$rounds,#11]
         mov     $t3,$s3,lsr#8
         strb    $t1,[$rounds,#12]
         strb    $t2,[$rounds,#13]
@@ -230,141 +238,137 @@ AES_encrypt:
 .align  2
 _armv4_AES_encrypt:
         str     lr,[sp,#-4]!            @ push lr
-        ldr     $t1,[$key],#16
-        ldr     $t2,[$key,#-12]
-        ldr     $t3,[$key,#-8]
-        ldr     $i1,[$key,#-4]
-        ldr     $rounds,[$key,#240-16]
+        ldmia   $key!,{$t1-$i1}
         eor     $s0,$s0,$t1
+        ldr     $rounds,[$key,#240-16]
         eor     $s1,$s1,$t2
         eor     $s2,$s2,$t3
         eor     $s3,$s3,$i1
         sub     $rounds,$rounds,#1
         mov     lr,#255
 
-.Lenc_loop:
+        and     $i1,lr,$s0
         and     $i2,lr,$s0,lsr#8
         and     $i3,lr,$s0,lsr#16
-        and     $i1,lr,$s0
         mov     $s0,$s0,lsr#24
+.Lenc_loop:
         ldr     $t1,[$tbl,$i1,lsl#2]    @ Te3[s0>>0]
-        ldr     $s0,[$tbl,$s0,lsl#2]    @ Te0[s0>>24]
-        ldr     $t2,[$tbl,$i2,lsl#2]    @ Te2[s0>>8]
-        ldr     $t3,[$tbl,$i3,lsl#2]    @ Te1[s0>>16]
-
         and     $i1,lr,$s1,lsr#16       @ i0
+        ldr     $t2,[$tbl,$i2,lsl#2]    @ Te2[s0>>8]
         and     $i2,lr,$s1
+        ldr     $t3,[$tbl,$i3,lsl#2]    @ Te1[s0>>16]
         and     $i3,lr,$s1,lsr#8
+        ldr     $s0,[$tbl,$s0,lsl#2]    @ Te0[s0>>24]
         mov     $s1,$s1,lsr#24
+
         ldr     $i1,[$tbl,$i1,lsl#2]    @ Te1[s1>>16]
-        ldr     $s1,[$tbl,$s1,lsl#2]    @ Te0[s1>>24]
         ldr     $i2,[$tbl,$i2,lsl#2]    @ Te3[s1>>0]
         ldr     $i3,[$tbl,$i3,lsl#2]    @ Te2[s1>>8]
         eor     $s0,$s0,$i1,ror#8
-        eor     $s1,$s1,$t1,ror#24
-        eor     $t2,$t2,$i2,ror#8
-        eor     $t3,$t3,$i3,ror#8
-
+        ldr     $s1,[$tbl,$s1,lsl#2]    @ Te0[s1>>24]
         and     $i1,lr,$s2,lsr#8        @ i0
+        eor     $t2,$t2,$i2,ror#8
         and     $i2,lr,$s2,lsr#16       @ i1
+        eor     $t3,$t3,$i3,ror#8
         and     $i3,lr,$s2
-        mov     $s2,$s2,lsr#24
+        eor     $s1,$s1,$t1,ror#24
         ldr     $i1,[$tbl,$i1,lsl#2]    @ Te2[s2>>8]
+        mov     $s2,$s2,lsr#24
+
         ldr     $i2,[$tbl,$i2,lsl#2]    @ Te1[s2>>16]
-        ldr     $s2,[$tbl,$s2,lsl#2]    @ Te0[s2>>24]
         ldr     $i3,[$tbl,$i3,lsl#2]    @ Te3[s2>>0]
         eor     $s0,$s0,$i1,ror#16
-        eor     $s1,$s1,$i2,ror#8
-        eor     $s2,$s2,$t2,ror#16
-        eor     $t3,$t3,$i3,ror#16
-
+        ldr     $s2,[$tbl,$s2,lsl#2]    @ Te0[s2>>24]
         and     $i1,lr,$s3              @ i0
+        eor     $s1,$s1,$i2,ror#8
         and     $i2,lr,$s3,lsr#8        @ i1
+        eor     $t3,$t3,$i3,ror#16
         and     $i3,lr,$s3,lsr#16       @ i2
-        mov     $s3,$s3,lsr#24
+        eor     $s2,$s2,$t2,ror#16
         ldr     $i1,[$tbl,$i1,lsl#2]    @ Te3[s3>>0]
+        mov     $s3,$s3,lsr#24
+
         ldr     $i2,[$tbl,$i2,lsl#2]    @ Te2[s3>>8]
         ldr     $i3,[$tbl,$i3,lsl#2]    @ Te1[s3>>16]
-        ldr     $s3,[$tbl,$s3,lsl#2]    @ Te0[s3>>24]
         eor     $s0,$s0,$i1,ror#24
+        ldr     $s3,[$tbl,$s3,lsl#2]    @ Te0[s3>>24]
         eor     $s1,$s1,$i2,ror#16
+        ldr     $i1,[$key],#16
         eor     $s2,$s2,$i3,ror#8
+        ldr     $t1,[$key,#-12]
         eor     $s3,$s3,$t3,ror#8
 
-        ldr     $t1,[$key],#16
-        ldr     $t2,[$key,#-12]
-        ldr     $t3,[$key,#-8]
-        ldr     $i1,[$key,#-4]
-        eor     $s0,$s0,$t1
-        eor     $s1,$s1,$t2
-        eor     $s2,$s2,$t3
-        eor     $s3,$s3,$i1
+        ldr     $t2,[$key,#-8]
+        eor     $s0,$s0,$i1
+        ldr     $t3,[$key,#-4]
+        and     $i1,lr,$s0
+        eor     $s1,$s1,$t1
+        and     $i2,lr,$s0,lsr#8
+        eor     $s2,$s2,$t2
+        and     $i3,lr,$s0,lsr#16
+        eor     $s3,$s3,$t3
+        mov     $s0,$s0,lsr#24
 
         subs    $rounds,$rounds,#1
         bne     .Lenc_loop
 
         add     $tbl,$tbl,#2
 
-        and     $i1,lr,$s0
-        and     $i2,lr,$s0,lsr#8
-        and     $i3,lr,$s0,lsr#16
-        mov     $s0,$s0,lsr#24
         ldrb    $t1,[$tbl,$i1,lsl#2]    @ Te4[s0>>0]
-        ldrb    $s0,[$tbl,$s0,lsl#2]    @ Te4[s0>>24]
-        ldrb    $t2,[$tbl,$i2,lsl#2]    @ Te4[s0>>8]
-        ldrb    $t3,[$tbl,$i3,lsl#2]    @ Te4[s0>>16]
-
         and     $i1,lr,$s1,lsr#16       @ i0
+        ldrb    $t2,[$tbl,$i2,lsl#2]    @ Te4[s0>>8]
         and     $i2,lr,$s1
+        ldrb    $t3,[$tbl,$i3,lsl#2]    @ Te4[s0>>16]
         and     $i3,lr,$s1,lsr#8
+        ldrb    $s0,[$tbl,$s0,lsl#2]    @ Te4[s0>>24]
         mov     $s1,$s1,lsr#24
+
         ldrb    $i1,[$tbl,$i1,lsl#2]    @ Te4[s1>>16]
-        ldrb    $s1,[$tbl,$s1,lsl#2]    @ Te4[s1>>24]
         ldrb    $i2,[$tbl,$i2,lsl#2]    @ Te4[s1>>0]
         ldrb    $i3,[$tbl,$i3,lsl#2]    @ Te4[s1>>8]
         eor     $s0,$i1,$s0,lsl#8
-        eor     $s1,$t1,$s1,lsl#24
-        eor     $t2,$i2,$t2,lsl#8
-        eor     $t3,$i3,$t3,lsl#8
-
+        ldrb    $s1,[$tbl,$s1,lsl#2]    @ Te4[s1>>24]
         and     $i1,lr,$s2,lsr#8        @ i0
+        eor     $t2,$i2,$t2,lsl#8
         and     $i2,lr,$s2,lsr#16       @ i1
+        eor     $t3,$i3,$t3,lsl#8
         and     $i3,lr,$s2
-        mov     $s2,$s2,lsr#24
+        eor     $s1,$t1,$s1,lsl#24
         ldrb    $i1,[$tbl,$i1,lsl#2]    @ Te4[s2>>8]
+        mov     $s2,$s2,lsr#24
+
         ldrb    $i2,[$tbl,$i2,lsl#2]    @ Te4[s2>>16]
-        ldrb    $s2,[$tbl,$s2,lsl#2]    @ Te4[s2>>24]
         ldrb    $i3,[$tbl,$i3,lsl#2]    @ Te4[s2>>0]
         eor     $s0,$i1,$s0,lsl#8
-        eor     $s1,$s1,$i2,lsl#16
-        eor     $s2,$t2,$s2,lsl#24
-        eor     $t3,$i3,$t3,lsl#8
-
+        ldrb    $s2,[$tbl,$s2,lsl#2]    @ Te4[s2>>24]
         and     $i1,lr,$s3              @ i0
+        eor     $s1,$s1,$i2,lsl#16
         and     $i2,lr,$s3,lsr#8        @ i1
+        eor     $t3,$i3,$t3,lsl#8
         and     $i3,lr,$s3,lsr#16       @ i2
-        mov     $s3,$s3,lsr#24
+        eor     $s2,$t2,$s2,lsl#24
         ldrb    $i1,[$tbl,$i1,lsl#2]    @ Te4[s3>>0]
+        mov     $s3,$s3,lsr#24
+
         ldrb    $i2,[$tbl,$i2,lsl#2]    @ Te4[s3>>8]
         ldrb    $i3,[$tbl,$i3,lsl#2]    @ Te4[s3>>16]
-        ldrb    $s3,[$tbl,$s3,lsl#2]    @ Te4[s3>>24]
         eor     $s0,$i1,$s0,lsl#8
+        ldrb    $s3,[$tbl,$s3,lsl#2]    @ Te4[s3>>24]
+        ldr     $i1,[$key,#0]
         eor     $s1,$s1,$i2,lsl#8
+        ldr     $t1,[$key,#4]
         eor     $s2,$s2,$i3,lsl#16
+        ldr     $t2,[$key,#8]
         eor     $s3,$t3,$s3,lsl#24
+        ldr     $t3,[$key,#12]
 
-        ldr     lr,[sp],#4              @ pop lr
-        ldr     $t1,[$key,#0]
-        ldr     $t2,[$key,#4]
-        ldr     $t3,[$key,#8]
-        ldr     $i1,[$key,#12]
-        eor     $s0,$s0,$t1
-        eor     $s1,$s1,$t2
-        eor     $s2,$s2,$t3
-        eor     $s3,$s3,$i1
+        eor     $s0,$s0,$i1
+        eor     $s1,$s1,$t1
+        eor     $s2,$s2,$t2
+        eor     $s3,$s3,$t3
 
         sub     $tbl,$tbl,#2
-        mov     pc,lr                   @ return
+        ldr     pc,[sp],#4              @ pop and return
 .size   _armv4_AES_encrypt,.-_armv4_AES_encrypt
 
 .global AES_set_encrypt_key
@@ -399,31 +403,31 @@ AES_set_encrypt_key:
         ldrb    $t2,[$rounds,#1]
         ldrb    $t3,[$rounds,#0]
         orr     $s0,$s0,$t1,lsl#8
-        orr     $s0,$s0,$t2,lsl#16
-        orr     $s0,$s0,$t3,lsl#24
         ldrb    $s1,[$rounds,#7]
+        orr     $s0,$s0,$t2,lsl#16
         ldrb    $t1,[$rounds,#6]
+        orr     $s0,$s0,$t3,lsl#24
         ldrb    $t2,[$rounds,#5]
         ldrb    $t3,[$rounds,#4]
         orr     $s1,$s1,$t1,lsl#8
-        orr     $s1,$s1,$t2,lsl#16
-        orr     $s1,$s1,$t3,lsl#24
         ldrb    $s2,[$rounds,#11]
+        orr     $s1,$s1,$t2,lsl#16
         ldrb    $t1,[$rounds,#10]
+        orr     $s1,$s1,$t3,lsl#24
         ldrb    $t2,[$rounds,#9]
         ldrb    $t3,[$rounds,#8]
         orr     $s2,$s2,$t1,lsl#8
-        orr     $s2,$s2,$t2,lsl#16
-        orr     $s2,$s2,$t3,lsl#24
         ldrb    $s3,[$rounds,#15]
+        orr     $s2,$s2,$t2,lsl#16
         ldrb    $t1,[$rounds,#14]
+        orr     $s2,$s2,$t3,lsl#24
         ldrb    $t2,[$rounds,#13]
         ldrb    $t3,[$rounds,#12]
         orr     $s3,$s3,$t1,lsl#8
-        orr     $s3,$s3,$t2,lsl#16
-        orr     $s3,$s3,$t3,lsl#24
         str     $s0,[$key],#16
+        orr     $s3,$s3,$t2,lsl#16
         str     $s1,[$key,#-12]
+        orr     $s3,$s3,$t3,lsl#24
         str     $s2,[$key,#-8]
         str     $s3,[$key,#-4]
 
@@ -437,27 +441,26 @@ AES_set_encrypt_key:
 .L128_loop:
         and     $t2,lr,$s3,lsr#24
         and     $i1,lr,$s3,lsr#16
-        and     $i2,lr,$s3,lsr#8
-        and     $i3,lr,$s3
         ldrb    $t2,[$tbl,$t2]
+        and     $i2,lr,$s3,lsr#8
         ldrb    $i1,[$tbl,$i1]
+        and     $i3,lr,$s3
         ldrb    $i2,[$tbl,$i2]
-        ldrb    $i3,[$tbl,$i3]
-        ldr     $t1,[$t3],#4                    @ rcon[i++]
         orr     $t2,$t2,$i1,lsl#24
+        ldrb    $i3,[$tbl,$i3]
         orr     $t2,$t2,$i2,lsl#16
+        ldr     $t1,[$t3],#4                    @ rcon[i++]
         orr     $t2,$t2,$i3,lsl#8
         eor     $t2,$t2,$t1
         eor     $s0,$s0,$t2                     @ rk[4]=rk[0]^...
         eor     $s1,$s1,$s0                     @ rk[5]=rk[1]^rk[4]
-        eor     $s2,$s2,$s1                     @ rk[6]=rk[2]^rk[5]
-        eor     $s3,$s3,$s2                     @ rk[7]=rk[3]^rk[6]
         str     $s0,[$key],#16
+        eor     $s2,$s2,$s1                     @ rk[6]=rk[2]^rk[5]
         str     $s1,[$key,#-12]
+        eor     $s3,$s3,$s2                     @ rk[7]=rk[3]^rk[6]
         str     $s2,[$key,#-8]
-        str     $s3,[$key,#-4]
-
         subs    $rounds,$rounds,#1
+        str     $s3,[$key,#-4]
         bne     .L128_loop
         sub     r2,$key,#176
         b       .Ldone
@@ -468,16 +471,16 @@ AES_set_encrypt_key:
         ldrb    $t2,[$rounds,#17]
         ldrb    $t3,[$rounds,#16]
         orr     $i2,$i2,$t1,lsl#8
-        orr     $i2,$i2,$t2,lsl#16
-        orr     $i2,$i2,$t3,lsl#24
         ldrb    $i3,[$rounds,#23]
+        orr     $i2,$i2,$t2,lsl#16
         ldrb    $t1,[$rounds,#22]
+        orr     $i2,$i2,$t3,lsl#24
         ldrb    $t2,[$rounds,#21]
         ldrb    $t3,[$rounds,#20]
         orr     $i3,$i3,$t1,lsl#8
         orr     $i3,$i3,$t2,lsl#16
-        orr     $i3,$i3,$t3,lsl#24
         str     $i2,[$key],#8
+        orr     $i3,$i3,$t3,lsl#24
         str     $i3,[$key,#-4]
 
         teq     lr,#192
@@ -491,27 +494,26 @@ AES_set_encrypt_key:
 .L192_loop:
         and     $t2,lr,$i3,lsr#24
         and     $i1,lr,$i3,lsr#16
-        and     $i2,lr,$i3,lsr#8
-        and     $i3,lr,$i3
         ldrb    $t2,[$tbl,$t2]
+        and     $i2,lr,$i3,lsr#8
         ldrb    $i1,[$tbl,$i1]
+        and     $i3,lr,$i3
         ldrb    $i2,[$tbl,$i2]
-        ldrb    $i3,[$tbl,$i3]
-        ldr     $t1,[$t3],#4                    @ rcon[i++]
         orr     $t2,$t2,$i1,lsl#24
+        ldrb    $i3,[$tbl,$i3]
         orr     $t2,$t2,$i2,lsl#16
+        ldr     $t1,[$t3],#4                    @ rcon[i++]
         orr     $t2,$t2,$i3,lsl#8
         eor     $i3,$t2,$t1
         eor     $s0,$s0,$i3                     @ rk[6]=rk[0]^...
         eor     $s1,$s1,$s0                     @ rk[7]=rk[1]^rk[6]
-        eor     $s2,$s2,$s1                     @ rk[8]=rk[2]^rk[7]
-        eor     $s3,$s3,$s2                     @ rk[9]=rk[3]^rk[8]
         str     $s0,[$key],#24
+        eor     $s2,$s2,$s1                     @ rk[8]=rk[2]^rk[7]
         str     $s1,[$key,#-20]
+        eor     $s3,$s3,$s2                     @ rk[9]=rk[3]^rk[8]
         str     $s2,[$key,#-16]
-        str     $s3,[$key,#-12]
-
         subs    $rounds,$rounds,#1
+        str     $s3,[$key,#-12]
         subeq   r2,$key,#216
         beq     .Ldone
 
@@ -529,16 +531,16 @@ AES_set_encrypt_key:
         ldrb    $t2,[$rounds,#25]
         ldrb    $t3,[$rounds,#24]
         orr     $i2,$i2,$t1,lsl#8
-        orr     $i2,$i2,$t2,lsl#16
-        orr     $i2,$i2,$t3,lsl#24
         ldrb    $i3,[$rounds,#31]
+        orr     $i2,$i2,$t2,lsl#16
         ldrb    $t1,[$rounds,#30]
+        orr     $i2,$i2,$t3,lsl#24
         ldrb    $t2,[$rounds,#29]
         ldrb    $t3,[$rounds,#28]
         orr     $i3,$i3,$t1,lsl#8
         orr     $i3,$i3,$t2,lsl#16
-        orr     $i3,$i3,$t3,lsl#24
         str     $i2,[$key],#8
+        orr     $i3,$i3,$t3,lsl#24
         str     $i3,[$key,#-4]
 
         mov     $rounds,#14
@@ -550,52 +552,51 @@ AES_set_encrypt_key:
 .L256_loop:
         and     $t2,lr,$i3,lsr#24
         and     $i1,lr,$i3,lsr#16
-        and     $i2,lr,$i3,lsr#8
-        and     $i3,lr,$i3
         ldrb    $t2,[$tbl,$t2]
+        and     $i2,lr,$i3,lsr#8
         ldrb    $i1,[$tbl,$i1]
+        and     $i3,lr,$i3
         ldrb    $i2,[$tbl,$i2]
-        ldrb    $i3,[$tbl,$i3]
-        ldr     $t1,[$t3],#4                    @ rcon[i++]
         orr     $t2,$t2,$i1,lsl#24
+        ldrb    $i3,[$tbl,$i3]
         orr     $t2,$t2,$i2,lsl#16
+        ldr     $t1,[$t3],#4                    @ rcon[i++]
         orr     $t2,$t2,$i3,lsl#8
         eor     $i3,$t2,$t1
         eor     $s0,$s0,$i3                     @ rk[8]=rk[0]^...
         eor     $s1,$s1,$s0                     @ rk[9]=rk[1]^rk[8]
-        eor     $s2,$s2,$s1                     @ rk[10]=rk[2]^rk[9]
-        eor     $s3,$s3,$s2                     @ rk[11]=rk[3]^rk[10]
         str     $s0,[$key],#32
+        eor     $s2,$s2,$s1                     @ rk[10]=rk[2]^rk[9]
         str     $s1,[$key,#-28]
+        eor     $s3,$s3,$s2                     @ rk[11]=rk[3]^rk[10]
         str     $s2,[$key,#-24]
-        str     $s3,[$key,#-20]
-
         subs    $rounds,$rounds,#1
+        str     $s3,[$key,#-20]
         subeq   r2,$key,#256
         beq     .Ldone
 
         and     $t2,lr,$s3
         and     $i1,lr,$s3,lsr#8
-        and     $i2,lr,$s3,lsr#16
-        and     $i3,lr,$s3,lsr#24
         ldrb    $t2,[$tbl,$t2]
+        and     $i2,lr,$s3,lsr#16
         ldrb    $i1,[$tbl,$i1]
+        and     $i3,lr,$s3,lsr#24
         ldrb    $i2,[$tbl,$i2]
-        ldrb    $i3,[$tbl,$i3]
         orr     $t2,$t2,$i1,lsl#8
+        ldrb    $i3,[$tbl,$i3]
         orr     $t2,$t2,$i2,lsl#16
+        ldr     $t1,[$key,#-48]
         orr     $t2,$t2,$i3,lsl#24
 
-        ldr     $t1,[$key,#-48]
         ldr     $i1,[$key,#-44]
         ldr     $i2,[$key,#-40]
-        ldr     $i3,[$key,#-36]
         eor     $t1,$t1,$t2                     @ rk[12]=rk[4]^...
+        ldr     $i3,[$key,#-36]
         eor     $i1,$i1,$t1                     @ rk[13]=rk[5]^rk[12]
-        eor     $i2,$i2,$i1                     @ rk[14]=rk[6]^rk[13]
-        eor     $i3,$i3,$i2                     @ rk[15]=rk[7]^rk[14]
         str     $t1,[$key,#-16]
+        eor     $i2,$i2,$i1                     @ rk[14]=rk[6]^rk[13]
         str     $i1,[$key,#-12]
+        eor     $i3,$i3,$i2                     @ rk[15]=rk[7]^rk[14]
         str     $i2,[$key,#-8]
         str     $i3,[$key,#-4]
         b       .L256_loop
@@ -816,24 +817,24 @@ AES_decrypt:
         ldrb    $t2,[$rounds,#1]
         ldrb    $t3,[$rounds,#0]
         orr     $s0,$s0,$t1,lsl#8
-        orr     $s0,$s0,$t2,lsl#16
-        orr     $s0,$s0,$t3,lsl#24
         ldrb    $s1,[$rounds,#7]
+        orr     $s0,$s0,$t2,lsl#16
         ldrb    $t1,[$rounds,#6]
+        orr     $s0,$s0,$t3,lsl#24
         ldrb    $t2,[$rounds,#5]
         ldrb    $t3,[$rounds,#4]
         orr     $s1,$s1,$t1,lsl#8
-        orr     $s1,$s1,$t2,lsl#16
-        orr     $s1,$s1,$t3,lsl#24
         ldrb    $s2,[$rounds,#11]
+        orr     $s1,$s1,$t2,lsl#16
         ldrb    $t1,[$rounds,#10]
+        orr     $s1,$s1,$t3,lsl#24
         ldrb    $t2,[$rounds,#9]
         ldrb    $t3,[$rounds,#8]
         orr     $s2,$s2,$t1,lsl#8
-        orr     $s2,$s2,$t2,lsl#16
-        orr     $s2,$s2,$t3,lsl#24
         ldrb    $s3,[$rounds,#15]
+        orr     $s2,$s2,$t2,lsl#16
         ldrb    $t1,[$rounds,#14]
+        orr     $s2,$s2,$t3,lsl#24
         ldrb    $t2,[$rounds,#13]
         ldrb    $t3,[$rounds,#12]
         orr     $s3,$s3,$t1,lsl#8
@@ -848,24 +849,24 @@ AES_decrypt:
         mov     $t3,$s0,lsr#8
         strb    $t1,[$rounds,#0]
         strb    $t2,[$rounds,#1]
-        strb    $t3,[$rounds,#2]
-        strb    $s0,[$rounds,#3]
         mov     $t1,$s1,lsr#24
+        strb    $t3,[$rounds,#2]
         mov     $t2,$s1,lsr#16
+        strb    $s0,[$rounds,#3]
         mov     $t3,$s1,lsr#8
         strb    $t1,[$rounds,#4]
         strb    $t2,[$rounds,#5]
-        strb    $t3,[$rounds,#6]
-        strb    $s1,[$rounds,#7]
         mov     $t1,$s2,lsr#24
+        strb    $t3,[$rounds,#6]
         mov     $t2,$s2,lsr#16
+        strb    $s1,[$rounds,#7]
         mov     $t3,$s2,lsr#8
         strb    $t1,[$rounds,#8]
         strb    $t2,[$rounds,#9]
-        strb    $t3,[$rounds,#10]
-        strb    $s2,[$rounds,#11]
         mov     $t1,$s3,lsr#24
+        strb    $t3,[$rounds,#10]
         mov     $t2,$s3,lsr#16
+        strb    $s2,[$rounds,#11]
         mov     $t3,$s3,lsr#8
         strb    $t1,[$rounds,#12]
         strb    $t2,[$rounds,#13]
@@ -882,146 +883,143 @@ AES_decrypt:
 .align  2
 _armv4_AES_decrypt:
         str     lr,[sp,#-4]!            @ push lr
-        ldr     $t1,[$key],#16
-        ldr     $t2,[$key,#-12]
-        ldr     $t3,[$key,#-8]
-        ldr     $i1,[$key,#-4]
-        ldr     $rounds,[$key,#240-16]
+        ldmia   $key!,{$t1-$i1}
         eor     $s0,$s0,$t1
+        ldr     $rounds,[$key,#240-16]
         eor     $s1,$s1,$t2
         eor     $s2,$s2,$t3
         eor     $s3,$s3,$i1
         sub     $rounds,$rounds,#1
         mov     lr,#255
 
-.Ldec_loop:
         and     $i1,lr,$s0,lsr#16
         and     $i2,lr,$s0,lsr#8
         and     $i3,lr,$s0
         mov     $s0,$s0,lsr#24
+.Ldec_loop:
         ldr     $t1,[$tbl,$i1,lsl#2]    @ Td1[s0>>16]
-        ldr     $s0,[$tbl,$s0,lsl#2]    @ Td0[s0>>24]
-        ldr     $t2,[$tbl,$i2,lsl#2]    @ Td2[s0>>8]
-        ldr     $t3,[$tbl,$i3,lsl#2]    @ Td3[s0>>0]
-
         and     $i1,lr,$s1              @ i0
+        ldr     $t2,[$tbl,$i2,lsl#2]    @ Td2[s0>>8]
         and     $i2,lr,$s1,lsr#16
+        ldr     $t3,[$tbl,$i3,lsl#2]    @ Td3[s0>>0]
         and     $i3,lr,$s1,lsr#8
+        ldr     $s0,[$tbl,$s0,lsl#2]    @ Td0[s0>>24]
         mov     $s1,$s1,lsr#24
+
         ldr     $i1,[$tbl,$i1,lsl#2]    @ Td3[s1>>0]
-        ldr     $s1,[$tbl,$s1,lsl#2]    @ Td0[s1>>24]
         ldr     $i2,[$tbl,$i2,lsl#2]    @ Td1[s1>>16]
         ldr     $i3,[$tbl,$i3,lsl#2]    @ Td2[s1>>8]
         eor     $s0,$s0,$i1,ror#24
-        eor     $s1,$s1,$t1,ror#8
-        eor     $t2,$i2,$t2,ror#8
-        eor     $t3,$i3,$t3,ror#8
-
+        ldr     $s1,[$tbl,$s1,lsl#2]    @ Td0[s1>>24]
         and     $i1,lr,$s2,lsr#8        @ i0
+        eor     $t2,$i2,$t2,ror#8
         and     $i2,lr,$s2              @ i1
+        eor     $t3,$i3,$t3,ror#8
         and     $i3,lr,$s2,lsr#16
-        mov     $s2,$s2,lsr#24
+        eor     $s1,$s1,$t1,ror#8
         ldr     $i1,[$tbl,$i1,lsl#2]    @ Td2[s2>>8]
+        mov     $s2,$s2,lsr#24
+
         ldr     $i2,[$tbl,$i2,lsl#2]    @ Td3[s2>>0]
-        ldr     $s2,[$tbl,$s2,lsl#2]    @ Td0[s2>>24]
         ldr     $i3,[$tbl,$i3,lsl#2]    @ Td1[s2>>16]
         eor     $s0,$s0,$i1,ror#16
-        eor     $s1,$s1,$i2,ror#24
-        eor     $s2,$s2,$t2,ror#8
-        eor     $t3,$i3,$t3,ror#8
-
+        ldr     $s2,[$tbl,$s2,lsl#2]    @ Td0[s2>>24]
         and     $i1,lr,$s3,lsr#16       @ i0
+        eor     $s1,$s1,$i2,ror#24
         and     $i2,lr,$s3,lsr#8        @ i1
+        eor     $t3,$i3,$t3,ror#8
         and     $i3,lr,$s3              @ i2
-        mov     $s3,$s3,lsr#24
+        eor     $s2,$s2,$t2,ror#8
         ldr     $i1,[$tbl,$i1,lsl#2]    @ Td1[s3>>16]
+        mov     $s3,$s3,lsr#24
+
         ldr     $i2,[$tbl,$i2,lsl#2]    @ Td2[s3>>8]
         ldr     $i3,[$tbl,$i3,lsl#2]    @ Td3[s3>>0]
-        ldr     $s3,[$tbl,$s3,lsl#2]    @ Td0[s3>>24]
         eor     $s0,$s0,$i1,ror#8
+        ldr     $s3,[$tbl,$s3,lsl#2]    @ Td0[s3>>24]
         eor     $s1,$s1,$i2,ror#16
         eor     $s2,$s2,$i3,ror#24
+        ldr     $i1,[$key],#16
         eor     $s3,$s3,$t3,ror#8
 
-        ldr     $t1,[$key],#16
-        ldr     $t2,[$key,#-12]
-        ldr     $t3,[$key,#-8]
-        ldr     $i1,[$key,#-4]
-        eor     $s0,$s0,$t1
-        eor     $s1,$s1,$t2
-        eor     $s2,$s2,$t3
-        eor     $s3,$s3,$i1
+        ldr     $t1,[$key,#-12]
+        ldr     $t2,[$key,#-8]
+        eor     $s0,$s0,$i1
+        ldr     $t3,[$key,#-4]
+        and     $i1,lr,$s0,lsr#16
+        eor     $s1,$s1,$t1
+        and     $i2,lr,$s0,lsr#8
+        eor     $s2,$s2,$t2
+        and     $i3,lr,$s0
+        eor     $s3,$s3,$t3
+        mov     $s0,$s0,lsr#24
 
         subs    $rounds,$rounds,#1
         bne     .Ldec_loop
 
         add     $tbl,$tbl,#1024
 
-        ldr     $t1,[$tbl,#0]           @ prefetch Td4
-        ldr     $t2,[$tbl,#32]
-        ldr     $t3,[$tbl,#64]
-        ldr     $i1,[$tbl,#96]
-        ldr     $i2,[$tbl,#128]
-        ldr     $i3,[$tbl,#160]
-        ldr     $t1,[$tbl,#192]
-        ldr     $t2,[$tbl,#224]
+        ldr     $t2,[$tbl,#0]           @ prefetch Td4
+        ldr     $t3,[$tbl,#32]
+        ldr     $t1,[$tbl,#64]
+        ldr     $t2,[$tbl,#96]
+        ldr     $t3,[$tbl,#128]
+        ldr     $t1,[$tbl,#160]
+        ldr     $t2,[$tbl,#192]
+        ldr     $t3,[$tbl,#224]
 
-        and     $i1,lr,$s0,lsr#16
-        and     $i2,lr,$s0,lsr#8
-        and     $i3,lr,$s0
-        ldrb    $s0,[$tbl,$s0,lsr#24]   @ Td4[s0>>24]
+        ldrb    $s0,[$tbl,$s0]          @ Td4[s0>>24]
         ldrb    $t1,[$tbl,$i1]          @ Td4[s0>>16]
-        ldrb    $t2,[$tbl,$i2]          @ Td4[s0>>8]
-        ldrb    $t3,[$tbl,$i3]          @ Td4[s0>>0]
-
         and     $i1,lr,$s1              @ i0
+        ldrb    $t2,[$tbl,$i2]          @ Td4[s0>>8]
         and     $i2,lr,$s1,lsr#16
+        ldrb    $t3,[$tbl,$i3]          @ Td4[s0>>0]
         and     $i3,lr,$s1,lsr#8
+
         ldrb    $i1,[$tbl,$i1]          @ Td4[s1>>0]
         ldrb    $s1,[$tbl,$s1,lsr#24]   @ Td4[s1>>24]
         ldrb    $i2,[$tbl,$i2]          @ Td4[s1>>16]
-        ldrb    $i3,[$tbl,$i3]          @ Td4[s1>>8]
         eor     $s0,$i1,$s0,lsl#24
+        ldrb    $i3,[$tbl,$i3]          @ Td4[s1>>8]
         eor     $s1,$t1,$s1,lsl#8
-        eor     $t2,$t2,$i2,lsl#8
-        eor     $t3,$t3,$i3,lsl#8
-
         and     $i1,lr,$s2,lsr#8        @ i0
+        eor     $t2,$t2,$i2,lsl#8
         and     $i2,lr,$s2              @ i1
-        and     $i3,lr,$s2,lsr#16
+        eor     $t3,$t3,$i3,lsl#8
         ldrb    $i1,[$tbl,$i1]          @ Td4[s2>>8]
+        and     $i3,lr,$s2,lsr#16
+
         ldrb    $i2,[$tbl,$i2]          @ Td4[s2>>0]
         ldrb    $s2,[$tbl,$s2,lsr#24]   @ Td4[s2>>24]
-        ldrb    $i3,[$tbl,$i3]          @ Td4[s2>>16]
         eor     $s0,$s0,$i1,lsl#8
+        ldrb    $i3,[$tbl,$i3]          @ Td4[s2>>16]
         eor     $s1,$i2,$s1,lsl#16
-        eor     $s2,$t2,$s2,lsl#16
-        eor     $t3,$t3,$i3,lsl#16
-
         and     $i1,lr,$s3,lsr#16       @ i0
+        eor     $s2,$t2,$s2,lsl#16
         and     $i2,lr,$s3,lsr#8        @ i1
-        and     $i3,lr,$s3              @ i2
+        eor     $t3,$t3,$i3,lsl#16
         ldrb    $i1,[$tbl,$i1]          @ Td4[s3>>16]
+        and     $i3,lr,$s3              @ i2
+
         ldrb    $i2,[$tbl,$i2]          @ Td4[s3>>8]
         ldrb    $i3,[$tbl,$i3]          @ Td4[s3>>0]
         ldrb    $s3,[$tbl,$s3,lsr#24]   @ Td4[s3>>24]
         eor     $s0,$s0,$i1,lsl#16
+        ldr     $i1,[$key,#0]
         eor     $s1,$s1,$i2,lsl#8
+        ldr     $t1,[$key,#4]
         eor     $s2,$i3,$s2,lsl#8
+        ldr     $t2,[$key,#8]
         eor     $s3,$t3,$s3,lsl#24
+        ldr     $t3,[$key,#12]
 
-        ldr     lr,[sp],#4              @ pop lr
-        ldr     $t1,[$key,#0]
-        ldr     $t2,[$key,#4]
-        ldr     $t3,[$key,#8]
-        ldr     $i1,[$key,#12]
-        eor     $s0,$s0,$t1
-        eor     $s1,$s1,$t2
-        eor     $s2,$s2,$t3
-        eor     $s3,$s3,$i1
+        eor     $s0,$s0,$i1
+        eor     $s1,$s1,$t1
+        eor     $s2,$s2,$t2
+        eor     $s3,$s3,$t3
 
         sub     $tbl,$tbl,#1024
-        mov     pc,lr                   @ return
+        ldr     pc,[sp],#4              @ pop and return
 .size   _armv4_AES_decrypt,.-_armv4_AES_decrypt
 .asciz  "AES for ARMv4, CRYPTOGAMS by <appro\@openssl.org>"
 .align  2
@@ -1029,3 +1027,4 @@ ___
 
 $code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm;    # make it possible to compile with -march=armv4
 print $code;
+close STDOUT;   # enforce flush
diff --git a/src/lib/libssl/src/crypto/alphacpuid.pl b/src/lib/libssl/src/crypto/alphacpuid.pl
new file mode 100644
index 0000000000..4b3cbb9827
--- /dev/null
+++ b/src/lib/libssl/src/crypto/alphacpuid.pl
@@ -0,0 +1,126 @@
+#!/usr/bin/env perl
+print <<'___';
+.text
+
+.set    noat
+
+.globl  OPENSSL_cpuid_setup
+.ent    OPENSSL_cpuid_setup
+OPENSSL_cpuid_setup:
+        .frame  $30,0,$26
+        .prologue 0
+        ret     ($26)
+.end    OPENSSL_cpuid_setup
+
+.globl  OPENSSL_wipe_cpu
+.ent    OPENSSL_wipe_cpu
+OPENSSL_wipe_cpu:
+        .frame  $30,0,$26
+        .prologue 0
+        clr     $1
+        clr     $2
+        clr     $3
+        clr     $4
+        clr     $5
+        clr     $6
+        clr     $7
+        clr     $8
+        clr     $16
+        clr     $17
+        clr     $18
+        clr     $19
+        clr     $20
+        clr     $21
+        clr     $22
+        clr     $23
+        clr     $24
+        clr     $25
+        clr     $27
+        clr     $at
+        clr     $29
+        fclr    $f0
+        fclr    $f1
+        fclr    $f10
+        fclr    $f11
+        fclr    $f12
+        fclr    $f13
+        fclr    $f14
+        fclr    $f15
+        fclr    $f16
+        fclr    $f17
+        fclr    $f18
+        fclr    $f19
+        fclr    $f20
+        fclr    $f21
+        fclr    $f22
+        fclr    $f23
+        fclr    $f24
+        fclr    $f25
+        fclr    $f26
+        fclr    $f27
+        fclr    $f28
+        fclr    $f29
+        fclr    $f30
+        mov     $sp,$0
+        ret     ($26)
+.end    OPENSSL_wipe_cpu
+
+.globl  OPENSSL_atomic_add
+.ent    OPENSSL_atomic_add
+OPENSSL_atomic_add:
+        .frame  $30,0,$26
+        .prologue 0
+1:      ldl_l   $0,0($16)
+        addl    $0,$17,$1
+        stl_c   $1,0($16)
+        beq     $1,1b
+        addl    $0,$17,$0
+        ret     ($26)
+.end    OPENSSL_atomic_add
+
+.globl  OPENSSL_rdtsc
+.ent    OPENSSL_rdtsc
+OPENSSL_rdtsc:
+        .frame  $30,0,$26
+        .prologue 0
+        rpcc    $0
+        ret     ($26)
+.end    OPENSSL_rdtsc
+
+.globl  OPENSSL_cleanse
+.ent    OPENSSL_cleanse
+OPENSSL_cleanse:
+        .frame  $30,0,$26
+        .prologue 0
+        beq     $17,.Ldone
+        and     $16,7,$0
+        bic     $17,7,$at
+        beq     $at,.Little
+        beq     $0,.Laligned
+
+.Little:
+        subq    $0,8,$0
+        ldq_u   $1,0($16)
+        mov     $16,$2
+.Lalign:
+        mskbl   $1,$16,$1
+        lda     $16,1($16)
+        subq    $17,1,$17
+        addq    $0,1,$0
+        beq     $17,.Lout
+        bne     $0,.Lalign
+.Lout:  stq_u   $1,0($2)
+        beq     $17,.Ldone
+        bic     $17,7,$at
+        beq     $at,.Little
+
+.Laligned:
+        stq     $31,0($16)
+        subq    $17,8,$17
+        lda     $16,8($16)
+        bic     $17,7,$at
+        bne     $at,.Laligned
+        bne     $17,.Little
+.Ldone: ret     ($26)
+.end    OPENSSL_cleanse
+___
diff --git a/src/lib/libssl/src/crypto/asn1/ameth_lib.c b/src/lib/libssl/src/crypto/asn1/ameth_lib.c
index 9a8b6cc222..5a581b90ea 100644
--- a/src/lib/libssl/src/crypto/asn1/ameth_lib.c
+++ b/src/lib/libssl/src/crypto/asn1/ameth_lib.c
@@ -172,7 +172,6 @@ static const EVP_PKEY_ASN1_METHOD *pkey_asn1_find(int type)
 const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type)
         {
         const EVP_PKEY_ASN1_METHOD *t;
-        ENGINE *e;
 
         for (;;)
                 {
@@ -184,6 +183,7 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type)
         if (pe)
                 {
 #ifndef OPENSSL_NO_ENGINE
+                ENGINE *e;
                 /* type will contain the final unaliased type */
                 e = ENGINE_get_pkey_asn1_meth_engine(type);
                 if (e)
diff --git a/src/lib/libssl/src/crypto/asn1/bio_ndef.c b/src/lib/libssl/src/crypto/asn1/bio_ndef.c
index 370389b1e6..b91f97a1b1 100644
--- a/src/lib/libssl/src/crypto/asn1/bio_ndef.c
+++ b/src/lib/libssl/src/crypto/asn1/bio_ndef.c
@@ -57,9 +57,6 @@
 #include <openssl/bio.h>
 #include <openssl/err.h>
 
-#ifndef OPENSSL_SYSNAME_NETWARE
-#include <memory.h>
-#endif
 #include <stdio.h>
 
 /* Experimental NDEF ASN1 BIO support routines */
diff --git a/src/lib/libssl/src/crypto/bio/bss_dgram.c b/src/lib/libssl/src/crypto/bio/bss_dgram.c
index eb7e365467..71ebe987b6 100644
--- a/src/lib/libssl/src/crypto/bio/bss_dgram.c
+++ b/src/lib/libssl/src/crypto/bio/bss_dgram.c
@@ -57,7 +57,6 @@
  *
  */
 
-#ifndef OPENSSL_NO_DGRAM
 
 #include <stdio.h>
 #include <errno.h>
@@ -65,6 +64,7 @@
 #include "cryptlib.h"
 
 #include <openssl/bio.h>
+#ifndef OPENSSL_NO_DGRAM
 
 #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS)
 #include <sys/timeb.h>
@@ -308,7 +308,6 @@ static int dgram_read(BIO *b, char *out, int outl)
                         OPENSSL_assert(sa.len.s<=sizeof(sa.peer));
                         sa.len.i = (int)sa.len.s;
                         }
-                dgram_reset_rcv_timeout(b);
 
                 if ( ! data->connected  && ret >= 0)
                         BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &sa.peer);
@@ -322,6 +321,8 @@ static int dgram_read(BIO *b, char *out, int outl)
                                 data->_errno = get_last_socket_error();
                                 }
                         }
+
+                dgram_reset_rcv_timeout(b);
                 }
         return(ret);
         }
@@ -340,7 +341,7 @@ static int dgram_write(BIO *b, const char *in, int inl)
 
                 if (data->peer.sa.sa_family == AF_INET)
                         peerlen = sizeof(data->peer.sa_in);
-#if OPENSSL_USE_IVP6
+#if OPENSSL_USE_IPV6
                 else if (data->peer.sa.sa_family == AF_INET6)
                         peerlen = sizeof(data->peer.sa_in6);
 #endif
@@ -745,9 +746,13 @@ static int BIO_dgram_should_retry(int i)
                 {
                 err=get_last_socket_error();
 
-#if defined(OPENSSL_SYS_WINDOWS) && 0 /* more microsoft stupidity? perhaps not? Ben 4/1/99 */
-                if ((i == -1) && (err == 0))
-                        return(1);
+#if defined(OPENSSL_SYS_WINDOWS)
+        /* If the socket return value (i) is -1
+         * and err is unexpectedly 0 at this point,
+         * the error code was overwritten by
+         * another system call before this error
+         * handling is called.
+         */
 #endif
 
                 return(BIO_dgram_non_fatal_error(err));
@@ -810,7 +815,6 @@ int BIO_dgram_non_fatal_error(int err)
                 }
         return(0);
         }
-#endif
 
 static void get_current_time(struct timeval *t)
         {
@@ -828,3 +832,5 @@ static void get_current_time(struct timeval *t)
         gettimeofday(t, NULL);
 #endif
         }
+
+#endif
diff --git a/src/lib/libssl/src/crypto/bn/asm/alpha-mont.pl b/src/lib/libssl/src/crypto/bn/asm/alpha-mont.pl
index f7e0ca1646..03596e2014 100644
--- a/src/lib/libssl/src/crypto/bn/asm/alpha-mont.pl
+++ b/src/lib/libssl/src/crypto/bn/asm/alpha-mont.pl
@@ -41,8 +41,12 @@ $j="s4";
 $m1="s5";
 
 $code=<<___;
+#ifdef __linux__
+#include <asm/regdef.h>
+#else
 #include <asm.h>
 #include <regdef.h>
+#endif
 
 .text
 
@@ -76,7 +80,7 @@ bn_mul_mont:
         ldq     $aj,8($ap)
         subq    sp,AT,sp
         ldq     $bi,0($bp)      # bp[0]
-        mov     -4096,AT
+        lda     AT,-4096(zero)  # mov   -4096,AT
         ldq     $n0,0($n0)
         and     sp,AT,sp
 
@@ -106,9 +110,9 @@ bn_mul_mont:
 .align  4
 .L1st:
         .set    noreorder
-        ldq     $aj,($aj)
+        ldq     $aj,0($aj)
         addl    $j,1,$j
-        ldq     $nj,($nj)
+        ldq     $nj,0($nj)
         lda     $tp,8($tp)
 
         addq    $alo,$hi0,$lo0
@@ -159,12 +163,12 @@ bn_mul_mont:
 .align  4
 .Louter:
         s8addq  $i,$bp,$bi
-        ldq     $hi0,($ap)
+        ldq     $hi0,0($ap)
         ldq     $aj,8($ap)
-        ldq     $bi,($bi)
-        ldq     $hi1,($np)
+        ldq     $bi,0($bi)
+        ldq     $hi1,0($np)
         ldq     $nj,8($np)
-        ldq     $tj,(sp)
+        ldq     $tj,0(sp)
 
         mulq    $hi0,$bi,$lo0
         umulh   $hi0,$bi,$hi0
@@ -195,10 +199,10 @@ bn_mul_mont:
         .set    noreorder
         ldq     $tj,8($tp)      #L0
         nop                     #U1
-        ldq     $aj,($aj)       #L1
+        ldq     $aj,0($aj)      #L1
         s8addq  $j,$np,$nj      #U0
 
-        ldq     $nj,($nj)       #L0
+        ldq     $nj,0($nj)      #L0
         nop                     #U1
         addq    $alo,$hi0,$lo0  #L1
         lda     $tp,8($tp)
@@ -247,7 +251,7 @@ bn_mul_mont:
         addq    $hi1,v0,$hi1
 
         addq    $hi1,$hi0,$lo1
-        stq     $j,($tp)
+        stq     $j,0($tp)
         cmpult  $lo1,$hi0,$hi1
         addq    $lo1,$tj,$lo1
         cmpult  $lo1,$tj,AT
@@ -265,8 +269,8 @@ bn_mul_mont:
         mov     0,$hi0          # clear borrow bit
 
 .align  4
-.Lsub:  ldq     $lo0,($tp)
-        ldq     $lo1,($np)
+.Lsub:  ldq     $lo0,0($tp)
+        ldq     $lo1,0($np)
         lda     $tp,8($tp)
         lda     $np,8($np)
         subq    $lo0,$lo1,$lo1  # tp[i]-np[i]
@@ -274,7 +278,7 @@ bn_mul_mont:
         subq    $lo1,$hi0,$lo0
         cmpult  $lo1,$lo0,$hi0
         or      $hi0,AT,$hi0
-        stq     $lo0,($rp)
+        stq     $lo0,0($rp)
         cmpult  $tp,$tj,v0
         lda     $rp,8($rp)
         bne     v0,.Lsub
@@ -288,7 +292,7 @@ bn_mul_mont:
         bis     $bp,$ap,$ap     # ap=borrow?tp:rp
 
 .align  4
-.Lcopy: ldq     $aj,($ap)       # copy or in-place refresh
+.Lcopy: ldq     $aj,0($ap)      # copy or in-place refresh
         lda     $tp,8($tp)
         lda     $rp,8($rp)
         lda     $ap,8($ap)
@@ -309,8 +313,8 @@ bn_mul_mont:
         lda     sp,48(sp)
         ret     (ra)
 .end    bn_mul_mont
-.rdata
-.asciiz "Montgomery Multiplication for Alpha, CRYPTOGAMS by <appro\@openssl.org>"
+.ascii  "Montgomery Multiplication for Alpha, CRYPTOGAMS by <appro\@openssl.org>"
+.align  2
 ___
 
 print $code;
diff --git a/src/lib/libssl/src/crypto/bn/asm/s390x-mont.pl b/src/lib/libssl/src/crypto/bn/asm/s390x-mont.pl
index d23251033b..f61246f5b6 100644
--- a/src/lib/libssl/src/crypto/bn/asm/s390x-mont.pl
+++ b/src/lib/libssl/src/crypto/bn/asm/s390x-mont.pl
@@ -69,8 +69,8 @@ bn_mul_mont:
         cghi    $num,16         #
         lghi    %r2,0           #
         blr     %r14            # if($num<16) return 0;
-        cghi    $num,128        #
-        bhr     %r14            # if($num>128) return 0;
+        cghi    $num,96         #
+        bhr     %r14            # if($num>96) return 0;
 
         stmg    %r3,%r15,24($sp)
 
diff --git a/src/lib/libssl/src/crypto/bn/asm/s390x.S b/src/lib/libssl/src/crypto/bn/asm/s390x.S
index 8f45f5d513..43fcb79bc0 100755
--- a/src/lib/libssl/src/crypto/bn/asm/s390x.S
+++ b/src/lib/libssl/src/crypto/bn/asm/s390x.S
@@ -1,4 +1,4 @@
-.ident "s390x.S, version 1.0"
+.ident "s390x.S, version 1.1"
 // ====================================================================
 // Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
 // project.
@@ -24,67 +24,67 @@ bn_mul_add_words:
         bler    %r14            // if (len<=0) return 0;
 
         stmg    %r6,%r10,48(%r15)
+        lghi    %r10,3
         lghi    %r8,0           // carry = 0
-        srag    %r10,%r4,2      // cnt=len/4
-        jz      .Loop1_madd
+        nr      %r10,%r4        // len%4
+        sra     %r4,2           // cnt=len/4
+        jz      .Loop1_madd     // carry is incidentally cleared if branch taken
+        algr    zero,zero       // clear carry
 
 .Loop4_madd:
         lg      %r7,0(%r2,%r3)  // ap[i]
         mlgr    %r6,%r5         // *=w
-        algr    %r7,%r8         // +=carry
+        alcgr   %r7,%r8         // +=carry
         alcgr   %r6,zero
         alg     %r7,0(%r2,%r1)  // +=rp[i]
-        alcgr   %r6,zero
         stg     %r7,0(%r2,%r1)  // rp[i]=
 
         lg      %r9,8(%r2,%r3)
         mlgr    %r8,%r5
-        algr    %r9,%r6
+        alcgr   %r9,%r6
         alcgr   %r8,zero
         alg     %r9,8(%r2,%r1)
-        alcgr   %r8,zero
         stg     %r9,8(%r2,%r1)
 
         lg      %r7,16(%r2,%r3)
         mlgr    %r6,%r5
-        algr    %r7,%r8
+        alcgr   %r7,%r8
         alcgr   %r6,zero
         alg     %r7,16(%r2,%r1)
-        alcgr   %r6,zero
         stg     %r7,16(%r2,%r1)
 
         lg      %r9,24(%r2,%r3)
         mlgr    %r8,%r5
-        algr    %r9,%r6
+        alcgr   %r9,%r6
         alcgr   %r8,zero
         alg     %r9,24(%r2,%r1)
-        alcgr   %r8,zero
         stg     %r9,24(%r2,%r1)
 
         la      %r2,32(%r2)     // i+=4
-        brct    %r10,.Loop4_madd
+        brct    %r4,.Loop4_madd
 
-        lghi    %r10,3
-        nr      %r4,%r10        // cnt=len%4
-        jz      .Lend_madd
+        la      %r10,1(%r10)            // see if len%4 is zero ...
+        brct    %r10,.Loop1_madd        // without touching condition code:-)
+
+.Lend_madd:
+        alcgr   %r8,zero        // collect carry bit
+        lgr     %r2,%r8
+        lmg     %r6,%r10,48(%r15)
+        br      %r14
 
 .Loop1_madd:
         lg      %r7,0(%r2,%r3)  // ap[i]
         mlgr    %r6,%r5         // *=w
-        algr    %r7,%r8         // +=carry
+        alcgr   %r7,%r8         // +=carry
         alcgr   %r6,zero
         alg     %r7,0(%r2,%r1)  // +=rp[i]
-        alcgr   %r6,zero
         stg     %r7,0(%r2,%r1)  // rp[i]=
 
         lgr     %r8,%r6
         la      %r2,8(%r2)      // i++
-        brct    %r4,.Loop1_madd
+        brct    %r10,.Loop1_madd
 
-.Lend_madd:
-        lgr     %r2,%r8
-        lmg     %r6,%r10,48(%r15)
-        br      %r14
+        j       .Lend_madd
 .size   bn_mul_add_words,.-bn_mul_add_words
 
 // BN_ULONG bn_mul_words(BN_ULONG *r2,BN_ULONG *r3,int r4,BN_ULONG r5);
@@ -99,57 +99,57 @@ bn_mul_words:
         bler    %r14            // if (len<=0) return 0;
 
         stmg    %r6,%r10,48(%r15)
+        lghi    %r10,3
         lghi    %r8,0           // carry = 0
-        srag    %r10,%r4,2      // cnt=len/4
-        jz      .Loop1_mul
+        nr      %r10,%r4        // len%4
+        sra     %r4,2           // cnt=len/4
+        jz      .Loop1_mul      // carry is incidentally cleared if branch taken
+        algr    zero,zero       // clear carry
 
 .Loop4_mul:
         lg      %r7,0(%r2,%r3)  // ap[i]
         mlgr    %r6,%r5         // *=w
-        algr    %r7,%r8         // +=carry
-        alcgr   %r6,zero
+        alcgr   %r7,%r8         // +=carry
         stg     %r7,0(%r2,%r1)  // rp[i]=
 
         lg      %r9,8(%r2,%r3)
         mlgr    %r8,%r5
-        algr    %r9,%r6
-        alcgr   %r8,zero
+        alcgr   %r9,%r6
         stg     %r9,8(%r2,%r1)
 
         lg      %r7,16(%r2,%r3)
         mlgr    %r6,%r5
-        algr    %r7,%r8
-        alcgr   %r6,zero
+        alcgr   %r7,%r8
         stg     %r7,16(%r2,%r1)
 
         lg      %r9,24(%r2,%r3)
         mlgr    %r8,%r5
-        algr    %r9,%r6
-        alcgr   %r8,zero
+        alcgr   %r9,%r6
         stg     %r9,24(%r2,%r1)
 
         la      %r2,32(%r2)     // i+=4
-        brct    %r10,.Loop4_mul
+        brct    %r4,.Loop4_mul
 
-        lghi    %r10,3
-        nr      %r4,%r10        // cnt=len%4
-        jz      .Lend_mul
+        la      %r10,1(%r10)            // see if len%4 is zero ...
+        brct    %r10,.Loop1_mul         // without touching condition code:-)
+
+.Lend_mul:
+        alcgr   %r8,zero        // collect carry bit
+        lgr     %r2,%r8
+        lmg     %r6,%r10,48(%r15)
+        br      %r14
 
 .Loop1_mul:
         lg      %r7,0(%r2,%r3)  // ap[i]
         mlgr    %r6,%r5         // *=w
-        algr    %r7,%r8         // +=carry
-        alcgr   %r6,zero
+        alcgr   %r7,%r8         // +=carry
         stg     %r7,0(%r2,%r1)  // rp[i]=
 
         lgr     %r8,%r6
         la      %r2,8(%r2)      // i++
-        brct    %r4,.Loop1_mul
+        brct    %r10,.Loop1_mul
 
-.Lend_mul:
-        lgr     %r2,%r8
-        lmg     %r6,%r10,48(%r15)
-        br      %r14
+        j       .Lend_mul
 .size   bn_mul_words,.-bn_mul_words
 
 // void bn_sqr_words(BN_ULONG *r2,BN_ULONG *r2,int r4)
diff --git a/src/lib/libssl/src/crypto/bn/bn_gf2m.c b/src/lib/libssl/src/crypto/bn/bn_gf2m.c
index 527b0fa15b..432a3aa338 100644
--- a/src/lib/libssl/src/crypto/bn/bn_gf2m.c
+++ b/src/lib/libssl/src/crypto/bn/bn_gf2m.c
@@ -545,6 +545,7 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
                 {
                 while (!BN_is_odd(u))
                         {
+                        if (BN_is_zero(u)) goto err;
                         if (!BN_rshift1(u, u)) goto err;
                         if (BN_is_odd(b))
                                 {
diff --git a/src/lib/libssl/src/crypto/bn/bn_nist.c b/src/lib/libssl/src/crypto/bn/bn_nist.c
index 2ca5b01391..c6de032696 100644
--- a/src/lib/libssl/src/crypto/bn/bn_nist.c
+++ b/src/lib/libssl/src/crypto/bn/bn_nist.c
@@ -354,7 +354,7 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
                  buf[BN_NIST_192_TOP],
                  c_d[BN_NIST_192_TOP],
                 *res;
-        size_t   mask;
+        PTR_SIZE_INT mask;
         static const BIGNUM _bignum_nist_p_192_sqr = {
                 (BN_ULONG *)_nist_p_192_sqr,
                 sizeof(_nist_p_192_sqr)/sizeof(_nist_p_192_sqr[0]),
@@ -405,9 +405,10 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
          * 'tmp=result-modulus; if (!carry || !borrow) result=tmp;'
          * this is what happens below, but without explicit if:-) a.
          */
-        mask  = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP);
-        mask &= 0-(size_t)carry;
-        res   = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
+        mask  = 0-(PTR_SIZE_INT)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP);
+        mask &= 0-(PTR_SIZE_INT)carry;
+        res   = (BN_ULONG *)
+         (((PTR_SIZE_INT)c_d&~mask) | ((PTR_SIZE_INT)r_d&mask));
         nist_cp_bn(r_d, res, BN_NIST_192_TOP);
         r->top = BN_NIST_192_TOP;
         bn_correct_top(r);
@@ -438,8 +439,8 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
                  buf[BN_NIST_224_TOP],
                  c_d[BN_NIST_224_TOP],
                 *res;
-        size_t   mask;
-        union { bn_addsub_f f; size_t p; } u;
+        PTR_SIZE_INT mask;
+        union { bn_addsub_f f; PTR_SIZE_INT p; } u;
         static const BIGNUM _bignum_nist_p_224_sqr = {
                 (BN_ULONG *)_nist_p_224_sqr,
                 sizeof(_nist_p_224_sqr)/sizeof(_nist_p_224_sqr[0]),
@@ -510,16 +511,18 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
                  * to be compared to the modulus and conditionally
                  * adjusted by *subtracting* the latter. */
                 carry = (int)bn_add_words(r_d,r_d,_nist_p_224[-carry-1],BN_NIST_224_TOP);
-                mask = 0-(size_t)carry;
-                u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask);
+                mask = 0-(PTR_SIZE_INT)carry;
+                u.p = ((PTR_SIZE_INT)bn_sub_words&mask) |
+                 ((PTR_SIZE_INT)bn_add_words&~mask);
                 }
         else
                 carry = 1;
 
         /* otherwise it's effectively same as in BN_nist_mod_192... */
-        mask  = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_224[0],BN_NIST_224_TOP);
-        mask &= 0-(size_t)carry;
-        res   = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
+        mask  = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_224[0],BN_NIST_224_TOP);
+        mask &= 0-(PTR_SIZE_INT)carry;
+        res   = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) |
+         ((PTR_SIZE_INT)r_d&mask));
         nist_cp_bn(r_d, res, BN_NIST_224_TOP);
         r->top = BN_NIST_224_TOP;
         bn_correct_top(r);
@@ -549,8 +552,8 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
                  buf[BN_NIST_256_TOP],
                  c_d[BN_NIST_256_TOP],
                 *res;
-        size_t   mask;
-        union { bn_addsub_f f; size_t p; } u;
+        PTR_SIZE_INT mask;
+        union { bn_addsub_f f; PTR_SIZE_INT p; } u;
         static const BIGNUM _bignum_nist_p_256_sqr = {
                 (BN_ULONG *)_nist_p_256_sqr,
                 sizeof(_nist_p_256_sqr)/sizeof(_nist_p_256_sqr[0]),
@@ -629,15 +632,17 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         else if (carry < 0)
                 {
                 carry = (int)bn_add_words(r_d,r_d,_nist_p_256[-carry-1],BN_NIST_256_TOP);
-                mask = 0-(size_t)carry;
-                u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask);
+                mask = 0-(PTR_SIZE_INT)carry;
+                u.p = ((PTR_SIZE_INT)bn_sub_words&mask) |
+                 ((PTR_SIZE_INT)bn_add_words&~mask);
                 }
         else
                 carry = 1;
 
-        mask  = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP);
-        mask &= 0-(size_t)carry;
-        res   = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
+        mask  = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP);
+        mask &= 0-(PTR_SIZE_INT)carry;
+        res   = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) |
+         ((PTR_SIZE_INT)r_d&mask));
         nist_cp_bn(r_d, res, BN_NIST_256_TOP);
         r->top = BN_NIST_256_TOP;
         bn_correct_top(r);
@@ -671,8 +676,8 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
                  buf[BN_NIST_384_TOP],
                  c_d[BN_NIST_384_TOP],
                 *res;
-        size_t   mask;
-        union { bn_addsub_f f; size_t p; } u;
+        PTR_SIZE_INT mask;
+        union { bn_addsub_f f; PTR_SIZE_INT p; } u;
         static const BIGNUM _bignum_nist_p_384_sqr = {
                 (BN_ULONG *)_nist_p_384_sqr,
                 sizeof(_nist_p_384_sqr)/sizeof(_nist_p_384_sqr[0]),
@@ -754,15 +759,17 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         else if (carry < 0)
                 {
                 carry = (int)bn_add_words(r_d,r_d,_nist_p_384[-carry-1],BN_NIST_384_TOP);
-                mask = 0-(size_t)carry;
-                u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask);
+                mask = 0-(PTR_SIZE_INT)carry;
+                u.p = ((PTR_SIZE_INT)bn_sub_words&mask) |
+                 ((PTR_SIZE_INT)bn_add_words&~mask);
                 }
         else
                 carry = 1;
 
-        mask  = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_384[0],BN_NIST_384_TOP);
-        mask &= 0-(size_t)carry;
-        res   = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
+        mask  = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_384[0],BN_NIST_384_TOP);
+        mask &= 0-(PTR_SIZE_INT)carry;
+        res   = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) |
+         ((PTR_SIZE_INT)r_d&mask));
         nist_cp_bn(r_d, res, BN_NIST_384_TOP);
         r->top = BN_NIST_384_TOP;
         bn_correct_top(r);
@@ -781,7 +788,7 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         BN_ULONG *r_d, *a_d = a->d,
                  t_d[BN_NIST_521_TOP],
                  val,tmp,*res;
-        size_t  mask;
+        PTR_SIZE_INT mask;
         static const BIGNUM _bignum_nist_p_521_sqr = {
                 (BN_ULONG *)_nist_p_521_sqr,
                 sizeof(_nist_p_521_sqr)/sizeof(_nist_p_521_sqr[0]),
@@ -826,8 +833,9 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         r_d[i] &= BN_NIST_521_TOP_MASK;
 
         bn_add_words(r_d,r_d,t_d,BN_NIST_521_TOP);
-        mask = 0-(size_t)bn_sub_words(t_d,r_d,_nist_p_521,BN_NIST_521_TOP);
-        res  = (BN_ULONG *)(((size_t)t_d&~mask) | ((size_t)r_d&mask));
+        mask = 0-(PTR_SIZE_INT)bn_sub_words(t_d,r_d,_nist_p_521,BN_NIST_521_TOP);
+        res  = (BN_ULONG *)(((PTR_SIZE_INT)t_d&~mask) |
+         ((PTR_SIZE_INT)r_d&mask));
         nist_cp_bn(r_d,res,BN_NIST_521_TOP);
         r->top = BN_NIST_521_TOP;
         bn_correct_top(r);
diff --git a/src/lib/libssl/src/crypto/dsa/dsa_pmeth.c b/src/lib/libssl/src/crypto/dsa/dsa_pmeth.c
index 4ce91e20c6..e2df54fec6 100644
--- a/src/lib/libssl/src/crypto/dsa/dsa_pmeth.c
+++ b/src/lib/libssl/src/crypto/dsa/dsa_pmeth.c
@@ -187,6 +187,7 @@ static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
                 case EVP_PKEY_CTRL_MD:
                 if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1   &&
                     EVP_MD_type((const EVP_MD *)p2) != NID_dsa    &&
+                    EVP_MD_type((const EVP_MD *)p2) != NID_dsaWithSHA    &&
                     EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
                     EVP_MD_type((const EVP_MD *)p2) != NID_sha256)
                         {
diff --git a/src/lib/libssl/src/crypto/ec/ec2_mult.c b/src/lib/libssl/src/crypto/ec/ec2_mult.c
index ab631a50a2..e12b9b284a 100644
--- a/src/lib/libssl/src/crypto/ec/ec2_mult.c
+++ b/src/lib/libssl/src/crypto/ec/ec2_mult.c
@@ -319,6 +319,7 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
         int ret = 0;
         size_t i;
         EC_POINT *p=NULL;
+        EC_POINT *acc = NULL;
 
         if (ctx == NULL)
                 {
@@ -338,15 +339,16 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
                 }
 
         if ((p = EC_POINT_new(group)) == NULL) goto err;
+        if ((acc = EC_POINT_new(group)) == NULL) goto err;
 
-        if (!EC_POINT_set_to_infinity(group, r)) goto err;
+        if (!EC_POINT_set_to_infinity(group, acc)) goto err;
 
         if (scalar)
                 {
                 if (!ec_GF2m_montgomery_point_multiply(group, p, scalar, group->generator, ctx)) goto err;
-                if (BN_is_negative(scalar)) 
+                if (BN_is_negative(scalar))
                         if (!group->meth->invert(group, p, ctx)) goto err;
-                if (!group->meth->add(group, r, r, p, ctx)) goto err;
+                if (!group->meth->add(group, acc, acc, p, ctx)) goto err;
                 }
 
         for (i = 0; i < num; i++)
@@ -354,13 +356,16 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
                 if (!ec_GF2m_montgomery_point_multiply(group, p, scalars[i], points[i], ctx)) goto err;
                 if (BN_is_negative(scalars[i]))
                         if (!group->meth->invert(group, p, ctx)) goto err;
-                if (!group->meth->add(group, r, r, p, ctx)) goto err;
+                if (!group->meth->add(group, acc, acc, p, ctx)) goto err;
                 }
 
+        if (!EC_POINT_copy(r, acc)) goto err;
+
         ret = 1;
 
   err:
         if (p) EC_POINT_free(p);
+        if (acc) EC_POINT_free(acc);
         if (new_ctx != NULL)
                 BN_CTX_free(new_ctx);
         return ret;
diff --git a/src/lib/libssl/src/crypto/ec/ec2_smpl.c b/src/lib/libssl/src/crypto/ec/ec2_smpl.c
index cf357b462a..af94458ca7 100644
--- a/src/lib/libssl/src/crypto/ec/ec2_smpl.c
+++ b/src/lib/libssl/src/crypto/ec/ec2_smpl.c
@@ -937,6 +937,9 @@ int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT
                 {
                 return EC_POINT_is_at_infinity(group, b) ? 0 : 1;
                 }
+
+        if (EC_POINT_is_at_infinity(group, b))
+                return 1;
         
         if (a->Z_is_one && b->Z_is_one)
                 {
diff --git a/src/lib/libssl/src/crypto/ec/ec_key.c b/src/lib/libssl/src/crypto/ec/ec_key.c
index 12fb0e6d6d..522802c07a 100644
--- a/src/lib/libssl/src/crypto/ec/ec_key.c
+++ b/src/lib/libssl/src/crypto/ec/ec_key.c
@@ -304,7 +304,13 @@ int EC_KEY_check_key(const EC_KEY *eckey)
                 ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER);
                 return 0;
                 }
-        
+
+        if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key))
+                {
+                ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_AT_INFINITY);
+                goto err;
+                }
+
         if ((ctx = BN_CTX_new()) == NULL)
                 goto err;
         if ((point = EC_POINT_new(eckey->group)) == NULL)
diff --git a/src/lib/libssl/src/crypto/ecdh/ech_lib.c b/src/lib/libssl/src/crypto/ecdh/ech_lib.c
index e89b1d4772..4d8ea03d3d 100644
--- a/src/lib/libssl/src/crypto/ecdh/ech_lib.c
+++ b/src/lib/libssl/src/crypto/ecdh/ech_lib.c
@@ -96,7 +96,6 @@ const ECDH_METHOD *ECDH_get_default_method(void)
 
 int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth)
         {
-        const ECDH_METHOD *mtmp;
         ECDH_DATA *ecdh;
 
         ecdh = ecdh_check(eckey);
@@ -104,8 +103,8 @@ int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth)
         if (ecdh == NULL)
                 return 0;
 
-        mtmp = ecdh->meth;
 #if 0
+        mtmp = ecdh->meth;
         if (mtmp->finish)
                 mtmp->finish(eckey);
 #endif
diff --git a/src/lib/libssl/src/crypto/ecdsa/ecdsatest.c b/src/lib/libssl/src/crypto/ecdsa/ecdsatest.c
index aa4e1481a8..26a4a9ee7c 100644
--- a/src/lib/libssl/src/crypto/ecdsa/ecdsatest.c
+++ b/src/lib/libssl/src/crypto/ecdsa/ecdsatest.c
@@ -168,10 +168,9 @@ int fbytes(unsigned char *buf, int num)
                 return 0;
                 }
         fbytes_counter ++;
-        ret = BN_bn2bin(tmp, buf);      
-        if (ret == 0 || ret != num)
+        if (num != BN_num_bytes(tmp) || !BN_bn2bin(tmp, buf))
                 ret = 0;
-        else
+        else 
                 ret = 1;
         if (tmp)
                 BN_free(tmp);
diff --git a/src/lib/libssl/src/crypto/ecdsa/ecs_lib.c b/src/lib/libssl/src/crypto/ecdsa/ecs_lib.c
index 85e8a3a7ed..2ebae3aa27 100644
--- a/src/lib/libssl/src/crypto/ecdsa/ecs_lib.c
+++ b/src/lib/libssl/src/crypto/ecdsa/ecs_lib.c
@@ -83,7 +83,6 @@ const ECDSA_METHOD *ECDSA_get_default_method(void)
 
 int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth)
 {
-        const ECDSA_METHOD *mtmp;
         ECDSA_DATA *ecdsa;
 
         ecdsa = ecdsa_check(eckey);
@@ -91,7 +90,6 @@ int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth)
         if (ecdsa == NULL)
                 return 0;
 
-        mtmp = ecdsa->meth;
 #ifndef OPENSSL_NO_ENGINE
         if (ecdsa->engine)
         {
diff --git a/src/lib/libssl/src/crypto/ecdsa/ecs_ossl.c b/src/lib/libssl/src/crypto/ecdsa/ecs_ossl.c
index 551cf5068f..1bbf328de5 100644
--- a/src/lib/libssl/src/crypto/ecdsa/ecs_ossl.c
+++ b/src/lib/libssl/src/crypto/ecdsa/ecs_ossl.c
@@ -144,6 +144,14 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
                         }
                 while (BN_is_zero(k));
 
+                /* We do not want timing information to leak the length of k,
+                 * so we compute G*k using an equivalent scalar of fixed
+                 * bit-length. */
+
+                if (!BN_add(k, k, order)) goto err;
+                if (BN_num_bits(k) <= BN_num_bits(order))
+                        if (!BN_add(k, k, order)) goto err;
+
                 /* compute r the x-coordinate of generator * k */
                 if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx))
                 {
diff --git a/src/lib/libssl/src/crypto/evp/m_sigver.c b/src/lib/libssl/src/crypto/evp/m_sigver.c
index f0b7f95059..7e2731f4a4 100644
--- a/src/lib/libssl/src/crypto/evp/m_sigver.c
+++ b/src/lib/libssl/src/crypto/evp/m_sigver.c
@@ -137,7 +137,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen)
                 sctx = 0;
         if (sigret)
                 {
-                MS_STATIC EVP_MD_CTX tmp_ctx;
+                EVP_MD_CTX tmp_ctx;
                 unsigned char md[EVP_MAX_MD_SIZE];
                 unsigned int mdlen;
                 EVP_MD_CTX_init(&tmp_ctx);
@@ -173,7 +173,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen)
 
 int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t siglen)
         {
-        MS_STATIC EVP_MD_CTX tmp_ctx;
+        EVP_MD_CTX tmp_ctx;
         unsigned char md[EVP_MAX_MD_SIZE];
         int r;
         unsigned int mdlen;
diff --git a/src/lib/libssl/src/crypto/evp/pmeth_lib.c b/src/lib/libssl/src/crypto/evp/pmeth_lib.c
index b2d8de3a8d..5481d4b8a5 100644
--- a/src/lib/libssl/src/crypto/evp/pmeth_lib.c
+++ b/src/lib/libssl/src/crypto/evp/pmeth_lib.c
@@ -134,6 +134,8 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id)
                 id = pkey->ameth->pkey_id;
                 }
 #ifndef OPENSSL_NO_ENGINE
+        if (pkey && pkey->engine)
+                e = pkey->engine;
         /* Try to find an ENGINE which implements this method */
         if (e)
                 {
diff --git a/src/lib/libssl/src/crypto/hmac/hm_pmeth.c b/src/lib/libssl/src/crypto/hmac/hm_pmeth.c
index 985921ca1a..71e8567a14 100644
--- a/src/lib/libssl/src/crypto/hmac/hm_pmeth.c
+++ b/src/lib/libssl/src/crypto/hmac/hm_pmeth.c
@@ -147,6 +147,8 @@ static int int_update(EVP_MD_CTX *ctx,const void *data,size_t count)
 
 static int hmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
         {
+        HMAC_PKEY_CTX *hctx = ctx->data;
+        HMAC_CTX_set_flags(&hctx->ctx, mctx->flags & ~EVP_MD_CTX_FLAG_NO_INIT);
         EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
         mctx->update = int_update;
         return 1;
diff --git a/src/lib/libssl/src/crypto/jpake/jpake.c b/src/lib/libssl/src/crypto/jpake/jpake.c
index 086d9f47e0..8e4b633ccc 100644
--- a/src/lib/libssl/src/crypto/jpake/jpake.c
+++ b/src/lib/libssl/src/crypto/jpake/jpake.c
@@ -282,8 +282,37 @@ int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx)
     return 1;
     }
 
+/* g^x is a legal value */
+static int is_legal(const BIGNUM *gx, const JPAKE_CTX *ctx)
+    {
+    BIGNUM *t;
+    int res;
+    
+    if(BN_is_negative(gx) || BN_is_zero(gx) || BN_cmp(gx, ctx->p.p) >= 0)
+        return 0;
+
+    t = BN_new();
+    BN_mod_exp(t, gx, ctx->p.q, ctx->p.p, ctx->ctx);
+    res = BN_is_one(t);
+    BN_free(t);
+
+    return res;
+    }
+
 int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received)
     {
+    if(!is_legal(received->p1.gx, ctx))
+        {
+        JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL);
+        return 0;
+        }
+
+    if(!is_legal(received->p2.gx, ctx))
+        {
+        JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL);
+        return 0;
+        }
+
    /* verify their ZKP(xc) */
     if(!verify_zkp(&received->p1, ctx->p.g, ctx))
         {
diff --git a/src/lib/libssl/src/crypto/jpake/jpake.h b/src/lib/libssl/src/crypto/jpake/jpake.h
index 693ea188cb..fd143b4d9b 100644
--- a/src/lib/libssl/src/crypto/jpake/jpake.h
+++ b/src/lib/libssl/src/crypto/jpake/jpake.h
@@ -115,6 +115,8 @@ void ERR_load_JPAKE_strings(void);
 #define JPAKE_F_VERIFY_ZKP                               100
 
 /* Reason codes. */
+#define JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL                 108
+#define JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL                 109
 #define JPAKE_R_G_TO_THE_X4_IS_ONE                       105
 #define JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH             106
 #define JPAKE_R_HASH_OF_KEY_MISMATCH                     107
diff --git a/src/lib/libssl/src/crypto/jpake/jpake_err.c b/src/lib/libssl/src/crypto/jpake/jpake_err.c
index 1b95067967..a9a9dee75c 100644
--- a/src/lib/libssl/src/crypto/jpake/jpake_err.c
+++ b/src/lib/libssl/src/crypto/jpake/jpake_err.c
@@ -1,6 +1,6 @@
 /* crypto/jpake/jpake_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2010 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -80,6 +80,8 @@ static ERR_STRING_DATA JPAKE_str_functs[]=
 
 static ERR_STRING_DATA JPAKE_str_reasons[]=
         {
+{ERR_REASON(JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL),"g to the x3 is not legal"},
+{ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL),"g to the x4 is not legal"},
 {ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_ONE)  ,"g to the x4 is one"},
 {ERR_REASON(JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH),"hash of hash of key mismatch"},
 {ERR_REASON(JPAKE_R_HASH_OF_KEY_MISMATCH),"hash of key mismatch"},
diff --git a/src/lib/libssl/src/crypto/pem/pvkfmt.c b/src/lib/libssl/src/crypto/pem/pvkfmt.c
index d998a67fa5..5f130c4528 100644
--- a/src/lib/libssl/src/crypto/pem/pvkfmt.c
+++ b/src/lib/libssl/src/crypto/pem/pvkfmt.c
@@ -662,7 +662,7 @@ static int do_PVK_header(const unsigned char **in, unsigned int length,
                 
         {
         const unsigned char *p = *in;
-        unsigned int pvk_magic, keytype, is_encrypted;
+        unsigned int pvk_magic, is_encrypted;
         if (skip_magic)
                 {
                 if (length < 20)
@@ -689,7 +689,7 @@ static int do_PVK_header(const unsigned char **in, unsigned int length,
                 }
         /* Skip reserved */
         p += 4;
-        keytype = read_ledword(&p);
+        /*keytype = */read_ledword(&p);
         is_encrypted = read_ledword(&p);
         *psaltlen = read_ledword(&p);
         *pkeylen = read_ledword(&p);
@@ -839,7 +839,7 @@ EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u)
 static int i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel,
                 pem_password_cb *cb, void *u)
         {
-        int outlen = 24, noinc, pklen;
+        int outlen = 24, pklen;
         unsigned char *p, *salt = NULL;
         if (enclevel)
                 outlen += PVK_SALTLEN;
@@ -850,10 +850,7 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel,
         if (!out)
                 return outlen;
         if (*out)
-                {
                 p = *out;
-                noinc = 0;
-                }
         else
                 {
                 p = OPENSSL_malloc(outlen);
@@ -863,7 +860,6 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel,
                         return -1;
                         }
                 *out = p;
-                noinc = 1;
                 }
 
         write_ledword(&p, MS_PVKMAGIC);
diff --git a/src/lib/libssl/src/crypto/perlasm/x86_64-xlate.pl b/src/lib/libssl/src/crypto/perlasm/x86_64-xlate.pl
index 354673acc1..e47116b74b 100755
--- a/src/lib/libssl/src/crypto/perlasm/x86_64-xlate.pl
+++ b/src/lib/libssl/src/crypto/perlasm/x86_64-xlate.pl
@@ -167,7 +167,7 @@ my %globals;
             } elsif ($self->{op} =~ /^(pop|push)f/) {
                 $self->{op} .= $self->{sz};
             } elsif ($self->{op} eq "call" && $current_segment eq ".CRT\$XCU") {
-                $self->{op} = "ALIGN\t8\n\tDQ";
+                $self->{op} = "\tDQ";
             } 
             $self->{op};
         }
@@ -545,6 +545,8 @@ my %globals;
                                         if ($line=~/\.([px])data/) {
                                             $v.=" rdata align=";
                                             $v.=$1 eq "p"? 4 : 8;
+                                        } elsif ($line=~/\.CRT\$/i) {
+                                            $v.=" rdata align=8";
                                         }
                                     } else {
                                         $v="$current_segment\tENDS\n" if ($current_segment);
@@ -552,6 +554,8 @@ my %globals;
                                         if ($line=~/\.([px])data/) {
                                             $v.=" READONLY";
                                             $v.=" ALIGN(".($1 eq "p" ? 4 : 8).")" if ($masm>=$masmref);
+                                        } elsif ($line=~/\.CRT\$/i) {
+                                            $v.=" READONLY DWORD";
                                         }
                                     }
                                     $current_segment = $line;
diff --git a/src/lib/libssl/src/crypto/pqueue/pqueue.c b/src/lib/libssl/src/crypto/pqueue/pqueue.c
index 99a6fb874d..eab13a1250 100644
--- a/src/lib/libssl/src/crypto/pqueue/pqueue.c
+++ b/src/lib/libssl/src/crypto/pqueue/pqueue.c
@@ -167,14 +167,13 @@ pqueue_pop(pqueue_s *pq)
 pitem *
 pqueue_find(pqueue_s *pq, unsigned char *prio64be)
         {
-        pitem *next, *prev = NULL;
+        pitem *next;
         pitem *found = NULL;
 
         if ( pq->items == NULL)
                 return NULL;
 
-        for ( next = pq->items; next->next != NULL; 
-                  prev = next, next = next->next)
+        for ( next = pq->items; next->next != NULL; next = next->next)
                 {
                 if ( memcmp(next->priority, prio64be,8) == 0)
                         {
diff --git a/src/lib/libssl/src/crypto/rand/rand_nw.c b/src/lib/libssl/src/crypto/rand/rand_nw.c
index f177ffbe82..8d5b8d2e32 100644
--- a/src/lib/libssl/src/crypto/rand/rand_nw.c
+++ b/src/lib/libssl/src/crypto/rand/rand_nw.c
@@ -160,8 +160,8 @@ int RAND_poll(void)
          rdtsc
          mov tsc, eax        
       }
-#else
-      asm volatile("rdtsc":"=A" (tsc));
+#elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+      asm volatile("rdtsc":"=a"(tsc)::"edx");
 #endif
 
       RAND_add(&tsc, sizeof(tsc), 1);
diff --git a/src/lib/libssl/src/crypto/sha/asm/sha1-armv4-large.pl b/src/lib/libssl/src/crypto/sha/asm/sha1-armv4-large.pl
index 88861af641..6e65fe3e01 100644
--- a/src/lib/libssl/src/crypto/sha/asm/sha1-armv4-large.pl
+++ b/src/lib/libssl/src/crypto/sha/asm/sha1-armv4-large.pl
@@ -37,9 +37,18 @@
 #       modes are limited. As result it takes more instructions to do
 #       the same job in Thumb, therefore the code is never twice as
 #       small and always slower.
-# [***] which is also ~35% better than compiler generated code.
+# [***] which is also ~35% better than compiler generated code. Dual-
+#       issue Cortex A8 core was measured to process input block in
+#       ~990 cycles.
 
-$output=shift;
+# August 2010.
+#
+# Rescheduling for dual-issue pipeline resulted in 13% improvement on
+# Cortex A8 core and in absolute terms ~870 cycles per input block
+# [or 13.6 cycles per byte].
+
+
+while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
 open STDOUT,">$output";
 
 $ctx="r0";
@@ -58,43 +67,22 @@ $t3="r12";
 $Xi="r14";
 @V=($a,$b,$c,$d,$e);
 
-# One can optimize this for aligned access on big-endian architecture,
-# but code's endian neutrality makes it too pretty:-)
-sub Xload {
-my ($a,$b,$c,$d,$e)=@_;
-$code.=<<___;
-        ldrb    $t0,[$inp],#4
-        ldrb    $t1,[$inp,#-3]
-        ldrb    $t2,[$inp,#-2]
-        ldrb    $t3,[$inp,#-1]
-        add     $e,$K,$e,ror#2                  @ E+=K_00_19
-        orr     $t0,$t1,$t0,lsl#8
-        add     $e,$e,$a,ror#27                 @ E+=ROR(A,27)
-        orr     $t0,$t2,$t0,lsl#8
-        eor     $t1,$c,$d                       @ F_xx_xx
-        orr     $t0,$t3,$t0,lsl#8
-        add     $e,$e,$t0                       @ E+=X[i]
-        str     $t0,[$Xi,#-4]!
-___
-}
 sub Xupdate {
-my ($a,$b,$c,$d,$e,$flag)=@_;
+my ($a,$b,$c,$d,$e,$opt1,$opt2)=@_;
 $code.=<<___;
         ldr     $t0,[$Xi,#15*4]
         ldr     $t1,[$Xi,#13*4]
         ldr     $t2,[$Xi,#7*4]
-        ldr     $t3,[$Xi,#2*4]
         add     $e,$K,$e,ror#2                  @ E+=K_xx_xx
+        ldr     $t3,[$Xi,#2*4]
         eor     $t0,$t0,$t1
-        eor     $t0,$t0,$t2
-        eor     $t0,$t0,$t3
-        add     $e,$e,$a,ror#27                 @ E+=ROR(A,27)
-___
-$code.=<<___ if (!defined($flag));
-        eor     $t1,$c,$d                       @ F_xx_xx, but not in 40_59
-___
-$code.=<<___;
+        eor     $t2,$t2,$t3
+        eor     $t1,$c,$d                       @ F_xx_xx
         mov     $t0,$t0,ror#31
+        add     $e,$e,$a,ror#27                 @ E+=ROR(A,27)
+        eor     $t0,$t0,$t2,ror#31
+        $opt1                                   @ F_xx_xx
+        $opt2                                   @ F_xx_xx
         add     $e,$e,$t0                       @ E+=X[i]
         str     $t0,[$Xi,#-4]!
 ___
@@ -102,19 +90,29 @@ ___
 
 sub BODY_00_15 {
 my ($a,$b,$c,$d,$e)=@_;
-        &Xload(@_);
 $code.=<<___;
+        ldrb    $t0,[$inp],#4
+        ldrb    $t1,[$inp,#-1]
+        ldrb    $t2,[$inp,#-2]
+        add     $e,$K,$e,ror#2                  @ E+=K_00_19
+        ldrb    $t3,[$inp,#-3]
+        add     $e,$e,$a,ror#27                 @ E+=ROR(A,27)
+        orr     $t0,$t1,$t0,lsl#24
+        eor     $t1,$c,$d                       @ F_xx_xx
+        orr     $t0,$t0,$t2,lsl#8
+        orr     $t0,$t0,$t3,lsl#16
         and     $t1,$b,$t1,ror#2
+        add     $e,$e,$t0                       @ E+=X[i]
         eor     $t1,$t1,$d,ror#2                @ F_00_19(B,C,D)
+        str     $t0,[$Xi,#-4]!
         add     $e,$e,$t1                       @ E+=F_00_19(B,C,D)
 ___
 }
 
 sub BODY_16_19 {
 my ($a,$b,$c,$d,$e)=@_;
-        &Xupdate(@_);
+        &Xupdate(@_,"and $t1,$b,$t1,ror#2");
 $code.=<<___;
-        and     $t1,$b,$t1,ror#2
         eor     $t1,$t1,$d,ror#2                @ F_00_19(B,C,D)
         add     $e,$e,$t1                       @ E+=F_00_19(B,C,D)
 ___
@@ -122,22 +120,18 @@ ___
 
 sub BODY_20_39 {
 my ($a,$b,$c,$d,$e)=@_;
-        &Xupdate(@_);
+        &Xupdate(@_,"eor $t1,$b,$t1,ror#2");
 $code.=<<___;
-        eor     $t1,$b,$t1,ror#2                @ F_20_39(B,C,D)
         add     $e,$e,$t1                       @ E+=F_20_39(B,C,D)
 ___
 }
 
 sub BODY_40_59 {
 my ($a,$b,$c,$d,$e)=@_;
-        &Xupdate(@_,1);
+        &Xupdate(@_,"and $t1,$b,$t1,ror#2","and $t2,$c,$d");
 $code.=<<___;
-        and     $t1,$b,$c,ror#2
-        orr     $t2,$b,$c,ror#2
-        and     $t2,$t2,$d,ror#2
-        orr     $t1,$t1,$t2                     @ F_40_59(B,C,D)
         add     $e,$e,$t1                       @ E+=F_40_59(B,C,D)
+        add     $e,$e,$t2,ror#2
 ___
 }
 
diff --git a/src/lib/libssl/src/crypto/sha/asm/sha1-sparcv9.pl b/src/lib/libssl/src/crypto/sha/asm/sha1-sparcv9.pl
index 8306fc88cc..5c161cecd6 100644
--- a/src/lib/libssl/src/crypto/sha/asm/sha1-sparcv9.pl
+++ b/src/lib/libssl/src/crypto/sha/asm/sha1-sparcv9.pl
@@ -276,6 +276,7 @@ $code.=<<___;
 .type   sha1_block_data_order,#function
 .size   sha1_block_data_order,(.-sha1_block_data_order)
 .asciz  "SHA1 block transform for SPARCv9, CRYPTOGAMS by <appro\@openssl.org>"
+.align  4
 ___
 
 $code =~ s/\`([^\`]*)\`/eval $1/gem;
diff --git a/src/lib/libssl/src/crypto/sha/asm/sha1-sparcv9a.pl b/src/lib/libssl/src/crypto/sha/asm/sha1-sparcv9a.pl
index 15eb854bad..85e8d68086 100644
--- a/src/lib/libssl/src/crypto/sha/asm/sha1-sparcv9a.pl
+++ b/src/lib/libssl/src/crypto/sha/asm/sha1-sparcv9a.pl
@@ -539,6 +539,7 @@ $code.=<<___;
 .type   sha1_block_data_order,#function
 .size   sha1_block_data_order,(.-sha1_block_data_order)
 .asciz  "SHA1 block transform for SPARCv9a, CRYPTOGAMS by <appro\@openssl.org>"
+.align  4
 ___
 
 # Purpose of these subroutines is to explicitly encode VIS instructions,
diff --git a/src/lib/libssl/src/crypto/sha/asm/sha256-armv4.pl b/src/lib/libssl/src/crypto/sha/asm/sha256-armv4.pl
index 48d846deec..492cb62bc0 100644
--- a/src/lib/libssl/src/crypto/sha/asm/sha256-armv4.pl
+++ b/src/lib/libssl/src/crypto/sha/asm/sha256-armv4.pl
@@ -11,9 +11,14 @@
 
 # Performance is ~2x better than gcc 3.4 generated code and in "abso-
 # lute" terms is ~2250 cycles per 64-byte block or ~35 cycles per
-# byte.
+# byte [on single-issue Xscale PXA250 core].
 
-$output=shift;
+# July 2010.
+#
+# Rescheduling for dual-issue pipeline resulted in 22% improvement on
+# Cortex A8 core and ~20 cycles per processed byte.
+
+while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
 open STDOUT,">$output";
 
 $ctx="r0";      $t0="r0";
@@ -52,27 +57,27 @@ $code.=<<___ if ($i<16);
 ___
 $code.=<<___;
         ldr     $t2,[$Ktbl],#4                  @ *K256++
-        str     $T1,[sp,#`$i%16`*4]
         mov     $t0,$e,ror#$Sigma1[0]
+        str     $T1,[sp,#`$i%16`*4]
         eor     $t0,$t0,$e,ror#$Sigma1[1]
-        eor     $t0,$t0,$e,ror#$Sigma1[2]       @ Sigma1(e)
-        add     $T1,$T1,$t0
         eor     $t1,$f,$g
+        eor     $t0,$t0,$e,ror#$Sigma1[2]       @ Sigma1(e)
         and     $t1,$t1,$e
+        add     $T1,$T1,$t0
         eor     $t1,$t1,$g                      @ Ch(e,f,g)
-        add     $T1,$T1,$t1
         add     $T1,$T1,$h
-        add     $T1,$T1,$t2
         mov     $h,$a,ror#$Sigma0[0]
+        add     $T1,$T1,$t1
         eor     $h,$h,$a,ror#$Sigma0[1]
+        add     $T1,$T1,$t2
         eor     $h,$h,$a,ror#$Sigma0[2]         @ Sigma0(a)
         orr     $t0,$a,$b
-        and     $t0,$t0,$c
         and     $t1,$a,$b
+        and     $t0,$t0,$c
+        add     $h,$h,$T1
         orr     $t0,$t0,$t1                     @ Maj(a,b,c)
-        add     $h,$h,$t0
         add     $d,$d,$T1
-        add     $h,$h,$T1
+        add     $h,$h,$t0
 ___
 }
 
@@ -80,19 +85,19 @@ sub BODY_16_XX {
 my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
 
 $code.=<<___;
-        ldr     $t1,[sp,#`($i+1)%16`*4] @ $i
+        ldr     $t1,[sp,#`($i+1)%16`*4]         @ $i
         ldr     $t2,[sp,#`($i+14)%16`*4]
         ldr     $T1,[sp,#`($i+0)%16`*4]
-        ldr     $inp,[sp,#`($i+9)%16`*4]
         mov     $t0,$t1,ror#$sigma0[0]
+        ldr     $inp,[sp,#`($i+9)%16`*4]
         eor     $t0,$t0,$t1,ror#$sigma0[1]
         eor     $t0,$t0,$t1,lsr#$sigma0[2]      @ sigma0(X[i+1])
         mov     $t1,$t2,ror#$sigma1[0]
+        add     $T1,$T1,$t0
         eor     $t1,$t1,$t2,ror#$sigma1[1]
+        add     $T1,$T1,$inp
         eor     $t1,$t1,$t2,lsr#$sigma1[2]      @ sigma1(X[i+14])
-        add     $T1,$T1,$t0
         add     $T1,$T1,$t1
-        add     $T1,$T1,$inp
 ___
         &BODY_00_15(@_);
 }
diff --git a/src/lib/libssl/src/crypto/sha/asm/sha512-armv4.pl b/src/lib/libssl/src/crypto/sha/asm/sha512-armv4.pl
index 4fbb94a914..3a35861ac6 100644
--- a/src/lib/libssl/src/crypto/sha/asm/sha512-armv4.pl
+++ b/src/lib/libssl/src/crypto/sha/asm/sha512-armv4.pl
@@ -10,7 +10,13 @@
 # SHA512 block procedure for ARMv4. September 2007.
 
 # This code is ~4.5 (four and a half) times faster than code generated
-# by gcc 3.4 and it spends ~72 clock cycles per byte. 
+# by gcc 3.4 and it spends ~72 clock cycles per byte [on single-issue
+# Xscale PXA250 core].
+#
+# July 2010.
+#
+# Rescheduling for dual-issue pipeline resulted in 6% improvement on
+# Cortex A8 core and ~40 cycles per processed byte.
 
 # Byte order [in]dependence. =========================================
 #
@@ -22,7 +28,7 @@ $hi=0;
 $lo=4;
 # ====================================================================
 
-$output=shift;
+while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
 open STDOUT,">$output";
 
 $ctx="r0";
@@ -73,33 +79,31 @@ $code.=<<___;
         eor     $t0,$t0,$Elo,lsl#23
         eor     $t1,$t1,$Ehi,lsl#23     @ Sigma1(e)
         adds    $Tlo,$Tlo,$t0
-        adc     $Thi,$Thi,$t1           @ T += Sigma1(e)
-        adds    $Tlo,$Tlo,$t2
-        adc     $Thi,$Thi,$t3           @ T += h
-
         ldr     $t0,[sp,#$Foff+0]       @ f.lo
+        adc     $Thi,$Thi,$t1           @ T += Sigma1(e)
         ldr     $t1,[sp,#$Foff+4]       @ f.hi
+        adds    $Tlo,$Tlo,$t2
         ldr     $t2,[sp,#$Goff+0]       @ g.lo
+        adc     $Thi,$Thi,$t3           @ T += h
         ldr     $t3,[sp,#$Goff+4]       @ g.hi
-        str     $Elo,[sp,#$Eoff+0]
-        str     $Ehi,[sp,#$Eoff+4]
-        str     $Alo,[sp,#$Aoff+0]
-        str     $Ahi,[sp,#$Aoff+4]
 
         eor     $t0,$t0,$t2
+        str     $Elo,[sp,#$Eoff+0]
         eor     $t1,$t1,$t3
+        str     $Ehi,[sp,#$Eoff+4]
         and     $t0,$t0,$Elo
+        str     $Alo,[sp,#$Aoff+0]
         and     $t1,$t1,$Ehi
+        str     $Ahi,[sp,#$Aoff+4]
         eor     $t0,$t0,$t2
-        eor     $t1,$t1,$t3             @ Ch(e,f,g)
-
         ldr     $t2,[$Ktbl,#4]          @ K[i].lo
+        eor     $t1,$t1,$t3             @ Ch(e,f,g)
         ldr     $t3,[$Ktbl,#0]          @ K[i].hi
-        ldr     $Elo,[sp,#$Doff+0]      @ d.lo
-        ldr     $Ehi,[sp,#$Doff+4]      @ d.hi
 
         adds    $Tlo,$Tlo,$t0
+        ldr     $Elo,[sp,#$Doff+0]      @ d.lo
         adc     $Thi,$Thi,$t1           @ T += Ch(e,f,g)
+        ldr     $Ehi,[sp,#$Doff+4]      @ d.hi
         adds    $Tlo,$Tlo,$t2
         adc     $Thi,$Thi,$t3           @ T += K[i]
         adds    $Elo,$Elo,$Tlo
diff --git a/src/lib/libssl/src/crypto/sha/asm/sha512-sparcv9.pl b/src/lib/libssl/src/crypto/sha/asm/sha512-sparcv9.pl
index 54241aab50..ec5d78135e 100644
--- a/src/lib/libssl/src/crypto/sha/asm/sha512-sparcv9.pl
+++ b/src/lib/libssl/src/crypto/sha/asm/sha512-sparcv9.pl
@@ -586,6 +586,7 @@ $code.=<<___;
 .type   sha${label}_block_data_order,#function
 .size   sha${label}_block_data_order,(.-sha${label}_block_data_order)
 .asciz  "SHA${label} block transform for SPARCv9, CRYPTOGAMS by <appro\@openssl.org>"
+.align  4
 ___
 
 $code =~ s/\`([^\`]*)\`/eval $1/gem;
diff --git a/src/lib/libssl/src/crypto/sparccpuid.S b/src/lib/libssl/src/crypto/sparccpuid.S
index aa8b11efc9..ae61f7f5ce 100644
--- a/src/lib/libssl/src/crypto/sparccpuid.S
+++ b/src/lib/libssl/src/crypto/sparccpuid.S
@@ -225,13 +225,95 @@ _sparcv9_rdtick:
         xor     %o0,%o0,%o0
         .word   0x91410000      !rd     %tick,%o0
         retl
-        .word   0x93323020      !srlx   %o2,32,%o1
+        .word   0x93323020      !srlx   %o0,32,%o1
 .notick:
         retl
         xor     %o1,%o1,%o1
 .type   _sparcv9_rdtick,#function
 .size   _sparcv9_rdtick,.-_sparcv9_rdtick
 
+.global _sparcv9_vis1_probe
+.align  8
+_sparcv9_vis1_probe:
+        .word   0x81b00d80      !fxor   %f0,%f0,%f0
+        add     %sp,BIAS+2,%o1
+        retl
+        .word   0xc19a5a40      !ldda   [%o1]ASI_FP16_P,%f0
+.type   _sparcv9_vis1_probe,#function
+.size   _sparcv9_vis1_probe,.-_sparcv9_vis1_probe
+
+! Probe and instrument VIS1 instruction. Output is number of cycles it
+! takes to execute rdtick and pair of VIS1 instructions. US-Tx VIS unit
+! is slow (documented to be 6 cycles on T2) and the core is in-order
+! single-issue, it should be possible to distinguish Tx reliably...
+! Observed return values are:
+!
+!       UltraSPARC IIe          7
+!       UltraSPARC III          7
+!       UltraSPARC T1           24
+!
+! Numbers for T2 and SPARC64 V-VII are more than welcomed.
+!
+! It would be possible to detect specifically US-T1 by instrumenting
+! fmul8ulx16, which is emulated on T1 and as such accounts for quite
+! a lot of %tick-s, couple of thousand on Linux...
+.global _sparcv9_vis1_instrument
+.align  8
+_sparcv9_vis1_instrument:
+        .word   0x91410000      !rd     %tick,%o0
+        .word   0x81b00d80      !fxor   %f0,%f0,%f0
+        .word   0x85b08d82      !fxor   %f2,%f2,%f2
+        .word   0x93410000      !rd     %tick,%o1
+        .word   0x81b00d80      !fxor   %f0,%f0,%f0
+        .word   0x85b08d82      !fxor   %f2,%f2,%f2
+        .word   0x95410000      !rd     %tick,%o2
+        .word   0x81b00d80      !fxor   %f0,%f0,%f0
+        .word   0x85b08d82      !fxor   %f2,%f2,%f2
+        .word   0x97410000      !rd     %tick,%o3
+        .word   0x81b00d80      !fxor   %f0,%f0,%f0
+        .word   0x85b08d82      !fxor   %f2,%f2,%f2
+        .word   0x99410000      !rd     %tick,%o4
+
+        ! calculate intervals
+        sub     %o1,%o0,%o0
+        sub     %o2,%o1,%o1
+        sub     %o3,%o2,%o2
+        sub     %o4,%o3,%o3
+
+        ! find minumum value
+        cmp     %o0,%o1
+        .word   0x38680002      !bgu,a  %xcc,.+8
+        mov     %o1,%o0
+        cmp     %o0,%o2
+        .word   0x38680002      !bgu,a  %xcc,.+8
+        mov     %o2,%o0
+        cmp     %o0,%o3
+        .word   0x38680002      !bgu,a  %xcc,.+8
+        mov     %o3,%o0
+
+        retl
+        nop
+.type   _sparcv9_vis1_instrument,#function
+.size   _sparcv9_vis1_instrument,.-_sparcv9_vis1_instrument
+
+.global _sparcv9_vis2_probe
+.align  8
+_sparcv9_vis2_probe:
+        retl
+        .word   0x81b00980      !bshuffle       %f0,%f0,%f0
+.type   _sparcv9_vis2_probe,#function
+.size   _sparcv9_vis2_probe,.-_sparcv9_vis2_probe
+
+.global _sparcv9_fmadd_probe
+.align  8
+_sparcv9_fmadd_probe:
+        .word   0x81b00d80      !fxor   %f0,%f0,%f0
+        .word   0x85b08d82      !fxor   %f2,%f2,%f2
+        retl
+        .word   0x81b80440      !fmaddd %f0,%f0,%f2,%f0
+.type   _sparcv9_fmadd_probe,#function
+.size   _sparcv9_fmadd_probe,.-_sparcv9_fmadd_probe
+
 .global OPENSSL_cleanse
 .align  32
 OPENSSL_cleanse:
diff --git a/src/lib/libssl/src/crypto/sparcv9cap.c b/src/lib/libssl/src/crypto/sparcv9cap.c
index 5f31d20bd0..ed195ab402 100644
--- a/src/lib/libssl/src/crypto/sparcv9cap.c
+++ b/src/lib/libssl/src/crypto/sparcv9cap.c
@@ -1,6 +1,8 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <setjmp.h>
+#include <signal.h>
 #include <sys/time.h>
 #include <openssl/bn.h>
 
@@ -9,6 +11,7 @@
 #define SPARCV9_VIS1            (1<<2)
 #define SPARCV9_VIS2            (1<<3)  /* reserved */
 #define SPARCV9_FMADD           (1<<4)  /* reserved for SPARC64 V */
+
 static int OPENSSL_sparcv9cap_P=SPARCV9_TICK_PRIVILEGED;
 
 int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num)
@@ -23,10 +26,14 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_U
                 return bn_mul_mont_int(rp,ap,bp,np,n0,num);
         }
 
+unsigned long   _sparcv9_rdtick(void);
+void            _sparcv9_vis1_probe(void);
+unsigned long   _sparcv9_vis1_instrument(void);
+void            _sparcv9_vis2_probe(void);
+void            _sparcv9_fmadd_probe(void);
+
 unsigned long OPENSSL_rdtsc(void)
         {
-        unsigned long _sparcv9_rdtick(void);
-
         if (OPENSSL_sparcv9cap_P&SPARCV9_TICK_PRIVILEGED)
 #if defined(__sun) && defined(__SVR4)
                 return gethrtime();
@@ -37,8 +44,11 @@ unsigned long OPENSSL_rdtsc(void)
                 return _sparcv9_rdtick();
         }
 
-#if defined(__sun) && defined(__SVR4)
-
+#if 0 && defined(__sun) && defined(__SVR4)
+/* This code path is disabled, because of incompatibility of
+ * libdevinfo.so.1 and libmalloc.so.1 (see below for details)
+ */
+#include <malloc.h>
 #include <dlfcn.h>
 #include <libdevinfo.h>
 #include <sys/systeminfo.h>
@@ -110,7 +120,21 @@ void OPENSSL_cpuid_setup(void)
                         return;
                         }
                 }
-
+#ifdef M_KEEP
+        /*
+         * Solaris libdevinfo.so.1 is effectively incomatible with
+         * libmalloc.so.1. Specifically, if application is linked with
+         * -lmalloc, it crashes upon startup with SIGSEGV in
+         * free(3LIBMALLOC) called by di_fini. Prior call to
+         * mallopt(M_KEEP,0) somehow helps... But not always...
+         */
+        if ((h = dlopen(NULL,RTLD_LAZY)))
+                {
+                union { void *p; int (*f)(int,int); } sym;
+                if ((sym.p = dlsym(h,"mallopt"))) (*sym.f)(M_KEEP,0);
+                dlclose(h);
+                }
+#endif
         if ((h = dlopen("libdevinfo.so.1",RTLD_LAZY))) do
                 {
                 di_init_t       di_init;
@@ -137,9 +161,19 @@ void OPENSSL_cpuid_setup(void)
 
 #else
 
+static sigjmp_buf common_jmp;
+static void common_handler(int sig) { siglongjmp(common_jmp,sig); }
+
 void OPENSSL_cpuid_setup(void)
         {
         char *e;
+        struct sigaction        common_act,ill_oact,bus_oact;
+        sigset_t                all_masked,oset;
+        int                     sig;
+        static int trigger=0;
+
+        if (trigger) return;
+        trigger=1;
  
         if ((e=getenv("OPENSSL_sparcv9cap")))
                 {
@@ -147,8 +181,57 @@ void OPENSSL_cpuid_setup(void)
                 return;
                 }
 
-        /* For now we assume that the rest supports UltraSPARC-I* only */
-        OPENSSL_sparcv9cap_P |= SPARCV9_PREFER_FPU|SPARCV9_VIS1;
+        /* Initial value, fits UltraSPARC-I&II... */
+        OPENSSL_sparcv9cap_P = SPARCV9_PREFER_FPU|SPARCV9_TICK_PRIVILEGED;
+
+        sigfillset(&all_masked);
+        sigdelset(&all_masked,SIGILL);
+        sigdelset(&all_masked,SIGTRAP);
+#ifdef SIGEMT
+        sigdelset(&all_masked,SIGEMT);
+#endif
+        sigdelset(&all_masked,SIGFPE);
+        sigdelset(&all_masked,SIGBUS);
+        sigdelset(&all_masked,SIGSEGV);
+        sigprocmask(SIG_SETMASK,&all_masked,&oset);
+
+        memset(&common_act,0,sizeof(common_act));
+        common_act.sa_handler = common_handler;
+        common_act.sa_mask    = all_masked;
+
+        sigaction(SIGILL,&common_act,&ill_oact);
+        sigaction(SIGBUS,&common_act,&bus_oact);/* T1 fails 16-bit ldda [on Linux] */
+
+        if (sigsetjmp(common_jmp,1) == 0)
+                {
+                _sparcv9_rdtick();
+                OPENSSL_sparcv9cap_P &= ~SPARCV9_TICK_PRIVILEGED;
+                }
+
+        if (sigsetjmp(common_jmp,1) == 0)
+                {
+                _sparcv9_vis1_probe();
+                OPENSSL_sparcv9cap_P |= SPARCV9_VIS1;
+                /* detect UltraSPARC-Tx, see sparccpud.S for details... */
+                if (_sparcv9_vis1_instrument() >= 12)
+                        OPENSSL_sparcv9cap_P &= ~(SPARCV9_VIS1|SPARCV9_PREFER_FPU);
+                else
+                        {
+                        _sparcv9_vis2_probe();
+                        OPENSSL_sparcv9cap_P |= SPARCV9_VIS2;
+                        }
+                }
+
+        if (sigsetjmp(common_jmp,1) == 0)
+                {
+                _sparcv9_fmadd_probe();
+                OPENSSL_sparcv9cap_P |= SPARCV9_FMADD;
+                }
+
+        sigaction(SIGBUS,&bus_oact,NULL);
+        sigaction(SIGILL,&ill_oact,NULL);
+
+        sigprocmask(SIG_SETMASK,&oset,NULL);
         }
 
 #endif
diff --git a/src/lib/libssl/src/crypto/ts/ts_verify_ctx.c b/src/lib/libssl/src/crypto/ts/ts_verify_ctx.c
index b079b50fc3..609b7735d4 100644
--- a/src/lib/libssl/src/crypto/ts/ts_verify_ctx.c
+++ b/src/lib/libssl/src/crypto/ts/ts_verify_ctx.c
@@ -56,7 +56,6 @@
  *
  */
 
-#include <assert.h>
 #include "cryptlib.h"
 #include <openssl/objects.h>
 #include <openssl/ts.h>
@@ -74,7 +73,7 @@ TS_VERIFY_CTX *TS_VERIFY_CTX_new(void)
 
 void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx)
         {
-        assert(ctx != NULL);
+        OPENSSL_assert(ctx != NULL);
         memset(ctx, 0, sizeof(TS_VERIFY_CTX));
         }
 
@@ -116,7 +115,7 @@ TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx)
         ASN1_OCTET_STRING *msg;
         const ASN1_INTEGER *nonce;
 
-        assert(req != NULL);
+        OPENSSL_assert(req != NULL);
         if (ret)
                 TS_VERIFY_CTX_cleanup(ret);
         else
diff --git a/src/lib/libssl/src/crypto/vms_rms.h b/src/lib/libssl/src/crypto/vms_rms.h
new file mode 100755
index 0000000000..00a00d993f
--- /dev/null
+++ b/src/lib/libssl/src/crypto/vms_rms.h
@@ -0,0 +1,51 @@
+
+#ifdef NAML$C_MAXRSS
+
+# define CC_RMS_NAMX cc$rms_naml
+# define FAB_NAMX fab$l_naml
+# define FAB_OR_NAML( fab, naml) naml
+# define FAB_OR_NAML_DNA naml$l_long_defname
+# define FAB_OR_NAML_DNS naml$l_long_defname_size
+# define FAB_OR_NAML_FNA naml$l_long_filename
+# define FAB_OR_NAML_FNS naml$l_long_filename_size
+# define NAMX_ESA naml$l_long_expand
+# define NAMX_ESL naml$l_long_expand_size
+# define NAMX_ESS naml$l_long_expand_alloc
+# define NAMX_NOP naml$b_nop
+# define SET_NAMX_NO_SHORT_UPCASE( nam) nam.naml$v_no_short_upcase = 1
+
+# if __INITIAL_POINTER_SIZE == 64
+#  define NAMX_DNA_FNA_SET(fab) fab.fab$l_dna = (__char_ptr32) -1; \
+   fab.fab$l_fna = (__char_ptr32) -1;
+# else /* __INITIAL_POINTER_SIZE == 64 */
+#  define NAMX_DNA_FNA_SET(fab) fab.fab$l_dna = (char *) -1; \
+   fab.fab$l_fna = (char *) -1;
+# endif /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+# define NAMX_MAXRSS NAML$C_MAXRSS
+# define NAMX_STRUCT NAML
+
+#else /* def NAML$C_MAXRSS */
+
+# define CC_RMS_NAMX cc$rms_nam
+# define FAB_NAMX fab$l_nam
+# define FAB_OR_NAML( fab, naml) fab
+# define FAB_OR_NAML_DNA fab$l_dna
+# define FAB_OR_NAML_DNS fab$b_dns
+# define FAB_OR_NAML_FNA fab$l_fna
+# define FAB_OR_NAML_FNS fab$b_fns
+# define NAMX_ESA nam$l_esa
+# define NAMX_ESL nam$b_esl
+# define NAMX_ESS nam$b_ess
+# define NAMX_NOP nam$b_nop
+# define NAMX_DNA_FNA_SET(fab)
+# define NAMX_MAXRSS NAM$C_MAXRSS
+# define NAMX_STRUCT NAM
+# ifdef NAM$M_NO_SHORT_UPCASE
+#  define SET_NAMX_NO_SHORT_UPCASE( nam) naml.naml$v_no_short_upcase = 1
+# else /* def NAM$M_NO_SHORT_UPCASE */
+#  define SET_NAMX_NO_SHORT_UPCASE( nam)
+# endif /* def NAM$M_NO_SHORT_UPCASE [else] */
+
+#endif /* def NAML$C_MAXRSS [else] */
+
diff --git a/src/lib/libssl/src/crypto/x509v3/pcy_tree.c b/src/lib/libssl/src/crypto/x509v3/pcy_tree.c
index 92f6b24556..bb9777348f 100644
--- a/src/lib/libssl/src/crypto/x509v3/pcy_tree.c
+++ b/src/lib/libssl/src/crypto/x509v3/pcy_tree.c
@@ -341,9 +341,8 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr,
                                 const X509_POLICY_CACHE *cache)
         {
         int i;
-        X509_POLICY_LEVEL *last;
         X509_POLICY_DATA *data;
-        last = curr - 1;
+
         for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++)
                 {
                 data = sk_X509_POLICY_DATA_value(cache->data, i);
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_addr.c b/src/lib/libssl/src/crypto/x509v3/v3_addr.c
index 9087d66e0a..0d70e8696d 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_addr.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_addr.c
@@ -177,12 +177,18 @@ static int i2r_address(BIO *out,
   unsigned char addr[ADDR_RAW_BUF_LEN];
   int i, n;
 
+  if (bs->length < 0)
+    return 0;
   switch (afi) {
   case IANA_AFI_IPV4:
+    if (bs->length > 4)
+      return 0;
     addr_expand(addr, bs, 4, fill);
     BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]);
     break;
   case IANA_AFI_IPV6:
+    if (bs->length > 16)
+      return 0;
     addr_expand(addr, bs, 16, fill);
     for (n = 16; n > 1 && addr[n-1] == 0x00 && addr[n-2] == 0x00; n -= 2)
       ;
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_asid.c b/src/lib/libssl/src/crypto/x509v3/v3_asid.c
index 56702f86b9..3f434c0603 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_asid.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_asid.c
@@ -61,7 +61,6 @@
 
 #include <stdio.h>
 #include <string.h>
-#include <assert.h>
 #include "cryptlib.h"
 #include <openssl/conf.h>
 #include <openssl/asn1.h>
@@ -172,11 +171,11 @@ static int ASIdOrRange_cmp(const ASIdOrRange * const *a_,
 {
   const ASIdOrRange *a = *a_, *b = *b_;
 
-  assert((a->type == ASIdOrRange_id && a->u.id != NULL) ||
+  OPENSSL_assert((a->type == ASIdOrRange_id && a->u.id != NULL) ||
          (a->type == ASIdOrRange_range && a->u.range != NULL &&
           a->u.range->min != NULL && a->u.range->max != NULL));
 
-  assert((b->type == ASIdOrRange_id && b->u.id != NULL) ||
+  OPENSSL_assert((b->type == ASIdOrRange_id && b->u.id != NULL) ||
          (b->type == ASIdOrRange_range && b->u.range != NULL &&
           b->u.range->min != NULL && b->u.range->max != NULL));
 
@@ -215,7 +214,7 @@ int v3_asid_add_inherit(ASIdentifiers *asid, int which)
   if (*choice == NULL) {
     if ((*choice = ASIdentifierChoice_new()) == NULL)
       return 0;
-    assert((*choice)->u.inherit == NULL);
+    OPENSSL_assert((*choice)->u.inherit == NULL);
     if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL)
       return 0;
     (*choice)->type = ASIdentifierChoice_inherit;
@@ -250,7 +249,7 @@ int v3_asid_add_id_or_range(ASIdentifiers *asid,
   if (*choice == NULL) {
     if ((*choice = ASIdentifierChoice_new()) == NULL)
       return 0;
-    assert((*choice)->u.asIdsOrRanges == NULL);
+    OPENSSL_assert((*choice)->u.asIdsOrRanges == NULL);
     (*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp);
     if ((*choice)->u.asIdsOrRanges == NULL)
       return 0;
@@ -286,7 +285,7 @@ static void extract_min_max(ASIdOrRange *aor,
                             ASN1_INTEGER **min,
                             ASN1_INTEGER **max)
 {
-  assert(aor != NULL && min != NULL && max != NULL);
+  OPENSSL_assert(aor != NULL && min != NULL && max != NULL);
   switch (aor->type) {
   case ASIdOrRange_id:
     *min = aor->u.id;
@@ -373,7 +372,7 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
 int v3_asid_is_canonical(ASIdentifiers *asid)
 {
   return (asid == NULL ||
-          (ASIdentifierChoice_is_canonical(asid->asnum) ||
+          (ASIdentifierChoice_is_canonical(asid->asnum) &&
            ASIdentifierChoice_is_canonical(asid->rdi)));
 }
 
@@ -395,7 +394,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
   /*
    * We have a list.  Sort it.
    */
-  assert(choice->type == ASIdentifierChoice_asIdsOrRanges);
+  OPENSSL_assert(choice->type == ASIdentifierChoice_asIdsOrRanges);
   sk_ASIdOrRange_sort(choice->u.asIdsOrRanges);
 
   /*
@@ -413,7 +412,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
     /*
      * Make sure we're properly sorted (paranoia).
      */
-    assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0);
+    OPENSSL_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0);
 
     /*
      * Check for overlaps.
@@ -472,7 +471,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
     }
   }
 
-  assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */
+  OPENSSL_assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */
 
   ret = 1;
 
@@ -709,9 +708,9 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
   int i, ret = 1, inherit_as = 0, inherit_rdi = 0;
   X509 *x;
 
-  assert(chain != NULL && sk_X509_num(chain) > 0);
-  assert(ctx != NULL || ext != NULL);
-  assert(ctx == NULL || ctx->verify_cb != NULL);
+  OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0);
+  OPENSSL_assert(ctx != NULL || ext != NULL);
+  OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL);
 
   /*
    * Figure out where to start.  If we don't have an extension to
@@ -724,7 +723,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
   } else {
     i = 0;
     x = sk_X509_value(chain, i);
-    assert(x != NULL);
+    OPENSSL_assert(x != NULL);
     if ((ext = x->rfc3779_asid) == NULL)
       goto done;
   }
@@ -757,7 +756,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
    */
   for (i++; i < sk_X509_num(chain); i++) {
     x = sk_X509_value(chain, i);
-    assert(x != NULL);
+    OPENSSL_assert(x != NULL);
     if (x->rfc3779_asid == NULL) {
       if (child_as != NULL || child_rdi != NULL)
         validation_err(X509_V_ERR_UNNESTED_RESOURCE);
@@ -800,7 +799,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
   /*
    * Trust anchor can't inherit.
    */
-  assert(x != NULL);
+  OPENSSL_assert(x != NULL);
   if (x->rfc3779_asid != NULL) {
     if (x->rfc3779_asid->asnum != NULL &&
         x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit)
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_ncons.c b/src/lib/libssl/src/crypto/x509v3/v3_ncons.c
index 689df46acd..a01dc64dd2 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_ncons.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_ncons.c
@@ -189,7 +189,6 @@ static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method,
                         print_nc_ipadd(bp, tree->base->d.ip);
                 else
                         GENERAL_NAME_print(bp, tree->base);
-                tree = sk_GENERAL_SUBTREE_value(trees, i);
                 BIO_puts(bp, "\n");
                 }
         return 1;
diff --git a/src/lib/libssl/src/doc/crypto/EVP_PKEY_verify.pod b/src/lib/libssl/src/doc/crypto/EVP_PKEY_verify.pod
index 10633da3f2..f93e5fc6c3 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_PKEY_verify.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_PKEY_verify.pod
@@ -69,7 +69,7 @@ Verify signature using PKCS#1 and SHA256 digest:
         /* Error */
 
  /* Perform operation */
- ret = EVP_PKEY_verify(ctx, md, mdlen, sig, siglen);
+ ret = EVP_PKEY_verify(ctx, sig, siglen, md, mdlen);
 
  /* ret == 1 indicates success, 0 verify failure and < 0 for some
   * other error.
diff --git a/src/lib/libssl/src/engines/Makefile b/src/lib/libssl/src/engines/Makefile
index e0242059b7..2fa9534401 100644
--- a/src/lib/libssl/src/engines/Makefile
+++ b/src/lib/libssl/src/engines/Makefile
@@ -114,7 +114,7 @@ install:
                           if [ "$(PLATFORM)" != "Cygwin" ]; then \
                                 case "$(CFLAGS)" in \
                                 *DSO_BEOS*)     sfx=".so";;     \
-                                *DSO_DLFCN*)    sfx=".so";;     \
+                                *DSO_DLFCN*)    sfx=`expr "$(SHLIB_EXT)" : '.*\(\.[a-z][a-z]*\)' \| ".so"`;;    \
                                 *DSO_DL*)       sfx=".sl";;     \
                                 *DSO_WIN32*)    sfx="eay32.dll"; pfx=;; \
                                 *)              sfx=".bad";;    \
diff --git a/src/lib/libssl/src/engines/ccgost/Makefile b/src/lib/libssl/src/engines/ccgost/Makefile
index 64be962f39..dadb5230ec 100644
--- a/src/lib/libssl/src/engines/ccgost/Makefile
+++ b/src/lib/libssl/src/engines/ccgost/Makefile
@@ -48,7 +48,7 @@ install:
                 if [ "$(PLATFORM)" != "Cygwin" ]; then \
                         case "$(CFLAGS)" in \
                         *DSO_BEOS*) sfx=".so";; \
-                        *DSO_DLFCN*) sfx=".so";; \
+                        *DSO_DLFCN*) sfx=`expr "$(SHLIB_EXT)" : '.*\(\.[a-z][a-z]*\)' \| ".so"`;; \
                         *DSO_DL*) sfx=".sl";; \
                         *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
                         *) sfx=".bad";; \
diff --git a/src/lib/libssl/src/engines/ccgost/gost_ameth.c b/src/lib/libssl/src/engines/ccgost/gost_ameth.c
index f620a216c8..e6c2839e5f 100644
--- a/src/lib/libssl/src/engines/ccgost/gost_ameth.c
+++ b/src/lib/libssl/src/engines/ccgost/gost_ameth.c
@@ -39,7 +39,7 @@ static ASN1_STRING  *encode_gost_algor_params(const EVP_PKEY *key)
         ASN1_STRING *params = ASN1_STRING_new();
         GOST_KEY_PARAMS *gkp = GOST_KEY_PARAMS_new();
         int pkey_param_nid = NID_undef;
-        int cipher_param_nid = NID_undef;
+
         if (!params || !gkp) 
                 {
                 GOSTerr(GOST_F_ENCODE_GOST_ALGOR_PARAMS,
@@ -52,7 +52,6 @@ static ASN1_STRING  *encode_gost_algor_params(const EVP_PKEY *key)
                 {
                 case NID_id_GostR3410_2001:
                         pkey_param_nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(EVP_PKEY_get0((EVP_PKEY *)key)));
-                        cipher_param_nid = get_encryption_params(NULL)->nid;
                         break;
                 case NID_id_GostR3410_94:
                         pkey_param_nid = (int) gost94_nid_by_params(EVP_PKEY_get0((EVP_PKEY *)key));
@@ -64,7 +63,6 @@ static ASN1_STRING  *encode_gost_algor_params(const EVP_PKEY *key)
                                 params=NULL;
                                 goto err;
                                 }       
-                        cipher_param_nid = get_encryption_params(NULL)->nid;
                         break;
                 }       
         gkp->key_params = OBJ_nid2obj(pkey_param_nid);
diff --git a/src/lib/libssl/src/engines/ccgost/gost_crypt.c b/src/lib/libssl/src/engines/ccgost/gost_crypt.c
index 4977d1dcf5..cde58c0e9b 100644
--- a/src/lib/libssl/src/engines/ccgost/gost_crypt.c
+++ b/src/lib/libssl/src/engines/ccgost/gost_crypt.c
@@ -495,7 +495,8 @@ int  gost89_get_asn1_parameters(EVP_CIPHER_CTX *ctx,ASN1_TYPE *params)
 int gost_imit_init_cpa(EVP_MD_CTX *ctx)
         {
         struct ossl_gost_imit_ctx *c = ctx->md_data;
-        memset(c->buffer,0,16);
+        memset(c->buffer,0,sizeof(c->buffer));
+        memset(c->partial_block,0,sizeof(c->partial_block));
         c->count = 0;
         c->bytes_left=0;
         c->key_meshing=1;
diff --git a/src/lib/libssl/src/engines/e_aep.c b/src/lib/libssl/src/engines/e_aep.c
index 742b4f9b18..d7f89e5156 100644
--- a/src/lib/libssl/src/engines/e_aep.c
+++ b/src/lib/libssl/src/engines/e_aep.c
@@ -68,6 +68,8 @@ typedef int pid_t;
 #if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB)
 #define getpid GetThreadID
 extern int GetThreadID(void);
+#elif defined(_WIN32) && !defined(__WATCOMC__)
+#define getpid _getpid
 #endif
 
 #include <openssl/crypto.h>
@@ -867,13 +869,7 @@ static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR phConnection)
 
         CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
 
-#ifdef NETWARE_CLIB
-        curr_pid = GetThreadID();
-#elif defined(_WIN32)
-        curr_pid = _getpid();
-#else
         curr_pid = getpid();
-#endif
 
         /*Check if this is the first time this is being called from the current
           process*/
diff --git a/src/lib/libssl/src/engines/e_capi.c b/src/lib/libssl/src/engines/e_capi.c
index e2a7cb58b0..24b620fc07 100644
--- a/src/lib/libssl/src/engines/e_capi.c
+++ b/src/lib/libssl/src/engines/e_capi.c
@@ -76,10 +76,16 @@
  * CertGetCertificateContextProperty. CERT_KEY_PROV_INFO_PROP_ID is
  * one of possible values you can pass to function in question. By
  * checking if it's defined we can see if wincrypt.h and accompanying
- * crypt32.lib are in shape. Yes, it's rather "weak" test and if
- * compilation fails, then re-configure with -DOPENSSL_NO_CAPIENG.
+ * crypt32.lib are in shape. The native MingW32 headers up to and
+ * including __W32API_VERSION 3.14 lack of struct DSSPUBKEY and the
+ * defines CERT_STORE_PROV_SYSTEM_A and CERT_STORE_READONLY_FLAG,
+ * so we check for these too and avoid compiling.
+ * Yes, it's rather "weak" test and if compilation fails,
+ * then re-configure with -DOPENSSL_NO_CAPIENG.
  */
-#ifdef CERT_KEY_PROV_INFO_PROP_ID
+#if defined(CERT_KEY_PROV_INFO_PROP_ID) && \
+    defined(CERT_STORE_PROV_SYSTEM_A) && \
+    defined(CERT_STORE_READONLY_FLAG)
 # define __COMPILE_CAPIENG
 #endif /* CERT_KEY_PROV_INFO_PROP_ID */
 #endif /* OPENSSL_NO_CAPIENG */
@@ -1808,6 +1814,8 @@ static int cert_select_dialog(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs)
 #include <openssl/engine.h>
 #ifndef OPENSSL_NO_DYNAMIC_ENGINE
 OPENSSL_EXPORT
+int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns);
+OPENSSL_EXPORT
 int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { return 0; }
 IMPLEMENT_DYNAMIC_CHECK_FN()
 #else
diff --git a/src/lib/libssl/src/engines/e_capi_err.h b/src/lib/libssl/src/engines/e_capi_err.h
index 4c749ec43d..efa7001038 100644
--- a/src/lib/libssl/src/engines/e_capi_err.h
+++ b/src/lib/libssl/src/engines/e_capi_err.h
@@ -55,6 +55,10 @@
 #ifndef HEADER_CAPI_ERR_H
 #define HEADER_CAPI_ERR_H
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
diff --git a/src/lib/libssl/src/engines/e_chil.c b/src/lib/libssl/src/engines/e_chil.c
index 9c2729c96d..fdc2100e3d 100644
--- a/src/lib/libssl/src/engines/e_chil.c
+++ b/src/lib/libssl/src/engines/e_chil.c
@@ -1077,11 +1077,11 @@ static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 static int hwcrhk_rsa_finish(RSA *rsa)
         {
         HWCryptoHook_RSAKeyHandle *hptr;
-        int ret;
+
         hptr = RSA_get_ex_data(rsa, hndidx_rsa);
         if (hptr)
                 {
-                ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL);
+                p_hwcrhk_RSAUnloadKey(*hptr, NULL);
                 OPENSSL_free(hptr);
                 RSA_set_ex_data(rsa, hndidx_rsa, NULL);
                 }
diff --git a/src/lib/libssl/src/engines/e_cswift.c b/src/lib/libssl/src/engines/e_cswift.c
index bc65179846..2e64ff3277 100644
--- a/src/lib/libssl/src/engines/e_cswift.c
+++ b/src/lib/libssl/src/engines/e_cswift.c
@@ -811,7 +811,6 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
         SW_PARAM sw_param;
         SW_STATUS sw_status;
         SW_LARGENUMBER arg, res;
-        unsigned char *ptr;
         BN_CTX *ctx;
         BIGNUM *dsa_p = NULL;
         BIGNUM *dsa_q = NULL;
@@ -899,7 +898,6 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
                 goto err;
                 }
         /* Convert the response */
-        ptr = (unsigned char *)result->d;
         if((to_return = DSA_SIG_new()) == NULL)
                 goto err;
         to_return->r = BN_bin2bn((unsigned char *)result->d, 20, NULL);
diff --git a/src/lib/libssl/src/engines/e_gmp.c b/src/lib/libssl/src/engines/e_gmp.c
index c1f5601b62..a3d47151ea 100644
--- a/src/lib/libssl/src/engines/e_gmp.c
+++ b/src/lib/libssl/src/engines/e_gmp.c
@@ -471,6 +471,8 @@ static int bind_fn(ENGINE *e, const char *id)
 IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
 #else
 OPENSSL_EXPORT
+int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns);
+OPENSSL_EXPORT
 int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { return 0; }
 #endif
 #endif /* !OPENSSL_NO_DYNAMIC_ENGINE */
diff --git a/src/lib/libssl/src/engines/e_padlock.c b/src/lib/libssl/src/engines/e_padlock.c
index 381a746058..7d09419804 100644
--- a/src/lib/libssl/src/engines/e_padlock.c
+++ b/src/lib/libssl/src/engines/e_padlock.c
@@ -108,6 +108,8 @@ static ENGINE *ENGINE_padlock (void);
 # endif
 #endif
 
+#ifdef OPENSSL_NO_DYNAMIC_ENGINE
+
 void ENGINE_load_padlock (void)
 {
 /* On non-x86 CPUs it just returns. */
@@ -120,6 +122,8 @@ void ENGINE_load_padlock (void)
 #endif
 }
 
+#endif
+
 #ifdef COMPILE_HW_PADLOCK
 /* We do these includes here to avoid header problems on platforms that
    do not have the VIA padlock anyway... */
@@ -1218,6 +1222,8 @@ static RAND_METHOD padlock_rand = {
 #else  /* !COMPILE_HW_PADLOCK */
 #ifndef OPENSSL_NO_DYNAMIC_ENGINE
 OPENSSL_EXPORT
+int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns);
+OPENSSL_EXPORT
 int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { return 0; }
 IMPLEMENT_DYNAMIC_CHECK_FN()
 #endif
diff --git a/src/lib/libssl/src/engines/e_ubsec.c b/src/lib/libssl/src/engines/e_ubsec.c
index 9b747b9aea..aa5709bd8c 100644
--- a/src/lib/libssl/src/engines/e_ubsec.c
+++ b/src/lib/libssl/src/engines/e_ubsec.c
@@ -630,10 +630,8 @@ static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                         const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx)
         {
         int     y_len,
-                m_len,
                 fd;
 
-        m_len = BN_num_bytes(p) + BN_num_bytes(q) + 1;
         y_len = BN_num_bits(p) + BN_num_bits(q);
 
         /* Check if hardware can't handle this argument. */
diff --git a/src/lib/libssl/src/ssl/d1_both.c b/src/lib/libssl/src/ssl/d1_both.c
index 4ce4064cc9..2180c6d4da 100644
--- a/src/lib/libssl/src/ssl/d1_both.c
+++ b/src/lib/libssl/src/ssl/d1_both.c
@@ -153,7 +153,7 @@
 #endif
 
 static unsigned char bitmask_start_values[] = {0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80};
-static unsigned char bitmask_end_values[]   = {0x00, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f};
+static unsigned char bitmask_end_values[]   = {0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f};
 
 /* XDTLS:  figure out the right values */
 static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28};
@@ -464,20 +464,9 @@ again:
 
         memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
 
-        s->d1->handshake_read_seq++;
-        /* we just read a handshake message from the other side:
-         * this means that we don't need to retransmit of the
-         * buffered messages.  
-         * XDTLS: may be able clear out this
-         * buffer a little sooner (i.e if an out-of-order
-         * handshake message/record is received at the record
-         * layer.  
-         * XDTLS: exception is that the server needs to
-         * know that change cipher spec and finished messages
-         * have been received by the client before clearing this
-         * buffer.  this can simply be done by waiting for the
-         * first data  segment, but is there a better way?  */
-        dtls1_clear_record_buffer(s);
+        /* Don't change sequence numbers while listening */
+        if (!s->d1->listen)
+                s->d1->handshake_read_seq++;
 
         s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
         return s->init_num;
@@ -813,9 +802,11 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
 
         /* 
          * if this is a future (or stale) message it gets buffered
-         * (or dropped)--no further processing at this time 
+         * (or dropped)--no further processing at this time
+         * While listening, we accept seq 1 (ClientHello with cookie)
+         * although we're still expecting seq 0 (ClientHello)
          */
-        if ( msg_hdr.seq != s->d1->handshake_read_seq)
+        if (msg_hdr.seq != s->d1->handshake_read_seq && !(s->d1->listen && msg_hdr.seq == 1))
                 return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
 
         len = msg_hdr.msg_len;
@@ -1322,7 +1313,8 @@ unsigned char *
 dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt,
                         unsigned long len, unsigned long frag_off, unsigned long frag_len)
         {
-        if ( frag_off == 0)
+        /* Don't change sequence numbers while listening */
+        if (frag_off == 0 && !s->d1->listen)
                 {
                 s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
                 s->d1->next_handshake_write_seq++;
diff --git a/src/lib/libssl/src/ssl/d1_clnt.c b/src/lib/libssl/src/ssl/d1_clnt.c
index 5bc9eb6603..089fa4c7f8 100644
--- a/src/lib/libssl/src/ssl/d1_clnt.c
+++ b/src/lib/libssl/src/ssl/d1_clnt.c
@@ -407,7 +407,8 @@ int dtls1_connect(SSL *s)
 
                 case SSL3_ST_CW_CHANGE_A:
                 case SSL3_ST_CW_CHANGE_B:
-                        dtls1_start_timer(s);
+                        if (!s->hit)
+                                dtls1_start_timer(s);
                         ret=dtls1_send_change_cipher_spec(s,
                                 SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
                         if (ret <= 0) goto end;
@@ -442,7 +443,8 @@ int dtls1_connect(SSL *s)
 
                 case SSL3_ST_CW_FINISHED_A:
                 case SSL3_ST_CW_FINISHED_B:
-                        dtls1_start_timer(s);
+                        if (!s->hit)
+                                dtls1_start_timer(s);
                         ret=dtls1_send_finished(s,
                                 SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,
                                 s->method->ssl3_enc->client_finished_label,
diff --git a/src/lib/libssl/src/ssl/d1_enc.c b/src/lib/libssl/src/ssl/d1_enc.c
index 8fa57347a9..becbab91c2 100644
--- a/src/lib/libssl/src/ssl/d1_enc.c
+++ b/src/lib/libssl/src/ssl/d1_enc.c
@@ -231,11 +231,7 @@ int dtls1_enc(SSL *s, int send)
                 if (!send)
                         {
                         if (l == 0 || l%bs != 0)
-                                {
-                                SSLerr(SSL_F_DTLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
-                                ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
-                                return 0;
-                                }
+                                return -1;
                         }
                 
                 EVP_Cipher(ds,rec->data,rec->input,l);
diff --git a/src/lib/libssl/src/ssl/d1_lib.c b/src/lib/libssl/src/ssl/d1_lib.c
index 96b220e87c..48e8b6ffbb 100644
--- a/src/lib/libssl/src/ssl/d1_lib.c
+++ b/src/lib/libssl/src/ssl/d1_lib.c
@@ -129,26 +129,33 @@ int dtls1_new(SSL *s)
         return(1);
         }
 
-void dtls1_free(SSL *s)
+static void dtls1_clear_queues(SSL *s)
         {
     pitem *item = NULL;
     hm_fragment *frag = NULL;
-
-        ssl3_free(s);
+        DTLS1_RECORD_DATA *rdata;
 
     while( (item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL)
         {
+                rdata = (DTLS1_RECORD_DATA *) item->data;
+                if (rdata->rbuf.buf)
+                        {
+                        OPENSSL_free(rdata->rbuf.buf);
+                        }
         OPENSSL_free(item->data);
         pitem_free(item);
         }
-    pqueue_free(s->d1->unprocessed_rcds.q);
 
     while( (item = pqueue_pop(s->d1->processed_rcds.q)) != NULL)
         {
+                rdata = (DTLS1_RECORD_DATA *) item->data;
+                if (rdata->rbuf.buf)
+                        {
+                        OPENSSL_free(rdata->rbuf.buf);
+                        }
         OPENSSL_free(item->data);
         pitem_free(item);
         }
-    pqueue_free(s->d1->processed_rcds.q);
 
     while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL)
         {
@@ -157,7 +164,6 @@ void dtls1_free(SSL *s)
         OPENSSL_free(frag);
         pitem_free(item);
         }
-    pqueue_free(s->d1->buffered_messages);
 
     while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL)
         {
@@ -166,7 +172,6 @@ void dtls1_free(SSL *s)
         OPENSSL_free(frag);
         pitem_free(item);
         }
-        pqueue_free(s->d1->sent_messages);
 
         while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL)
                 {
@@ -175,6 +180,18 @@ void dtls1_free(SSL *s)
                 OPENSSL_free(frag);
                 pitem_free(item);
                 }
+        }
+
+void dtls1_free(SSL *s)
+        {
+        ssl3_free(s);
+
+        dtls1_clear_queues(s);
+
+    pqueue_free(s->d1->unprocessed_rcds.q);
+    pqueue_free(s->d1->processed_rcds.q);
+    pqueue_free(s->d1->buffered_messages);
+        pqueue_free(s->d1->sent_messages);
         pqueue_free(s->d1->buffered_app_data.q);
 
         OPENSSL_free(s->d1);
@@ -182,6 +199,36 @@ void dtls1_free(SSL *s)
 
 void dtls1_clear(SSL *s)
         {
+    pqueue unprocessed_rcds;
+    pqueue processed_rcds;
+    pqueue buffered_messages;
+        pqueue sent_messages;
+        pqueue buffered_app_data;
+        
+        if (s->d1)
+                {
+                unprocessed_rcds = s->d1->unprocessed_rcds.q;
+                processed_rcds = s->d1->processed_rcds.q;
+                buffered_messages = s->d1->buffered_messages;
+                sent_messages = s->d1->sent_messages;
+                buffered_app_data = s->d1->buffered_app_data.q;
+
+                dtls1_clear_queues(s);
+
+                memset(s->d1, 0, sizeof(*(s->d1)));
+
+                if (s->server)
+                        {
+                        s->d1->cookie_len = sizeof(s->d1->cookie);
+                        }
+
+                s->d1->unprocessed_rcds.q = unprocessed_rcds;
+                s->d1->processed_rcds.q = processed_rcds;
+                s->d1->buffered_messages = buffered_messages;
+                s->d1->sent_messages = sent_messages;
+                s->d1->buffered_app_data.q = buffered_app_data;
+                }
+
         ssl3_clear(s);
         if (s->options & SSL_OP_CISCO_ANYCONNECT)
                 s->version=DTLS1_BAD_VER;
@@ -330,6 +377,8 @@ void dtls1_stop_timer(SSL *s)
         memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
         s->d1->timeout_duration = 1;
         BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
+        /* Clear retransmission buffer */
+        dtls1_clear_record_buffer(s);
         }
 
 int dtls1_handle_timeout(SSL *s)
@@ -349,7 +398,7 @@ int dtls1_handle_timeout(SSL *s)
                 {
                 /* fail the connection, enough alerts have been sent */
                 SSLerr(SSL_F_DTLS1_HANDLE_TIMEOUT,SSL_R_READ_TIMEOUT_EXPIRED);
-                return 0;
+                return -1;
                 }
 
         state->timeout.read_timeouts++;
diff --git a/src/lib/libssl/src/ssl/d1_pkt.c b/src/lib/libssl/src/ssl/d1_pkt.c
index a5439d544f..39aac73e10 100644
--- a/src/lib/libssl/src/ssl/d1_pkt.c
+++ b/src/lib/libssl/src/ssl/d1_pkt.c
@@ -296,9 +296,6 @@ dtls1_process_buffered_records(SSL *s)
     item = pqueue_peek(s->d1->unprocessed_rcds.q);
     if (item)
         {
-        DTLS1_RECORD_DATA *rdata;
-        rdata = (DTLS1_RECORD_DATA *)item->data;
-        
         /* Check if epoch is current. */
         if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch)
             return(1);  /* Nothing to do. */
@@ -412,11 +409,12 @@ dtls1_process_record(SSL *s)
         enc_err = s->method->ssl3_enc->enc(s,0);
         if (enc_err <= 0)
                 {
-                if (enc_err == 0)
-                        /* SSLerr() and ssl3_send_alert() have been called */
-                        goto err;
-
-                /* otherwise enc_err == -1 */
+                /* decryption failed, silently discard message */
+                if (enc_err < 0)
+                        {
+                        rr->length = 0;
+                        s->packet_length = 0;
+                        }
                 goto err;
                 }
 
@@ -528,14 +526,12 @@ int dtls1_get_record(SSL *s)
         int ssl_major,ssl_minor;
         int i,n;
         SSL3_RECORD *rr;
-        SSL_SESSION *sess;
         unsigned char *p = NULL;
         unsigned short version;
         DTLS1_BITMAP *bitmap;
         unsigned int is_next_epoch;
 
         rr= &(s->s3->rrec);
-        sess=s->session;
 
         /* The epoch may have changed.  If so, process all the
          * pending records.  This is a non-blocking operation. */
@@ -662,10 +658,12 @@ again:
 
         /* If this record is from the next epoch (either HM or ALERT),
          * and a handshake is currently in progress, buffer it since it
-         * cannot be processed at this time. */
+         * cannot be processed at this time. However, do not buffer
+         * anything while listening.
+         */
         if (is_next_epoch)
                 {
-                if (SSL_in_init(s) || s->in_handshake)
+                if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen)
                         {
                         dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
                         }
diff --git a/src/lib/libssl/src/ssl/d1_srvr.c b/src/lib/libssl/src/ssl/d1_srvr.c
index 301ceda7a5..a6a4c87ea6 100644
--- a/src/lib/libssl/src/ssl/d1_srvr.c
+++ b/src/lib/libssl/src/ssl/d1_srvr.c
@@ -150,6 +150,7 @@ int dtls1_accept(SSL *s)
         unsigned long alg_k;
         int ret= -1;
         int new_state,state,skip=0;
+        int listen;
 
         RAND_add(&Time,sizeof(Time),0);
         ERR_clear_error();
@@ -159,11 +160,15 @@ int dtls1_accept(SSL *s)
                 cb=s->info_callback;
         else if (s->ctx->info_callback != NULL)
                 cb=s->ctx->info_callback;
+        
+        listen = s->d1->listen;
 
         /* init things to blank */
         s->in_handshake++;
         if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
 
+        s->d1->listen = listen;
+
         if (s->cert == NULL)
                 {
                 SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
@@ -273,11 +278,23 @@ int dtls1_accept(SSL *s)
 
                         s->init_num=0;
 
+                        /* Reflect ClientHello sequence to remain stateless while listening */
+                        if (listen)
+                                {
+                                memcpy(s->s3->write_sequence, s->s3->read_sequence, sizeof(s->s3->write_sequence));
+                                }
+
                         /* If we're just listening, stop here */
-                        if (s->d1->listen && s->state == SSL3_ST_SW_SRVR_HELLO_A)
+                        if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A)
                                 {
                                 ret = 2;
                                 s->d1->listen = 0;
+                                /* Set expected sequence numbers
+                                 * to continue the handshake.
+                                 */
+                                s->d1->handshake_read_seq = 2;
+                                s->d1->handshake_write_seq = 1;
+                                s->d1->next_handshake_write_seq = 1;
                                 goto end;
                                 }
                         
@@ -286,7 +303,6 @@ int dtls1_accept(SSL *s)
                 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
                 case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
 
-                        dtls1_start_timer(s);
                         ret = dtls1_send_hello_verify_request(s);
                         if ( ret <= 0) goto end;
                         s->state=SSL3_ST_SW_FLUSH;
@@ -736,9 +752,6 @@ int dtls1_send_hello_verify_request(SSL *s)
                 /* number of bytes to write */
                 s->init_num=p-buf;
                 s->init_off=0;
-
-                /* buffer the message to handle re-xmits */
-                dtls1_buffer_message(s, 0);
                 }
 
         /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
@@ -1017,12 +1030,11 @@ int dtls1_send_server_key_exchange(SSL *s)
                                 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
                                 goto err;
                                 }
-                        if (!EC_KEY_up_ref(ecdhp))
+                        if ((ecdh = EC_KEY_dup(ecdhp)) == NULL)
                                 {
                                 SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
                                 goto err;
                                 }
-                        ecdh = ecdhp;
 
                         s->s3->tmp.ecdh=ecdh;
                         if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
diff --git a/src/lib/libssl/src/test/cms-test.pl b/src/lib/libssl/src/test/cms-test.pl
index 9c50dff3e9..c938bcf00d 100644
--- a/src/lib/libssl/src/test/cms-test.pl
+++ b/src/lib/libssl/src/test/cms-test.pl
@@ -54,9 +54,13 @@
 # OpenSSL PKCS#7 and CMS implementations.
 
 my $ossl_path;
-my $redir = " 2>cms.err 1>cms.out";
+my $redir = " 2> cms.err > cms.out";
+# Make VMS work
+if ( $^O eq "VMS" && -f "OSSLX:openssl.exe" ) {
+    $ossl_path = "pipe mcr OSSLX:openssl";
+}
 # Make MSYS work
-if ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) {
+elsif ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) {
     $ossl_path = "cmd /c ..\\apps\\openssl";
 }
 elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) {
@@ -84,79 +88,79 @@ my @smime_pkcs7_tests = (
 
     [
         "signed content DER format, RSA key",
-        "-sign -in smcont.txt -outform DER -nodetach"
+        "-sign -in smcont.txt -outform \"DER\" -nodetach"
           . " -certfile $smdir/smroot.pem"
           . " -signer $smdir/smrsa1.pem -out test.cms",
-        "-verify -in test.cms -inform DER "
-          . " -CAfile $smdir/smroot.pem -out smtst.txt"
+        "-verify -in test.cms -inform \"DER\" "
+          . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
     ],
 
     [
         "signed detached content DER format, RSA key",
-        "-sign -in smcont.txt -outform DER"
+        "-sign -in smcont.txt -outform \"DER\""
           . " -signer $smdir/smrsa1.pem -out test.cms",
-        "-verify -in test.cms -inform DER "
-          . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt"
+        "-verify -in test.cms -inform \"DER\" "
+          . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt"
     ],
 
     [
         "signed content test streaming BER format, RSA",
-        "-sign -in smcont.txt -outform DER -nodetach"
+        "-sign -in smcont.txt -outform \"DER\" -nodetach"
           . " -stream -signer $smdir/smrsa1.pem -out test.cms",
-        "-verify -in test.cms -inform DER "
-          . " -CAfile $smdir/smroot.pem -out smtst.txt"
+        "-verify -in test.cms -inform \"DER\" "
+          . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
     ],
 
     [
         "signed content DER format, DSA key",
-        "-sign -in smcont.txt -outform DER -nodetach"
+        "-sign -in smcont.txt -outform \"DER\" -nodetach"
           . " -signer $smdir/smdsa1.pem -out test.cms",
-        "-verify -in test.cms -inform DER "
-          . " -CAfile $smdir/smroot.pem -out smtst.txt"
+        "-verify -in test.cms -inform \"DER\" "
+          . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
     ],
 
     [
         "signed detached content DER format, DSA key",
-        "-sign -in smcont.txt -outform DER"
+        "-sign -in smcont.txt -outform \"DER\""
           . " -signer $smdir/smdsa1.pem -out test.cms",
-        "-verify -in test.cms -inform DER "
-          . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt"
+        "-verify -in test.cms -inform \"DER\" "
+          . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt"
     ],
 
     [
         "signed detached content DER format, add RSA signer",
-        "-resign -inform DER -in test.cms -outform DER"
+        "-resign -inform \"DER\" -in test.cms -outform \"DER\""
           . " -signer $smdir/smrsa1.pem -out test2.cms",
-        "-verify -in test2.cms -inform DER "
-          . " -CAfile $smdir/smroot.pem -out smtst.txt -content smcont.txt"
+        "-verify -in test2.cms -inform \"DER\" "
+          . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt"
     ],
 
     [
         "signed content test streaming BER format, DSA key",
-        "-sign -in smcont.txt -outform DER -nodetach"
+        "-sign -in smcont.txt -outform \"DER\" -nodetach"
           . " -stream -signer $smdir/smdsa1.pem -out test.cms",
-        "-verify -in test.cms -inform DER "
-          . " -CAfile $smdir/smroot.pem -out smtst.txt"
+        "-verify -in test.cms -inform \"DER\" "
+          . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
     ],
 
     [
         "signed content test streaming BER format, 2 DSA and 2 RSA keys",
-        "-sign -in smcont.txt -outform DER -nodetach"
+        "-sign -in smcont.txt -outform \"DER\" -nodetach"
           . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
           . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
           . " -stream -out test.cms",
-        "-verify -in test.cms -inform DER "
-          . " -CAfile $smdir/smroot.pem -out smtst.txt"
+        "-verify -in test.cms -inform \"DER\" "
+          . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
     ],
 
     [
 "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes",
-        "-sign -in smcont.txt -outform DER -noattr -nodetach"
+        "-sign -in smcont.txt -outform \"DER\" -noattr -nodetach"
           . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
           . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
           . " -stream -out test.cms",
-        "-verify -in test.cms -inform DER "
-          . " -CAfile $smdir/smroot.pem -out smtst.txt"
+        "-verify -in test.cms -inform \"DER\" "
+          . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
     ],
 
     [
@@ -165,7 +169,7 @@ my @smime_pkcs7_tests = (
           . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
           . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
           . " -stream -out test.cms",
-        "-verify -in test.cms " . " -CAfile $smdir/smroot.pem -out smtst.txt"
+        "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
     ],
 
     [
@@ -174,7 +178,7 @@ my @smime_pkcs7_tests = (
           . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
           . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
           . " -stream -out test.cms",
-        "-verify -in test.cms " . " -CAfile $smdir/smroot.pem -out smtst.txt"
+        "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
     ],
 
     [
@@ -215,12 +219,12 @@ my @smime_cms_tests = (
 
     [
         "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid",
-        "-sign -in smcont.txt -outform DER -nodetach -keyid"
+        "-sign -in smcont.txt -outform \"DER\" -nodetach -keyid"
           . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
           . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
           . " -stream -out test.cms",
-        "-verify -in test.cms -inform DER "
-          . " -CAfile $smdir/smroot.pem -out smtst.txt"
+        "-verify -in test.cms -inform \"DER\" "
+          . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
     ],
 
     [
@@ -230,7 +234,7 @@ my @smime_cms_tests = (
           . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
           . " -stream -out test.cms",
         "-verify -in test.cms -inform PEM "
-          . " -CAfile $smdir/smroot.pem -out smtst.txt"
+          . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
     ],
 
     [
@@ -239,7 +243,7 @@ my @smime_cms_tests = (
           . " -receipt_request_to test\@openssl.org -receipt_request_all"
           . " -out test.cms",
         "-verify -in test.cms "
-          . " -CAfile $smdir/smroot.pem -out smtst.txt"
+          . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
     ],
 
     [
@@ -248,7 +252,7 @@ my @smime_cms_tests = (
           . " -signer $smdir/smrsa2.pem"
           . " -out test2.cms",
         "-verify_receipt test2.cms -in test.cms"
-          . " -CAfile $smdir/smroot.pem"
+          . " \"-CAfile\" $smdir/smroot.pem"
     ],
 
     [
@@ -289,38 +293,38 @@ my @smime_cms_tests = (
 
     [
         "encrypted content test streaming PEM format, 128 bit RC2 key",
-        "-EncryptedData_encrypt -in smcont.txt -outform PEM"
+        "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
           . " -rc2 -secretkey 000102030405060708090A0B0C0D0E0F"
           . " -stream -out test.cms",
-        "-EncryptedData_decrypt -in test.cms -inform PEM "
+        "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
           . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt"
     ],
 
     [
         "encrypted content test streaming PEM format, 40 bit RC2 key",
-        "-EncryptedData_encrypt -in smcont.txt -outform PEM"
+        "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
           . " -rc2 -secretkey 0001020304"
           . " -stream -out test.cms",
-        "-EncryptedData_decrypt -in test.cms -inform PEM "
+        "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
           . " -secretkey 0001020304 -out smtst.txt"
     ],
 
     [
         "encrypted content test streaming PEM format, triple DES key",
-        "-EncryptedData_encrypt -in smcont.txt -outform PEM"
+        "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
           . " -des3 -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617"
           . " -stream -out test.cms",
-        "-EncryptedData_decrypt -in test.cms -inform PEM "
+        "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
           . " -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617"
           . " -out smtst.txt"
     ],
 
     [
         "encrypted content test streaming PEM format, 128 bit AES key",
-        "-EncryptedData_encrypt -in smcont.txt -outform PEM"
+        "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
           . " -aes128 -secretkey 000102030405060708090A0B0C0D0E0F"
           . " -stream -out test.cms",
-        "-EncryptedData_decrypt -in test.cms -inform PEM "
+        "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
           . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt"
     ],