105 files changed, 788 insertions, 3260 deletions

diff --git a/src/lib/libcrypto/aes/asm/aes-x86_64.pl b/src/lib/libcrypto/aes/asm/aes-x86_64.pl
index 48fa857d5b..34cbb5d844 100755
--- a/src/lib/libcrypto/aes/asm/aes-x86_64.pl
+++ b/src/lib/libcrypto/aes/asm/aes-x86_64.pl
@@ -36,7 +36,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 
-open STDOUT,"| $^X $xlate $flavour $output";
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
 
 $verticalspin=1;        # unlike 32-bit version $verticalspin performs
                         # ~15% better on both AMD and Intel cores
diff --git a/src/lib/libcrypto/aes/asm/aesni-x86_64.pl b/src/lib/libcrypto/aes/asm/aesni-x86_64.pl
index 499f3b3f42..0dbb194b8d 100644
--- a/src/lib/libcrypto/aes/asm/aesni-x86_64.pl
+++ b/src/lib/libcrypto/aes/asm/aesni-x86_64.pl
@@ -172,7 +172,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 
-open STDOUT,"| $^X $xlate $flavour $output";
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
 
 $movkey = $PREFIX eq "aesni" ? "movups" : "movups";
 @_4args=$win64? ("%rcx","%rdx","%r8", "%r9") :  # Win64 order
diff --git a/src/lib/libcrypto/asn1/a_int.c b/src/lib/libcrypto/asn1/a_int.c
index ad0d2506f6..297c45a9ff 100644
--- a/src/lib/libcrypto/asn1/a_int.c
+++ b/src/lib/libcrypto/asn1/a_int.c
@@ -116,7 +116,7 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
         int pad=0,ret,i,neg;
         unsigned char *p,*n,pb=0;
 
-        if ((a == NULL) || (a->data == NULL)) return(0);
+        if (a == NULL) return(0);
         neg=a->type & V_ASN1_NEG;
         if (a->length == 0)
                 ret=1;
diff --git a/src/lib/libcrypto/asn1/a_strex.c b/src/lib/libcrypto/asn1/a_strex.c
index 264ebf2393..ead37ac325 100644
--- a/src/lib/libcrypto/asn1/a_strex.c
+++ b/src/lib/libcrypto/asn1/a_strex.c
@@ -567,6 +567,7 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
         if(mbflag == -1) return -1;
         mbflag |= MBSTRING_FLAG;
         stmp.data = NULL;
+        stmp.length = 0;
         ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
         if(ret < 0) return ret;
         *out = stmp.data;
diff --git a/src/lib/libcrypto/asn1/asn1_err.c b/src/lib/libcrypto/asn1/asn1_err.c
index 1a30bf119b..aa60203ba8 100644
--- a/src/lib/libcrypto/asn1/asn1_err.c
+++ b/src/lib/libcrypto/asn1/asn1_err.c
@@ -305,7 +305,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE),"unknown public key type"},
 {ERR_REASON(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM),"unknown signature algorithm"},
 {ERR_REASON(ASN1_R_UNKNOWN_TAG)          ,"unknown tag"},
-{ERR_REASON(ASN1_R_UNKOWN_FORMAT)        ,"unkown format"},
+{ERR_REASON(ASN1_R_UNKOWN_FORMAT)        ,"unknown format"},
 {ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),"unsupported any defined by type"},
 {ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER)   ,"unsupported cipher"},
 {ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM),"unsupported encryption algorithm"},
diff --git a/src/lib/libcrypto/asn1/x_pubkey.c b/src/lib/libcrypto/asn1/x_pubkey.c
index 627ec87f9f..b649e1fcf9 100644
--- a/src/lib/libcrypto/asn1/x_pubkey.c
+++ b/src/lib/libcrypto/asn1/x_pubkey.c
@@ -175,12 +175,15 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
         CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
         if (key->pkey)
                 {
+                CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
                 EVP_PKEY_free(ret);
                 ret = key->pkey;
                 }
         else
+                {
                 key->pkey = ret;
-        CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
+                CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
+                }
         CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY);
 
         return ret;
diff --git a/src/lib/libcrypto/bio/bss_dgram.c b/src/lib/libcrypto/bio/bss_dgram.c
index 1b1e4bec81..54c012c47d 100644
--- a/src/lib/libcrypto/bio/bss_dgram.c
+++ b/src/lib/libcrypto/bio/bss_dgram.c
@@ -77,10 +77,20 @@
 #define OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE 0xc0
 #endif
 
-#ifdef OPENSSL_SYS_LINUX
+#if defined(OPENSSL_SYS_LINUX) && !defined(IP_MTU)
 #define IP_MTU      14 /* linux is lame */
 #endif
 
+#if defined(__FreeBSD__) && defined(IN6_IS_ADDR_V4MAPPED)
+/* Standard definition causes type-punning problems. */
+#undef IN6_IS_ADDR_V4MAPPED
+#define s6_addr32 __u6_addr.__u6_addr32
+#define IN6_IS_ADDR_V4MAPPED(a)               \
+        (((a)->s6_addr32[0] == 0) &&          \
+         ((a)->s6_addr32[1] == 0) &&          \
+         ((a)->s6_addr32[2] == htonl(0x0000ffff)))
+#endif
+
 #ifdef WATT32
 #define sock_write SockWrite  /* Watt-32 uses same names */
 #define sock_read  SockRead
@@ -255,7 +265,7 @@ static void dgram_adjust_rcv_timeout(BIO *b)
         {
 #if defined(SO_RCVTIMEO)
         bio_dgram_data *data = (bio_dgram_data *)b->ptr;
-        int sz = sizeof(int);
+        union { size_t s; int i; } sz = {0};
 
         /* Is a timer active? */
         if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0)
@@ -265,8 +275,10 @@ static void dgram_adjust_rcv_timeout(BIO *b)
                 /* Read current socket timeout */
 #ifdef OPENSSL_SYS_WINDOWS
                 int timeout;
+
+                sz.i = sizeof(timeout);
                 if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
-                                           (void*)&timeout, &sz) < 0)
+                                           (void*)&timeout, &sz.i) < 0)
                         { perror("getsockopt"); }
                 else
                         {
@@ -274,9 +286,12 @@ static void dgram_adjust_rcv_timeout(BIO *b)
                         data->socket_timeout.tv_usec = (timeout % 1000) * 1000;
                         }
 #else
+                sz.i = sizeof(data->socket_timeout);
                 if ( getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, 
                                                 &(data->socket_timeout), (void *)&sz) < 0)
                         { perror("getsockopt"); }
+                else if (sizeof(sz.s)!=sizeof(sz.i) && sz.i==0)
+                        OPENSSL_assert(sz.s<=sizeof(data->socket_timeout));
 #endif
 
                 /* Get current time */
@@ -445,11 +460,10 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
         int *ip;
         struct sockaddr *to = NULL;
         bio_dgram_data *data = NULL;
-#if defined(IP_MTU_DISCOVER) || defined(IP_MTU)
-        long sockopt_val = 0;
-        unsigned int sockopt_len = 0;
-#endif
-#ifdef OPENSSL_SYS_LINUX
+#if defined(OPENSSL_SYS_LINUX) && (defined(IP_MTU_DISCOVER) || defined(IP_MTU))
+        int sockopt_val = 0;
+        socklen_t sockopt_len;  /* assume that system supporting IP_MTU is
+                                 * modern enough to define socklen_t */
         socklen_t addr_len;
         union   {
                 struct sockaddr sa;
@@ -531,7 +545,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                 break;
                 /* (Linux)kernel sets DF bit on outgoing IP packets */
         case BIO_CTRL_DGRAM_MTU_DISCOVER:
-#ifdef OPENSSL_SYS_LINUX
+#if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO)
                 addr_len = (socklen_t)sizeof(addr);
                 memset((void *)&addr, 0, sizeof(addr));
                 if (getsockname(b->num, &addr.sa, &addr_len) < 0)
@@ -539,7 +553,6 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                         ret = 0;
                         break;
                         }
-                sockopt_len = sizeof(sockopt_val);
                 switch (addr.sa.sa_family)
                         {
                 case AF_INET:
@@ -548,7 +561,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                                 &sockopt_val, sizeof(sockopt_val))) < 0)
                                 perror("setsockopt");
                         break;
-#if OPENSSL_USE_IPV6 && defined(IPV6_MTU_DISCOVER)
+#if OPENSSL_USE_IPV6 && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO)
                 case AF_INET6:
                         sockopt_val = IPV6_PMTUDISC_DO;
                         if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
@@ -565,7 +578,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                 break;
 #endif
         case BIO_CTRL_DGRAM_QUERY_MTU:
-#ifdef OPENSSL_SYS_LINUX
+#if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU)
                 addr_len = (socklen_t)sizeof(addr);
                 memset((void *)&addr, 0, sizeof(addr));
                 if (getsockname(b->num, &addr.sa, &addr_len) < 0)
@@ -727,12 +740,15 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
 #endif
                 break;
         case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT:
-#ifdef OPENSSL_SYS_WINDOWS
                 {
-                int timeout, sz = sizeof(timeout);
+                union { size_t s; int i; } sz = {0};
+#ifdef OPENSSL_SYS_WINDOWS
+                int timeout;
                 struct timeval *tv = (struct timeval *)ptr;
+
+                sz.i = sizeof(timeout);
                 if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
-                        (void*)&timeout, &sz) < 0)
+                        (void*)&timeout, &sz.i) < 0)
                         { perror("getsockopt"); ret = -1; }
                 else
                         {
@@ -740,12 +756,20 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                         tv->tv_usec = (timeout % 1000) * 1000;
                         ret = sizeof(*tv);
                         }
-                }
 #else
+                sz.i = sizeof(struct timeval);
                 if ( getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, 
-                        ptr, (void *)&ret) < 0)
+                        ptr, (void *)&sz) < 0)
                         { perror("getsockopt"); ret = -1; }
+                else if (sizeof(sz.s)!=sizeof(sz.i) && sz.i==0)
+                        {
+                        OPENSSL_assert(sz.s<=sizeof(struct timeval));
+                        ret = (int)sz.s;
+                        }
+                else
+                        ret = sz.i;
 #endif
+                }
                 break;
 #endif
 #if defined(SO_SNDTIMEO)
@@ -765,12 +789,15 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
 #endif
                 break;
         case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT:
-#ifdef OPENSSL_SYS_WINDOWS
                 {
-                int timeout, sz = sizeof(timeout);
+                union { size_t s; int i; } sz = {0};
+#ifdef OPENSSL_SYS_WINDOWS
+                int timeout;
                 struct timeval *tv = (struct timeval *)ptr;
+
+                sz.i = sizeof(timeout);
                 if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
-                        (void*)&timeout, &sz) < 0)
+                        (void*)&timeout, &sz.i) < 0)
                         { perror("getsockopt"); ret = -1; }
                 else
                         {
@@ -778,12 +805,20 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                         tv->tv_usec = (timeout % 1000) * 1000;
                         ret = sizeof(*tv);
                         }
-                }
 #else
+                sz.i = sizeof(struct timeval);
                 if ( getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, 
-                        ptr, (void *)&ret) < 0)
+                        ptr, (void *)&sz) < 0)
                         { perror("getsockopt"); ret = -1; }
+                else if (sizeof(sz.s)!=sizeof(sz.i) && sz.i==0)
+                        {
+                        OPENSSL_assert(sz.s<=sizeof(struct timeval));
+                        ret = (int)sz.s;
+                        }
+                else
+                        ret = sz.i;
 #endif
+                }
                 break;
 #endif
         case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP:
@@ -871,8 +906,8 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag)
         memset(authchunks, 0, sizeof(sockopt_len));
         ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks, &sockopt_len);
         OPENSSL_assert(ret >= 0);
-        
-        for (p = (unsigned char*) authchunks + sizeof(sctp_assoc_t);
+
+        for (p = (unsigned char*) authchunks->gauth_chunks;
              p < (unsigned char*) authchunks + sockopt_len;
              p += sizeof(uint8_t))
                 {
@@ -955,7 +990,6 @@ static int dgram_sctp_free(BIO *a)
 #ifdef SCTP_AUTHENTICATION_EVENT
 void dgram_sctp_handle_auth_free_key_event(BIO *b, union sctp_notification *snp)
         {
-        unsigned int sockopt_len = 0;
         int ret;
         struct sctp_authkey_event* authkeyevent = &snp->sn_auth_event;
 
@@ -965,9 +999,8 @@ void dgram_sctp_handle_auth_free_key_event(BIO *b, union sctp_notification *snp)
 
                 /* delete key */
                 authkeyid.scact_keynumber = authkeyevent->auth_keynumber;
-                sockopt_len = sizeof(struct sctp_authkeyid);
                 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY,
-                      &authkeyid, sockopt_len);
+                      &authkeyid, sizeof(struct sctp_authkeyid));
                 }
         }
 #endif
@@ -1164,7 +1197,7 @@ static int dgram_sctp_read(BIO *b, char *out, int outl)
                         ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS, authchunks, &optlen);
                         OPENSSL_assert(ii >= 0);
 
-                        for (p = (unsigned char*) authchunks + sizeof(sctp_assoc_t);
+                        for (p = (unsigned char*) authchunks->gauth_chunks;
                                  p < (unsigned char*) authchunks + optlen;
                                  p += sizeof(uint8_t))
                                 {
@@ -1298,7 +1331,7 @@ static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr)
         {
         long ret=1;
         bio_dgram_sctp_data *data = NULL;
-        unsigned int sockopt_len = 0;
+        socklen_t sockopt_len = 0;
         struct sctp_authkeyid authkeyid;
         struct sctp_authkey *authkey;
 
diff --git a/src/lib/libcrypto/bio/bss_log.c b/src/lib/libcrypto/bio/bss_log.c
index b7dce5c1a2..2227b2b52d 100644
--- a/src/lib/libcrypto/bio/bss_log.c
+++ b/src/lib/libcrypto/bio/bss_log.c
@@ -245,7 +245,7 @@ static int MS_CALLBACK slg_puts(BIO *bp, const char *str)
 
 static void xopenlog(BIO* bp, char* name, int level)
 {
-        if (GetVersion() < 0x80000000)
+        if (check_winnt())
                 bp->ptr = RegisterEventSourceA(NULL,name);
         else
                 bp->ptr = NULL;
diff --git a/src/lib/libcrypto/bn/bn.h b/src/lib/libcrypto/bn/bn.h
index f34248ec4f..21a1a3fe35 100644
--- a/src/lib/libcrypto/bn/bn.h
+++ b/src/lib/libcrypto/bn/bn.h
@@ -538,6 +538,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret,
 BIGNUM *BN_mod_sqrt(BIGNUM *ret,
         const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
 
+void    BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
+
 /* Deprecated versions */
 #ifndef OPENSSL_NO_DEPRECATED
 BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,
@@ -774,11 +776,20 @@ int RAND_pseudo_bytes(unsigned char *buf,int num);
 
 #define bn_fix_top(a)           bn_check_top(a)
 
+#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
+#define bn_wcheck_size(bn, words) \
+        do { \
+                const BIGNUM *_bnum2 = (bn); \
+                assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \
+        } while(0)
+
 #else /* !BN_DEBUG */
 
 #define bn_pollute(a)
 #define bn_check_top(a)
 #define bn_fix_top(a)           bn_correct_top(a)
+#define bn_check_size(bn, bits)
+#define bn_wcheck_size(bn, words)
 
 #endif
 
diff --git a/src/lib/libcrypto/bn/bn_div.c b/src/lib/libcrypto/bn/bn_div.c
index 52b3304293..7b2403185e 100644
--- a/src/lib/libcrypto/bn/bn_div.c
+++ b/src/lib/libcrypto/bn/bn_div.c
@@ -141,6 +141,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
     *
     *                                   <appro@fy.chalmers.se>
     */
+#undef bn_div_words
 #  define bn_div_words(n0,n1,d0)                \
         ({  asm volatile (                      \
                 "divl   %4"                     \
@@ -155,6 +156,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
     * Same story here, but it's 128-bit by 64-bit division. Wow!
     *                                   <appro@fy.chalmers.se>
     */
+#  undef bn_div_words
 #  define bn_div_words(n0,n1,d0)                \
         ({  asm volatile (                      \
                 "divq   %4"                     \
diff --git a/src/lib/libcrypto/bn/bn_gcd.c b/src/lib/libcrypto/bn/bn_gcd.c
index 4a352119ba..a808f53178 100644
--- a/src/lib/libcrypto/bn/bn_gcd.c
+++ b/src/lib/libcrypto/bn/bn_gcd.c
@@ -205,6 +205,7 @@ err:
 /* solves ax == 1 (mod n) */
 static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
         const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
+
 BIGNUM *BN_mod_inverse(BIGNUM *in,
         const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
         {
diff --git a/src/lib/libcrypto/bn/bn_lcl.h b/src/lib/libcrypto/bn/bn_lcl.h
index eecfd8cc99..817c773b65 100644
--- a/src/lib/libcrypto/bn/bn_lcl.h
+++ b/src/lib/libcrypto/bn/bn_lcl.h
@@ -282,16 +282,23 @@ extern "C" {
 #  endif
 # elif defined(__mips) && (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG))
 #  if defined(__GNUC__) && __GNUC__>=2
-#   define BN_UMULT_HIGH(a,b)   ({      \
+#   if __GNUC__>=4 && __GNUC_MINOR__>=4 /* "h" constraint is no more since 4.4 */
+#     define BN_UMULT_HIGH(a,b)          (((__uint128_t)(a)*(b))>>64)
+#     define BN_UMULT_LOHI(low,high,a,b) ({     \
+        __uint128_t ret=(__uint128_t)(a)*(b);   \
+        (high)=ret>>64; (low)=ret;       })
+#   else
+#     define BN_UMULT_HIGH(a,b) ({      \
         register BN_ULONG ret;          \
         asm ("dmultu    %1,%2"          \
              : "=h"(ret)                \
              : "r"(a), "r"(b) : "l");   \
         ret;                    })
-#   define BN_UMULT_LOHI(low,high,a,b)  \
+#     define BN_UMULT_LOHI(low,high,a,b)\
         asm ("dmultu    %2,%3"          \
              : "=l"(low),"=h"(high)     \
              : "r"(a), "r"(b));
+#    endif
 #  endif
 # endif         /* cpu */
 #endif          /* OPENSSL_NO_ASM */
diff --git a/src/lib/libcrypto/bn/bn_lib.c b/src/lib/libcrypto/bn/bn_lib.c
index 7a5676de69..5461e6ee7d 100644
--- a/src/lib/libcrypto/bn/bn_lib.c
+++ b/src/lib/libcrypto/bn/bn_lib.c
@@ -824,3 +824,55 @@ int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,
                 }
         return bn_cmp_words(a,b,cl);
         }
+
+/* 
+ * Constant-time conditional swap of a and b.  
+ * a and b are swapped if condition is not 0.  The code assumes that at most one bit of condition is set.
+ * nwords is the number of words to swap.  The code assumes that at least nwords are allocated in both a and b,
+ * and that no more than nwords are used by either a or b.
+ * a and b cannot be the same number
+ */
+void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
+        {
+        BN_ULONG t;
+        int i;
+
+        bn_wcheck_size(a, nwords);
+        bn_wcheck_size(b, nwords);
+
+        assert(a != b);
+        assert((condition & (condition - 1)) == 0);
+        assert(sizeof(BN_ULONG) >= sizeof(int));
+
+        condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1;
+
+        t = (a->top^b->top) & condition;
+        a->top ^= t;
+        b->top ^= t;
+
+#define BN_CONSTTIME_SWAP(ind) \
+        do { \
+                t = (a->d[ind] ^ b->d[ind]) & condition; \
+                a->d[ind] ^= t; \
+                b->d[ind] ^= t; \
+        } while (0)
+
+
+        switch (nwords) {
+        default:
+                for (i = 10; i < nwords; i++) 
+                        BN_CONSTTIME_SWAP(i);
+                /* Fallthrough */
+        case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */
+        case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */
+        case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */
+        case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */
+        case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */
+        case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */
+        case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */
+        case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */
+        case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */
+        case 1: BN_CONSTTIME_SWAP(0);
+        }
+#undef BN_CONSTTIME_SWAP
+}
diff --git a/src/lib/libcrypto/bn/bn_nist.c b/src/lib/libcrypto/bn/bn_nist.c
index 43caee4770..e22968d4a3 100644
--- a/src/lib/libcrypto/bn/bn_nist.c
+++ b/src/lib/libcrypto/bn/bn_nist.c
@@ -286,26 +286,25 @@ const BIGNUM *BN_get0_nist_prime_521(void)
         }
 
 
-static void nist_cp_bn_0(BN_ULONG *buf, BN_ULONG *a, int top, int max)
+static void nist_cp_bn_0(BN_ULONG *dst, const BN_ULONG *src, int top, int max)
         {
         int i;
-        BN_ULONG *_tmp1 = (buf), *_tmp2 = (a);
 
 #ifdef BN_DEBUG
         OPENSSL_assert(top <= max);
 #endif
-        for (i = (top); i != 0; i--)
-                *_tmp1++ = *_tmp2++;
-        for (i = (max) - (top); i != 0; i--)
-                *_tmp1++ = (BN_ULONG) 0;
+        for (i = 0; i < top; i++)
+                dst[i] = src[i];
+        for (; i < max; i++)
+                dst[i] = 0;
         }
 
-static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top)
+static void nist_cp_bn(BN_ULONG *dst, const BN_ULONG *src, int top)
         { 
         int i;
-        BN_ULONG *_tmp1 = (buf), *_tmp2 = (a);
-        for (i = (top); i != 0; i--)
-                *_tmp1++ = *_tmp2++;
+
+        for (i = 0; i < top; i++)
+                dst[i] = src[i];
         }
 
 #if BN_BITS2 == 64
@@ -451,8 +450,9 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
          */
         mask  = 0-(PTR_SIZE_INT)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP);
         mask &= 0-(PTR_SIZE_INT)carry;
+        res   = c_d;
         res   = (BN_ULONG *)
-         (((PTR_SIZE_INT)c_d&~mask) | ((PTR_SIZE_INT)r_d&mask));
+         (((PTR_SIZE_INT)res&~mask) | ((PTR_SIZE_INT)r_d&mask));
         nist_cp_bn(r_d, res, BN_NIST_192_TOP);
         r->top = BN_NIST_192_TOP;
         bn_correct_top(r);
@@ -479,8 +479,11 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         int     top = a->top, i;
         int     carry;
         BN_ULONG *r_d, *a_d = a->d;
-        BN_ULONG buf[BN_NIST_224_TOP],
-                 c_d[BN_NIST_224_TOP],
+        union   {
+                BN_ULONG        bn[BN_NIST_224_TOP];
+                unsigned int    ui[BN_NIST_224_TOP*sizeof(BN_ULONG)/sizeof(unsigned int)];
+                } buf;
+        BN_ULONG c_d[BN_NIST_224_TOP],
                 *res;
         PTR_SIZE_INT mask;
         union { bn_addsub_f f; PTR_SIZE_INT p; } u;
@@ -519,18 +522,18 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         /* copy upper 256 bits of 448 bit number ... */
         nist_cp_bn_0(c_d, a_d + (BN_NIST_224_TOP-1), top - (BN_NIST_224_TOP-1), BN_NIST_224_TOP);
         /* ... and right shift by 32 to obtain upper 224 bits */
-        nist_set_224(buf, c_d, 14, 13, 12, 11, 10, 9, 8);
+        nist_set_224(buf.bn, c_d, 14, 13, 12, 11, 10, 9, 8);
         /* truncate lower part to 224 bits too */
         r_d[BN_NIST_224_TOP-1] &= BN_MASK2l;
 #else
-        nist_cp_bn_0(buf, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, BN_NIST_224_TOP);
+        nist_cp_bn_0(buf.bn, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, BN_NIST_224_TOP);
 #endif
 
 #if defined(NIST_INT64) && BN_BITS2!=64
         {
         NIST_INT64              acc;    /* accumulator */
         unsigned int            *rp=(unsigned int *)r_d;
-        const unsigned int      *bp=(const unsigned int *)buf;
+        const unsigned int      *bp=(const unsigned int *)buf.ui;
 
         acc  = rp[0];   acc -= bp[7-7];
                         acc -= bp[11-7]; rp[0] = (unsigned int)acc; acc >>= 32;
@@ -565,13 +568,13 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         {
         BN_ULONG t_d[BN_NIST_224_TOP];
 
-        nist_set_224(t_d, buf, 10, 9, 8, 7, 0, 0, 0);
+        nist_set_224(t_d, buf.bn, 10, 9, 8, 7, 0, 0, 0);
         carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
-        nist_set_224(t_d, buf, 0, 13, 12, 11, 0, 0, 0);
+        nist_set_224(t_d, buf.bn, 0, 13, 12, 11, 0, 0, 0);
         carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
-        nist_set_224(t_d, buf, 13, 12, 11, 10, 9, 8, 7);
+        nist_set_224(t_d, buf.bn, 13, 12, 11, 10, 9, 8, 7);
         carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
-        nist_set_224(t_d, buf, 0, 0, 0, 0, 13, 12, 11);
+        nist_set_224(t_d, buf.bn, 0, 0, 0, 0, 13, 12, 11);
         carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
 
 #if BN_BITS2==64
@@ -606,7 +609,8 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         /* otherwise it's effectively same as in BN_nist_mod_192... */
         mask  = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_224[0],BN_NIST_224_TOP);
         mask &= 0-(PTR_SIZE_INT)carry;
-        res   = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) |
+        res   = c_d;
+        res   = (BN_ULONG *)(((PTR_SIZE_INT)res&~mask) |
          ((PTR_SIZE_INT)r_d&mask));
         nist_cp_bn(r_d, res, BN_NIST_224_TOP);
         r->top = BN_NIST_224_TOP;
@@ -805,7 +809,8 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 
         mask  = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP);
         mask &= 0-(PTR_SIZE_INT)carry;
-        res   = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) |
+        res   = c_d;
+        res   = (BN_ULONG *)(((PTR_SIZE_INT)res&~mask) |
          ((PTR_SIZE_INT)r_d&mask));
         nist_cp_bn(r_d, res, BN_NIST_256_TOP);
         r->top = BN_NIST_256_TOP;
@@ -1026,7 +1031,8 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 
         mask  = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_384[0],BN_NIST_384_TOP);
         mask &= 0-(PTR_SIZE_INT)carry;
-        res   = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) |
+        res   = c_d;
+        res   = (BN_ULONG *)(((PTR_SIZE_INT)res&~mask) |
          ((PTR_SIZE_INT)r_d&mask));
         nist_cp_bn(r_d, res, BN_NIST_384_TOP);
         r->top = BN_NIST_384_TOP;
@@ -1092,7 +1098,8 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 
         bn_add_words(r_d,r_d,t_d,BN_NIST_521_TOP);
         mask = 0-(PTR_SIZE_INT)bn_sub_words(t_d,r_d,_nist_p_521,BN_NIST_521_TOP);
-        res  = (BN_ULONG *)(((PTR_SIZE_INT)t_d&~mask) |
+        res  = t_d;
+        res  = (BN_ULONG *)(((PTR_SIZE_INT)res&~mask) |
          ((PTR_SIZE_INT)r_d&mask));
         nist_cp_bn(r_d,res,BN_NIST_521_TOP);
         r->top = BN_NIST_521_TOP;
diff --git a/src/lib/libcrypto/buffer/buffer.c b/src/lib/libcrypto/buffer/buffer.c
index d7aa79ad7f..d4a4ce43b3 100644
--- a/src/lib/libcrypto/buffer/buffer.c
+++ b/src/lib/libcrypto/buffer/buffer.c
@@ -179,14 +179,14 @@ int BUF_MEM_grow_clean(BUF_MEM *str, size_t len)
         return(len);
         }
 
-void BUF_reverse(unsigned char *out, unsigned char *in, size_t size)
+void BUF_reverse(unsigned char *out, const unsigned char *in, size_t size)
         {
         size_t i;
         if (in)
                 {
                 out += size - 1;
                 for (i = 0; i < size; i++)
-                        *in++ = *out--;
+                        *out-- = *in++;
                 }
         else
                 {
diff --git a/src/lib/libcrypto/buffer/buffer.h b/src/lib/libcrypto/buffer/buffer.h
index 178e418282..f8da32b485 100644
--- a/src/lib/libcrypto/buffer/buffer.h
+++ b/src/lib/libcrypto/buffer/buffer.h
@@ -88,7 +88,7 @@ int	BUF_MEM_grow_clean(BUF_MEM *str, size_t len);
 char *  BUF_strdup(const char *str);
 char *  BUF_strndup(const char *str, size_t siz);
 void *  BUF_memdup(const void *data, size_t siz);
-void    BUF_reverse(unsigned char *out, unsigned char *in, size_t siz);
+void    BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz);
 
 /* safe string functions */
 size_t BUF_strlcpy(char *dst,const char *src,size_t siz);
diff --git a/src/lib/libcrypto/cryptlib.c b/src/lib/libcrypto/cryptlib.c
index 766ea8cac7..0b77d8b7d0 100644
--- a/src/lib/libcrypto/cryptlib.c
+++ b/src/lib/libcrypto/cryptlib.c
@@ -504,7 +504,7 @@ void CRYPTO_THREADID_current(CRYPTO_THREADID *id)
         CRYPTO_THREADID_set_numeric(id, (unsigned long)find_thread(NULL));
 #else
         /* For everything else, default to using the address of 'errno' */
-        CRYPTO_THREADID_set_pointer(id, &errno);
+        CRYPTO_THREADID_set_pointer(id, (void*)&errno);
 #endif
         }
 
@@ -704,6 +704,7 @@ void OPENSSL_cpuid_setup(void)
     }
     else
         vec = OPENSSL_ia32_cpuid();
+
     /*
      * |(1<<10) sets a reserved bit to signal that variable
      * was initialized already... This is to avoid interference
@@ -888,7 +889,7 @@ void OPENSSL_showfatal (const char *fmta,...)
 
 #if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
     /* this -------------v--- guards NT-specific calls */
-    if (GetVersion() < 0x80000000 && OPENSSL_isservice() > 0)
+    if (check_winnt() && OPENSSL_isservice() > 0)
     {   HANDLE h = RegisterEventSource(0,_T("OPENSSL"));
         const TCHAR *pmsg=buf;
         ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0);
@@ -924,3 +925,16 @@ void OpenSSLDie(const char *file,int line,const char *assertion)
         }
 
 void *OPENSSL_stderr(void)      { return stderr; }
+
+int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len)
+        {
+        size_t i;
+        const unsigned char *a = in_a;
+        const unsigned char *b = in_b;
+        unsigned char x = 0;
+
+        for (i = 0; i < len; i++)
+                x |= a[i] ^ b[i];
+
+        return x;
+        }
diff --git a/src/lib/libcrypto/cryptlib.h b/src/lib/libcrypto/cryptlib.h
index 1761f6b668..d26f9630ea 100644
--- a/src/lib/libcrypto/cryptlib.h
+++ b/src/lib/libcrypto/cryptlib.h
@@ -100,7 +100,7 @@ extern "C" {
 
 void OPENSSL_cpuid_setup(void);
 extern unsigned int OPENSSL_ia32cap_P[];
-void OPENSSL_showfatal(const char *,...);
+void OPENSSL_showfatal(const char *fmta,...);
 void *OPENSSL_stderr(void);
 extern int OPENSSL_NONPIC_relocated;
 
diff --git a/src/lib/libcrypto/crypto-lib.com b/src/lib/libcrypto/crypto-lib.com
deleted file mode 100644
index c280aa03a8..0000000000
--- a/src/lib/libcrypto/crypto-lib.com
+++ /dev/null
@@ -1,1516 +0,0 @@
-$!
-$!  CRYPTO-LIB.COM
-$!  Written By:  Robert Byer
-$!               Vice-President
-$!               A-Com Computing, Inc.
-$!               byer@mail.all-net.net
-$!
-$!  Changes by Richard Levitte <richard@levitte.org>
-$!             Zoltan Arpadffy <arpadffy@polarhome.com>
-$!
-$!  This command files compiles and creates the "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" 
-$!  library for OpenSSL.  The "xxx" denotes the machine architecture, ALPHA,
-$!  IA64 or VAX.
-$!
-$!  It was re-written so it would try to determine what "C" compiler to use 
-$!  or you can specify which "C" compiler to use.
-$!
-$!  Specify the following as P1 to build just that part or ALL to just
-$!  build everything.
-$!
-$!      LIBRARY    To just compile the [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library.
-$!      APPS       To just compile the [.xxx.EXE.CRYPTO]*.EXE
-$!      ALL        To do both LIBRARY and APPS
-$!
-$!  Specify DEBUG or NODEBUG as P2 to compile with or without debugger
-$!  information.
-$!
-$!  Specify which compiler at P3 to try to compile under.
-$!
-$!      VAXC       For VAX C.
-$!      DECC       For DEC C.
-$!      GNUC       For GNU C.
-$!
-$!  If you don't specify a compiler, it will try to determine which
-$!  "C" compiler to use.
-$!
-$!  P4, if defined, sets a TCP/IP library to use, through one of the following
-$!  keywords:
-$!
-$!      UCX        For UCX
-$!      TCPIP      For TCPIP (post UCX)
-$!      SOCKETSHR  For SOCKETSHR+NETLIB
-$!
-$!  P5, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
-$!
-$!  P6, if defined, sets a choice of crypto methods to compile.
-$!  WARNING: this should only be done to recompile some part of an already
-$!  fully compiled library.
-$!
-$!  P7, if defined, specifies the C pointer size.  Ignored on VAX.
-$!      ("64=ARGV" gives more efficient code with HP C V7.3 or newer.)
-$!      Supported values are:
-$!
-$!      ""       Compile with default (/NOPOINTER_SIZE)
-$!      32       Compile with /POINTER_SIZE=32 (SHORT)
-$!      64       Compile with /POINTER_SIZE=64[=ARGV] (LONG[=ARGV]).
-$!               (Automatically select ARGV if compiler supports it.)
-$!      64=      Compile with /POINTER_SIZE=64 (LONG).
-$!      64=ARGV  Compile with /POINTER_SIZE=64=ARGV (LONG=ARGV).
-$!
-$!  P8, if defined, specifies a directory where ZLIB files (zlib.h,
-$!  libz.olb) may be found.  Optionally, a non-default object library
-$!  name may be included ("dev:[dir]libz_64.olb", for example).
-$!
-$!
-$! Announce/identify.
-$!
-$ proc = f$environment( "procedure")
-$ write sys$output "@@@ "+ -
-   f$parse( proc, , , "name")+ f$parse( proc, , , "type")
-$!
-$! Define A TCP/IP Library That We Will Need To Link To.
-$! (That Is, If We Need To Link To One.)
-$!
-$ TCPIP_LIB = ""
-$ ZLIB_LIB = ""
-$!
-$! Check Which Architecture We Are Using.
-$!
-$ IF (F$GETSYI("CPU").LT.128)
-$ THEN
-$!
-$!  The Architecture Is VAX
-$!
-$   ARCH = "VAX"
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$!  The Architecture Is Alpha, IA64 or whatever comes in the future.
-$!
-$   ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
-$   IF (ARCH .EQS. "") THEN ARCH = "UNK"
-$!
-$! End The Architecture Check.
-$!
-$ ENDIF
-$!
-$ ARCHD = ARCH
-$ LIB32 = "32"
-$ OPT_FILE = ""
-$ POINTER_SIZE = ""
-$!
-$! Define The Different Encryption Types.
-$! NOTE: Some might think this list ugly.  However, it's made this way to
-$! reflect the SDIRS variable in [-]Makefile.org as closely as possible,
-$! thereby making it fairly easy to verify that the lists are the same.
-$!
-$ ET_WHIRLPOOL = "WHRLPOOL"
-$ IF ARCH .EQS. "VAX" THEN ET_WHIRLPOOL = ""
-$ ENCRYPT_TYPES = "Basic,"+ -
-                  "OBJECTS,"+ -
-                  "MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ET_WHIRLPOOL+","+ -
-                  "DES,AES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,MODES,"+ -
-                  "BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,"+ -
-                  "BUFFER,BIO,STACK,LHASH,RAND,ERR,"+ -
-                  "EVP,EVP_2,EVP_3,ASN1,ASN1_2,PEM,X509,X509V3,"+ -
-                  "CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5,"+ -
-                  "CMS,PQUEUE,TS,JPAKE,SRP,STORE,CMAC"
-$!
-$! Check To Make Sure We Have Valid Command Line Parameters.
-$!
-$ GOSUB CHECK_OPTIONS
-$!
-$! Define The OBJ and EXE Directories.
-$!
-$ OBJ_DIR := SYS$DISK:[-.'ARCHD'.OBJ.CRYPTO]
-$ EXE_DIR := SYS$DISK:[-.'ARCHD'.EXE.CRYPTO]
-$!
-$! Specify the destination directory in any /MAP option.
-$!
-$ if (LINKMAP .eqs. "MAP")
-$ then
-$   LINKMAP = LINKMAP+ "=''EXE_DIR'"
-$ endif
-$!
-$! Add the location prefix to the linker options file name.
-$!
-$ if (OPT_FILE .nes. "")
-$ then
-$   OPT_FILE = EXE_DIR+ OPT_FILE
-$ endif
-$!
-$! Initialise logical names and such
-$!
-$ GOSUB INITIALISE
-$!
-$! Tell The User What Kind of Machine We Run On.
-$!
-$ WRITE SYS$OUTPUT "Host system architecture: ''ARCHD'"
-$!
-$!
-$! Check To See If The Architecture Specific OBJ Directory Exists.
-$!
-$ IF (F$PARSE(OBJ_DIR).EQS."")
-$ THEN
-$!
-$!  It Dosen't Exist, So Create It.
-$!
-$   CREATE/DIR 'OBJ_DIR'
-$!
-$! End The Architecture Specific OBJ Directory Check.
-$!
-$ ENDIF
-$!
-$! Check To See If The Architecture Specific Directory Exists.
-$!
-$ IF (F$PARSE(EXE_DIR).EQS."")
-$ THEN
-$!
-$!  It Dosen't Exist, So Create It.
-$!
-$   CREATE/DIRECTORY 'EXE_DIR'
-$!
-$! End The Architecture Specific Directory Check.
-$!
-$ ENDIF
-$!
-$! Define The Library Name.
-$!
-$ LIB_NAME := 'EXE_DIR'SSL_LIBCRYPTO'LIB32'.OLB
-$!
-$! Define The CRYPTO-LIB We Are To Use.
-$!
-$ CRYPTO_LIB := 'EXE_DIR'SSL_LIBCRYPTO'LIB32'.OLB
-$!
-$! Check To See If We Already Have A "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" Library...
-$!
-$ IF (F$SEARCH(LIB_NAME).EQS."")
-$ THEN
-$!
-$! Guess Not, Create The Library.
-$!
-$   LIBRARY/CREATE/OBJECT 'LIB_NAME'
-$!
-$! End The Library Check.
-$!
-$ ENDIF
-$!
-$! Build our options file for the application
-$!
-$ GOSUB CHECK_OPT_FILE
-$!
-$! Define The Different Encryption "library" Strings.
-$!
-$ APPS_DES = "DES/DES,CBC3_ENC"
-$ APPS_PKCS7 = "ENC/ENC;DEC/DEC;SIGN/SIGN;VERIFY/VERIFY,EXAMPLE"
-$
-$ LIB_ = "cryptlib,mem,mem_clr,mem_dbg,cversion,ex_data,cpt_err,"+ -
-        "ebcdic,uid,o_time,o_str,o_dir,o_fips.c,o_init,fips_ers"
-$ LIB_MD2 = "md2_dgst,md2_one"
-$ LIB_MD4 = "md4_dgst,md4_one"
-$ LIB_MD5 = "md5_dgst,md5_one"
-$ LIB_SHA = "sha_dgst,sha1dgst,sha_one,sha1_one,sha256,sha512"
-$ LIB_MDC2 = "mdc2dgst,mdc2_one"
-$ LIB_HMAC = "hmac,hm_ameth,hm_pmeth"
-$ LIB_RIPEMD = "rmd_dgst,rmd_one"
-$ LIB_WHRLPOOL = "wp_dgst,wp_block"
-$ LIB_DES = "set_key,ecb_enc,cbc_enc,"+ -
-        "ecb3_enc,cfb64enc,cfb64ede,cfb_enc,ofb64ede,"+ -
-        "enc_read,enc_writ,ofb64enc,"+ -
-        "ofb_enc,str2key,pcbc_enc,qud_cksm,rand_key,"+ -
-        "des_enc,fcrypt_b,"+ -
-        "fcrypt,xcbc_enc,rpc_enc,cbc_cksm,"+ -
-        "ede_cbcm_enc,des_old,des_old2,read2pwd"
-$ LIB_RC2 = "rc2_ecb,rc2_skey,rc2_cbc,rc2cfb64,rc2ofb64"
-$ LIB_RC4 = "rc4_skey,rc4_enc,rc4_utl"
-$ LIB_RC5 = "rc5_skey,rc5_ecb,rc5_enc,rc5cfb64,rc5ofb64"
-$ LIB_IDEA = "i_cbc,i_cfb64,i_ofb64,i_ecb,i_skey"
-$ LIB_BF = "bf_skey,bf_ecb,bf_enc,bf_cfb64,bf_ofb64"
-$ LIB_CAST = "c_skey,c_ecb,c_enc,c_cfb64,c_ofb64"
-$ LIB_CAMELLIA = "camellia,cmll_misc,cmll_ecb,cmll_cbc,cmll_ofb,"+ -
-        "cmll_cfb,cmll_ctr,cmll_utl"
-$ LIB_SEED = "seed,seed_ecb,seed_cbc,seed_cfb,seed_ofb"
-$ LIB_MODES = "cbc128,ctr128,cts128,cfb128,ofb128,gcm128,"+ -
-        "ccm128,xts128"
-$ LIB_BN_ASM = "[.asm]vms.mar,vms-helper"
-$ IF F$TRNLNM("OPENSSL_NO_ASM") .OR. ARCH .NES. "VAX" THEN -
-     LIB_BN_ASM = "bn_asm"
-$ LIB_BN = "bn_add,bn_div,bn_exp,bn_lib,bn_ctx,bn_mul,bn_mod,"+ -
-        "bn_print,bn_rand,bn_shift,bn_word,bn_blind,"+ -
-        "bn_kron,bn_sqrt,bn_gcd,bn_prime,bn_err,bn_sqr,"+LIB_BN_ASM+","+ -
-        "bn_recp,bn_mont,bn_mpi,bn_exp2,bn_gf2m,bn_nist,"+ -
-        "bn_depr,bn_const,bn_x931p"
-$ LIB_EC = "ec_lib,ecp_smpl,ecp_mont,ecp_nist,ec_cvt,ec_mult,"+ -
-        "ec_err,ec_curve,ec_check,ec_print,ec_asn1,ec_key,"+ -
-        "ec2_smpl,ec2_mult,ec_ameth,ec_pmeth,eck_prn,"+ -
-        "ecp_nistp224,ecp_nistp256,ecp_nistp521,ecp_nistputil,"+ -
-        "ecp_oct,ec2_oct,ec_oct"
-$ LIB_RSA = "rsa_eay,rsa_gen,rsa_lib,rsa_sign,rsa_saos,rsa_err,"+ -
-        "rsa_pk1,rsa_ssl,rsa_none,rsa_oaep,rsa_chk,rsa_null,"+ -
-        "rsa_pss,rsa_x931,rsa_asn1,rsa_depr,rsa_ameth,rsa_prn,"+ -
-        "rsa_pmeth,rsa_crpt"
-$ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa_asn1,dsa_vrf,dsa_sign,"+ -
-        "dsa_err,dsa_ossl,dsa_depr,dsa_ameth,dsa_pmeth,dsa_prn"
-$ LIB_ECDSA = "ecs_lib,ecs_asn1,ecs_ossl,ecs_sign,ecs_vrf,ecs_err"
-$ LIB_DH = "dh_asn1,dh_gen,dh_key,dh_lib,dh_check,dh_err,dh_depr,"+ -
-        "dh_ameth,dh_pmeth,dh_prn"
-$ LIB_ECDH = "ech_lib,ech_ossl,ech_key,ech_err"
-$ LIB_DSO = "dso_dl,dso_dlfcn,dso_err,dso_lib,dso_null,"+ -
-        "dso_openssl,dso_win32,dso_vms,dso_beos"
-$ LIB_ENGINE = "eng_err,eng_lib,eng_list,eng_init,eng_ctrl,"+ -
-        "eng_table,eng_pkey,eng_fat,eng_all,"+ -
-        "tb_rsa,tb_dsa,tb_ecdsa,tb_dh,tb_ecdh,tb_rand,tb_store,"+ -
-        "tb_cipher,tb_digest,tb_pkmeth,tb_asnmth,"+ -
-        "eng_openssl,eng_dyn,eng_cnf,eng_cryptodev,"+ -
-        "eng_rsax,eng_rdrand"
-$ LIB_AES = "aes_core,aes_misc,aes_ecb,aes_cbc,aes_cfb,aes_ofb,aes_ctr,"+ -
-        "aes_ige,aes_wrap"
-$ LIB_BUFFER = "buffer,buf_str,buf_err"
-$ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ -
-        "bss_mem,bss_null,bss_fd,"+ -
-        "bss_file,bss_sock,bss_conn,"+ -
-        "bf_null,bf_buff,b_print,b_dump,"+ -
-        "b_sock,bss_acpt,bf_nbio,bss_rtcp,bss_bio,bss_log,"+ -
-        "bss_dgram,"+ -
-        "bf_lbuf"
-$ LIB_STACK = "stack"
-$ LIB_LHASH = "lhash,lh_stats"
-$ LIB_RAND = "md_rand,randfile,rand_lib,rand_err,rand_egd,"+ -
-        "rand_vms"
-$ LIB_ERR = "err,err_all,err_prn"
-$ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err,obj_xref"
-$ LIB_EVP = "encode,digest,evp_enc,evp_key,evp_acnf,"+ -
-        "e_des,e_bf,e_idea,e_des3,e_camellia,"+ -
-        "e_rc4,e_aes,names,e_seed,"+ -
-        "e_xcbc_d,e_rc2,e_cast,e_rc5"
-$ LIB_EVP_2 = "m_null,m_md2,m_md4,m_md5,m_sha,m_sha1,m_wp," + -
-        "m_dss,m_dss1,m_mdc2,m_ripemd,m_ecdsa,"+ -
-        "p_open,p_seal,p_sign,p_verify,p_lib,p_enc,p_dec,"+ -
-        "bio_md,bio_b64,bio_enc,evp_err,e_null,"+ -
-        "c_all,c_allc,c_alld,evp_lib,bio_ok,"+-
-        "evp_pkey,evp_pbe,p5_crpt,p5_crpt2"
-$ LIB_EVP_3 = "e_old,pmeth_lib,pmeth_fn,pmeth_gn,m_sigver,evp_fips,"+ -
-        "e_aes_cbc_hmac_sha1,e_rc4_hmac_md5"
-$ LIB_ASN1 = "a_object,a_bitstr,a_utctm,a_gentm,a_time,a_int,a_octet,"+ -
-        "a_print,a_type,a_set,a_dup,a_d2i_fp,a_i2d_fp,"+ -
-        "a_enum,a_utf8,a_sign,a_digest,a_verify,a_mbstr,a_strex,"+ -
-        "x_algor,x_val,x_pubkey,x_sig,x_req,x_attrib,x_bignum,"+ -
-        "x_long,x_name,x_x509,x_x509a,x_crl,x_info,x_spki,nsseq,"+ -
-        "x_nx509,d2i_pu,d2i_pr,i2d_pu,i2d_pr"
-$ LIB_ASN1_2 = "t_req,t_x509,t_x509a,t_crl,t_pkey,t_spki,t_bitst,"+ -
-        "tasn_new,tasn_fre,tasn_enc,tasn_dec,tasn_utl,tasn_typ,"+ -
-        "tasn_prn,ameth_lib,"+ -
-        "f_int,f_string,n_pkey,"+ -
-        "f_enum,x_pkey,a_bool,x_exten,bio_asn1,bio_ndef,asn_mime,"+ -
-        "asn1_gen,asn1_par,asn1_lib,asn1_err,a_bytes,a_strnid,"+ -
-        "evp_asn1,asn_pack,p5_pbe,p5_pbev2,p8_pkey,asn_moid"
-$ LIB_PEM = "pem_sign,pem_seal,pem_info,pem_lib,pem_all,pem_err,"+ -
-        "pem_x509,pem_xaux,pem_oth,pem_pk8,pem_pkey,pvkfmt"
-$ LIB_X509 = "x509_def,x509_d2,x509_r2x,x509_cmp,"+ -
-        "x509_obj,x509_req,x509spki,x509_vfy,"+ -
-        "x509_set,x509cset,x509rset,x509_err,"+ -
-        "x509name,x509_v3,x509_ext,x509_att,"+ -
-        "x509type,x509_lu,x_all,x509_txt,"+ -
-        "x509_trs,by_file,by_dir,x509_vpm"
-$ LIB_X509V3 = "v3_bcons,v3_bitst,v3_conf,v3_extku,v3_ia5,v3_lib,"+ -
-        "v3_prn,v3_utl,v3err,v3_genn,v3_alt,v3_skey,v3_akey,v3_pku,"+ -
-        "v3_int,v3_enum,v3_sxnet,v3_cpols,v3_crld,v3_purp,v3_info,"+ -
-        "v3_ocsp,v3_akeya,v3_pmaps,v3_pcons,v3_ncons,v3_pcia,v3_pci,"+ -
-        "pcy_cache,pcy_node,pcy_data,pcy_map,pcy_tree,pcy_lib,"+ -
-        "v3_asid,v3_addr"
-$ LIB_CONF = "conf_err,conf_lib,conf_api,conf_def,conf_mod,conf_mall,conf_sap"
-$ LIB_TXT_DB = "txt_db"
-$ LIB_PKCS7 = "pk7_asn1,pk7_lib,pkcs7err,pk7_doit,pk7_smime,pk7_attr,"+ -
-        "pk7_mime,bio_pk7"
-$ LIB_PKCS12 = "p12_add,p12_asn,p12_attr,p12_crpt,p12_crt,p12_decr,"+ -
-        "p12_init,p12_key,p12_kiss,p12_mutl,"+ -
-        "p12_utl,p12_npas,pk12err,p12_p8d,p12_p8e"
-$ LIB_COMP = "comp_lib,comp_err,"+ -
-        "c_rle,c_zlib"
-$ LIB_OCSP = "ocsp_asn,ocsp_ext,ocsp_ht,ocsp_lib,ocsp_cl,"+ -
-        "ocsp_srv,ocsp_prn,ocsp_vfy,ocsp_err"
-$ LIB_UI_COMPAT = ",ui_compat"
-$ LIB_UI = "ui_err,ui_lib,ui_openssl,ui_util"+LIB_UI_COMPAT
-$ LIB_KRB5 = "krb5_asn"
-$ LIB_CMS = "cms_lib,cms_asn1,cms_att,cms_io,cms_smime,cms_err,"+ -
-        "cms_sd,cms_dd,cms_cd,cms_env,cms_enc,cms_ess,"+ -
-        "cms_pwri"
-$ LIB_PQUEUE = "pqueue"
-$ LIB_TS = "ts_err,ts_req_utils,ts_req_print,ts_rsp_utils,ts_rsp_print,"+ -
-        "ts_rsp_sign,ts_rsp_verify,ts_verify_ctx,ts_lib,ts_conf,"+ -
-        "ts_asn1"
-$ LIB_JPAKE = "jpake,jpake_err"
-$ LIB_SRP = "srp_lib,srp_vfy"
-$ LIB_STORE = "str_err,str_lib,str_meth,str_mem"
-$ LIB_CMAC = "cmac,cm_ameth.c,cm_pmeth"
-$!
-$! Setup exceptional compilations
-$!
-$ CC3_SHOWN = 0
-$ CC4_SHOWN = 0
-$ CC5_SHOWN = 0
-$ CC6_SHOWN = 0
-$!
-$! The following lists must have leading and trailing commas, and no
-$! embedded spaces.  (They are scanned for ",name,".)
-$!
-$ ! Add definitions for no threads on OpenVMS 7.1 and higher.
-$ COMPILEWITH_CC3 = ",bss_rtcp,"
-$ ! Disable the DOLLARID warning.  Not needed with /STANDARD=RELAXED.
-$ COMPILEWITH_CC4 = "" !!! ",a_utctm,bss_log,o_time,o_dir,"
-$ ! Disable disjoint optimization on VAX with DECC.
-$ COMPILEWITH_CC5 = ",md2_dgst,md4_dgst,md5_dgst,mdc2dgst," + -
-                    "seed,sha_dgst,sha1dgst,rmd_dgst,bf_enc,"
-$ ! Disable the MIXLINKAGE warning.
-$ COMPILEWITH_CC6 = "" !!! ",enc_read,set_key,"
-$!
-$! Figure Out What Other Modules We Are To Build.
-$!
-$ BUILD_SET:
-$!
-$! Define A Module Counter.
-$!
-$ MODULE_COUNTER = 0
-$!
-$! Top Of The Loop.
-$!
-$ MODULE_NEXT:
-$!
-$! Extract The Module Name From The Encryption List.
-$!
-$ MODULE_NAME = F$ELEMENT(MODULE_COUNTER,",",ENCRYPT_TYPES)
-$ IF MODULE_NAME.EQS."Basic" THEN MODULE_NAME = ""
-$ MODULE_NAME1 = MODULE_NAME
-$!
-$! Check To See If We Are At The End Of The Module List.
-$!
-$ IF (MODULE_NAME.EQS.",") 
-$ THEN 
-$!
-$!  We Are At The End Of The Module List, Go To MODULE_DONE.
-$!
-$   GOTO MODULE_DONE
-$!
-$! End The Module List Check.
-$!
-$ ENDIF
-$!
-$! Increment The Moudle Counter.
-$!
-$ MODULE_COUNTER = MODULE_COUNTER + 1
-$!
-$! Create The Library and Apps Module Names.
-$!
-$ LIB_MODULE = "LIB_" + MODULE_NAME
-$ APPS_MODULE = "APPS_" + MODULE_NAME
-$ IF (F$EXTRACT(0,5,MODULE_NAME).EQS."ASN1_")
-$ THEN
-$   MODULE_NAME = "ASN1"
-$ ENDIF
-$ IF (F$EXTRACT(0,4,MODULE_NAME).EQS."EVP_")
-$ THEN
-$   MODULE_NAME = "EVP"
-$ ENDIF
-$!
-$! Set state (can be LIB and APPS)
-$!
-$ STATE = "LIB"
-$ IF BUILDALL .EQS. "APPS" THEN STATE = "APPS"
-$!
-$! Check if the library module name actually is defined
-$!
-$ IF F$TYPE('LIB_MODULE') .EQS. ""
-$ THEN
-$   WRITE SYS$ERROR ""
-$   WRITE SYS$ERROR "The module ",MODULE_NAME1," does not exist.  Continuing..."
-$   WRITE SYS$ERROR ""
-$   GOTO MODULE_NEXT
-$ ENDIF
-$!
-$! Top Of The Module Loop.
-$!
-$ MODULE_AGAIN:
-$!
-$! Tell The User What Module We Are Building.
-$!
-$ IF (MODULE_NAME1.NES."") 
-$ THEN
-$   IF STATE .EQS. "LIB"
-$   THEN
-$     WRITE SYS$OUTPUT "Compiling The ",MODULE_NAME1," Library Files. (",BUILDALL,",",STATE,")"
-$   ELSE IF F$TYPE('APPS_MODULE') .NES. ""
-$     THEN
-$       WRITE SYS$OUTPUT "Compiling The ",MODULE_NAME1," Applications. (",BUILDALL,",",STATE,")"
-$     ENDIF
-$   ENDIF
-$ ENDIF
-$!
-$!  Define A File Counter And Set It To "0".
-$!
-$ FILE_COUNTER = 0
-$ APPLICATION = ""
-$ APPLICATION_COUNTER = 0
-$!
-$! Top Of The File Loop.
-$!
-$ NEXT_FILE:
-$!
-$! Look in the LIB_MODULE is we're in state LIB
-$!
-$ IF STATE .EQS. "LIB"
-$ THEN
-$!
-$!   O.K, Extract The File Name From The File List.
-$!
-$   FILE_NAME = F$ELEMENT(FILE_COUNTER,",",'LIB_MODULE')
-$!
-$!   else
-$!
-$ ELSE
-$   FILE_NAME = ","
-$!
-$   IF F$TYPE('APPS_MODULE') .NES. ""
-$   THEN
-$!
-$!     Extract The File Name From The File List.
-$!     This part is a bit more complicated.
-$!
-$     IF APPLICATION .EQS. ""
-$     THEN
-$       APPLICATION = F$ELEMENT(APPLICATION_COUNTER,";",'APPS_MODULE')
-$       APPLICATION_COUNTER = APPLICATION_COUNTER + 1
-$       APPLICATION_OBJECTS = F$ELEMENT(1,"/",APPLICATION)
-$       APPLICATION = F$ELEMENT(0,"/",APPLICATION)
-$       FILE_COUNTER = 0
-$     ENDIF
-$
-$!     WRITE SYS$OUTPUT "DEBUG: SHOW SYMBOL APPLICATION*"
-$!     SHOW SYMBOL APPLICATION*
-$!
-$     IF APPLICATION .NES. ";"
-$     THEN
-$       FILE_NAME = F$ELEMENT(FILE_COUNTER,",",APPLICATION_OBJECTS)
-$       IF FILE_NAME .EQS. ","
-$       THEN
-$         APPLICATION = ""
-$         GOTO NEXT_FILE
-$       ENDIF
-$     ENDIF
-$   ENDIF
-$ ENDIF
-$!
-$! Check To See If We Are At The End Of The File List.
-$!
-$ IF (FILE_NAME.EQS.",") 
-$ THEN 
-$!
-$!  We Are At The End Of The File List, Change State Or Goto FILE_DONE.
-$!
-$   IF STATE .EQS. "LIB" .AND. BUILDALL .NES. "LIBRARY"
-$   THEN
-$     STATE = "APPS"
-$     GOTO MODULE_AGAIN
-$   ELSE
-$     GOTO FILE_DONE
-$   ENDIF
-$!
-$! End The File List Check.
-$!
-$ ENDIF
-$!
-$! Increment The Counter.
-$!
-$ FILE_COUNTER = FILE_COUNTER + 1
-$!
-$! Create The Source File Name.
-$!
-$ TMP_FILE_NAME = F$ELEMENT(1,"]",FILE_NAME)
-$ IF TMP_FILE_NAME .EQS. "]" THEN TMP_FILE_NAME = FILE_NAME
-$ IF F$ELEMENT(0,".",TMP_FILE_NAME) .EQS. TMP_FILE_NAME THEN -
-        FILE_NAME = FILE_NAME + ".c"
-$ IF (MODULE_NAME.NES."")
-$ THEN
-$   SOURCE_FILE = "SYS$DISK:[." + MODULE_NAME+ "]" + FILE_NAME
-$ ELSE
-$   SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME
-$ ENDIF
-$ SOURCE_FILE = SOURCE_FILE - "]["
-$!
-$! Create The Object File Name.
-$!
-$ OBJECT_FILE = OBJ_DIR + F$PARSE(FILE_NAME,,,"NAME","SYNTAX_ONLY") + ".OBJ"
-$ ON WARNING THEN GOTO NEXT_FILE
-$!
-$! Check To See If The File We Want To Compile Is Actually There.
-$!
-$ IF (F$SEARCH(SOURCE_FILE).EQS."")
-$ THEN
-$!
-$!  Tell The User That The File Doesn't Exist.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Doesn't Exist."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Exit The Build.
-$!
-$   GOTO EXIT
-$!
-$! End The File Exist Check.
-$!
-$ ENDIF
-$!
-$! Tell The User We Are Compiling The File.
-$!
-$ IF (MODULE_NAME.EQS."")
-$ THEN
-$   WRITE SYS$OUTPUT "Compiling The ",FILE_NAME," File.  (",BUILDALL,",",STATE,")"
-$ ENDIF
-$ IF (MODULE_NAME.NES."")
-$ THEN 
-$   WRITE SYS$OUTPUT "        ",FILE_NAME,""
-$ ENDIF
-$!
-$! Compile The File.
-$!
-$ ON ERROR THEN GOTO NEXT_FILE
-$ FILE_NAME0 = ","+ F$ELEMENT(0,".",FILE_NAME)+ ","
-$ IF FILE_NAME - ".mar" .NES. FILE_NAME
-$ THEN
-$   MACRO/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
-$ ELSE
-$   IF COMPILEWITH_CC3 - FILE_NAME0 .NES. COMPILEWITH_CC3
-$   THEN
-$     write sys$output "        \Using special rule (3)"
-$     if (.not. CC3_SHOWN)
-$     then
-$       CC3_SHOWN = 1
-$       x = "    "+ CC3
-$       write /symbol sys$output x
-$     endif
-$     CC3/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
-$   ELSE
-$     IF COMPILEWITH_CC4 - FILE_NAME0 .NES. COMPILEWITH_CC4
-$     THEN
-$       write /symbol sys$output "        \Using special rule (4)"
-$       if (.not. CC4_SHOWN)
-$       then
-$         CC4_SHOWN = 1
-$         x = "    "+ CC4
-$         write /symbol sys$output x
-$       endif
-$       CC4/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
-$     ELSE
-$       IF CC5_DIFFERENT .AND. -
-         (COMPILEWITH_CC5 - FILE_NAME0 .NES. COMPILEWITH_CC5)
-$       THEN
-$         write sys$output "        \Using special rule (5)"
-$         if (.not. CC5_SHOWN)
-$         then
-$           CC5_SHOWN = 1
-$           x = "    "+ CC5
-$           write /symbol sys$output x
-$         endif
-$         CC5/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
-$       ELSE
-$         IF COMPILEWITH_CC6 - FILE_NAME0 .NES. COMPILEWITH_CC6
-$         THEN
-$           write sys$output "        \Using special rule (6)"
-$           if (.not. CC6_SHOWN)
-$           then
-$             CC6_SHOWN = 1
-$             x = "    "+ CC6
-$             write /symbol sys$output x
-$           endif
-$           CC6/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
-$         ELSE
-$           CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
-$         ENDIF
-$       ENDIF
-$     ENDIF
-$   ENDIF
-$ ENDIF
-$ IF STATE .EQS. "LIB"
-$ THEN 
-$!
-$!   Add It To The Library.
-$!
-$   LIBRARY/REPLACE 'LIB_NAME' 'OBJECT_FILE'
-$!
-$!   Time To Clean Up The Object File.
-$!
-$   DELETE 'OBJECT_FILE';*
-$ ENDIF
-$!
-$! Go Back And Do It Again.
-$!
-$ GOTO NEXT_FILE
-$!
-$! All Done With This Library Part.
-$!
-$ FILE_DONE:
-$!
-$! Time To Build Some Applications
-$!
-$ IF F$TYPE('APPS_MODULE') .NES. "" .AND. BUILDALL .NES. "LIBRARY"
-$ THEN
-$   APPLICATION_COUNTER = 0
-$ NEXT_APPLICATION:
-$   APPLICATION = F$ELEMENT(APPLICATION_COUNTER,";",'APPS_MODULE')
-$   IF APPLICATION .EQS. ";" THEN GOTO APPLICATION_DONE
-$
-$   APPLICATION_COUNTER = APPLICATION_COUNTER + 1
-$   APPLICATION_OBJECTS = F$ELEMENT(1,"/",APPLICATION)
-$   APPLICATION = F$ELEMENT(0,"/",APPLICATION)
-$
-$!   WRITE SYS$OUTPUT "DEBUG: SHOW SYMBOL APPLICATION*"
-$!   SHOW SYMBOL APPLICATION*
-$!
-$! Tell the user what happens
-$!
-$   WRITE SYS$OUTPUT "        ",APPLICATION,".exe"
-$!
-$! Link The Program.
-$!
-$   ON ERROR THEN GOTO NEXT_APPLICATION
-$!
-$!  Link With A TCP/IP Library.
-$!
-$   LINK /'DEBUGGER' /'LINKMAP' /'TRACEBACK' -
-     /EXE='EXE_DIR''APPLICATION'.EXE -
-     'OBJ_DIR''APPLICATION_OBJECTS', -
-     'CRYPTO_LIB'/LIBRARY -
-     'TCPIP_LIB' -
-     'ZLIB_LIB' -
-     ,'OPT_FILE' /OPTIONS
-$!
-$   GOTO NEXT_APPLICATION
-$  APPLICATION_DONE:
-$ ENDIF
-$!
-$! Go Back And Get The Next Module.
-$!
-$ GOTO MODULE_NEXT
-$!
-$! All Done With This Module.
-$!
-$ MODULE_DONE:
-$!
-$! Tell The User That We Are All Done.
-$!
-$ WRITE SYS$OUTPUT "All Done..."
-$ EXIT:
-$ GOSUB CLEANUP
-$ EXIT
-$!
-$! Check For The Link Option FIle.
-$!
-$ CHECK_OPT_FILE:
-$!
-$! Check To See If We Need To Make A VAX C Option File.
-$!
-$ IF (COMPILER.EQS."VAXC")
-$ THEN
-$!
-$!  Check To See If We Already Have A VAX C Linker Option File.
-$!
-$   IF (F$SEARCH(OPT_FILE).EQS."")
-$   THEN
-$!
-$!    We Need A VAX C Linker Option File.
-$!
-$     CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File To Link Against 
-! The Sharable VAX C Runtime Library.
-!
-SYS$SHARE:VAXCRTL.EXE/SHARE
-$EOD
-$!
-$!  End The Option File Check.
-$!
-$   ENDIF
-$!
-$! End The VAXC Check.
-$!
-$ ENDIF
-$!
-$! Check To See If We Need A GNU C Option File.
-$!
-$ IF (COMPILER.EQS."GNUC")
-$ THEN
-$!
-$!  Check To See If We Already Have A GNU C Linker Option File.
-$!
-$   IF (F$SEARCH(OPT_FILE).EQS."")
-$   THEN
-$!
-$!    We Need A GNU C Linker Option File.
-$!
-$     CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File To Link Against 
-! The Sharable C Runtime Library.
-!
-GNU_CC:[000000]GCCLIB/LIBRARY
-SYS$SHARE:VAXCRTL/SHARE
-$EOD
-$!
-$!  End The Option File Check.
-$!
-$   ENDIF
-$!
-$! End The GNU C Check.
-$!
-$ ENDIF
-$!
-$! Check To See If We Need A DEC C Option File.
-$!
-$ IF (COMPILER.EQS."DECC")
-$ THEN
-$!
-$!  Check To See If We Already Have A DEC C Linker Option File.
-$!
-$   IF (F$SEARCH(OPT_FILE).EQS."")
-$   THEN
-$!
-$!    Figure Out If We Need A non-VAX Or A VAX Linker Option File.
-$!
-$     IF ARCH .EQS. "VAX"
-$     THEN
-$!
-$!      We Need A DEC C Linker Option File For VAX.
-$!
-$       CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File To Link Against 
-! The Sharable DEC C Runtime Library.
-!
-SYS$SHARE:DECC$SHR.EXE/SHARE
-$EOD
-$!
-$!    Else...
-$!
-$     ELSE
-$!
-$!      Create The non-VAX Linker Option File.
-$!
-$       CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File For non-VAX To Link Against 
-! The Sharable C Runtime Library.
-!
-SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
-SYS$SHARE:CMA$OPEN_RTL/SHARE
-$EOD
-$!
-$!    End The DEC C Option File Check.
-$!
-$     ENDIF
-$!
-$!  End The Option File Search.
-$!
-$   ENDIF
-$!
-$! End The DEC C Check.
-$!
-$ ENDIF
-$!
-$!  Tell The User What Linker Option File We Are Using.
-$!
-$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"."
-$!
-$! Time To RETURN.
-$!
-$ RETURN
-$!
-$! Check The User's Options.
-$!
-$ CHECK_OPTIONS:
-$!
-$! Check To See If P1 Is Blank.
-$!
-$ IF (P1.EQS."ALL")
-$ THEN
-$!
-$!   P1 Is Blank, So Build Everything.
-$!
-$    BUILDALL = "TRUE"
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$!  Else, Check To See If P1 Has A Valid Argument.
-$!
-$   IF (P1.EQS."LIBRARY").OR.(P1.EQS."APPS")
-$   THEN
-$!
-$!    A Valid Argument.
-$!
-$     BUILDALL = P1
-$!
-$!  Else...
-$!
-$   ELSE
-$!
-$!    Tell The User We Don't Know What They Want.
-$!
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "The Option ",P1," Is Invalid.  The Valid Options Are:"
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "    ALL      :  Just Build Everything."
-$     WRITE SYS$OUTPUT "    LIBRARY  :  To Compile Just The [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library."
-$     WRITE SYS$OUTPUT "    APPS     :  To Compile Just The [.xxx.EXE.CRYPTO]*.EXE Programs."
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT " Where 'xxx' Stands For:"
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "    ALPHA[64]:  Alpha Architecture."
-$     WRITE SYS$OUTPUT "    IA64[64] :  IA64 Architecture."
-$     WRITE SYS$OUTPUT "    VAX      :  VAX Architecture."
-$     WRITE SYS$OUTPUT ""
-$!
-$!    Time To EXIT.
-$!
-$     EXIT
-$!
-$!  End The Valid Argument Check.
-$!
-$   ENDIF
-$!
-$! End The P1 Check.
-$!
-$ ENDIF
-$!
-$! Check To See If P2 Is Blank.
-$!
-$ IF (P2.EQS."NODEBUG")
-$ THEN
-$!
-$!  P2 Is NODEBUG, So Compile Without The Debugger Information.
-$!
-$   DEBUGGER = "NODEBUG"
-$   LINKMAP = "NOMAP"
-$   TRACEBACK = "NOTRACEBACK" 
-$   GCC_OPTIMIZE = "OPTIMIZE"
-$   CC_OPTIMIZE = "OPTIMIZE"
-$   MACRO_OPTIMIZE = "OPTIMIZE"
-$   WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
-$   WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
-$ ELSE
-$!
-$!  Check To See If We Are To Compile With Debugger Information.
-$!
-$   IF (P2.EQS."DEBUG")
-$   THEN
-$!
-$!    Compile With Debugger Information.
-$!
-$     DEBUGGER = "DEBUG"
-$     LINKMAP = "MAP"
-$     TRACEBACK = "TRACEBACK"
-$     GCC_OPTIMIZE = "NOOPTIMIZE"
-$     CC_OPTIMIZE = "NOOPTIMIZE"
-$     MACRO_OPTIMIZE = "NOOPTIMIZE"
-$     WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile."
-$     WRITE SYS$OUTPUT "Compiling Without Compiler Optimization."
-$   ELSE 
-$!
-$!    They Entered An Invalid Option.
-$!
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "The Option ",P2," Is Invalid.  The Valid Options Are:"
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "     DEBUG   :  Compile With The Debugger Information."
-$     WRITE SYS$OUTPUT "     NODEBUG :  Compile Without The Debugger Information."
-$     WRITE SYS$OUTPUT ""
-$!
-$!    Time To EXIT.
-$!
-$     EXIT
-$!
-$!  End The Valid Argument Check.
-$!
-$   ENDIF
-$!
-$! End The P2 Check.
-$!
-$ ENDIF
-$!
-$! Special Threads For OpenVMS v7.1 Or Later
-$!
-$! Written By:  Richard Levitte
-$!              richard@levitte.org
-$!
-$!
-$! Check To See If We Have A Option For P5.
-$!
-$ IF (P5.EQS."")
-$ THEN
-$!
-$!  Get The Version Of VMS We Are Using.
-$!
-$   ISSEVEN :=
-$   TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION")))
-$   TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP))
-$!
-$!  Check To See If The VMS Version Is v7.1 Or Later.
-$!
-$   IF (TMP.GE.71)
-$   THEN
-$!
-$!    We Have OpenVMS v7.1 Or Later, So Use The Special Threads.
-$!
-$     ISSEVEN := ,PTHREAD_USE_D4
-$!
-$!  End The VMS Version Check.
-$!
-$   ENDIF
-$!
-$! End The P5 Check.
-$!
-$ ENDIF
-$!
-$! Check P7 (POINTER_SIZE).
-$!
-$ IF (P7 .NES. "") .AND. (ARCH .NES. "VAX")
-$ THEN
-$!
-$   IF (P7 .EQS. "32")
-$   THEN
-$     POINTER_SIZE = " /POINTER_SIZE=32"
-$   ELSE
-$     POINTER_SIZE = F$EDIT( P7, "COLLAPSE, UPCASE")
-$     IF ((POINTER_SIZE .EQS. "64") .OR. -
-       (POINTER_SIZE .EQS. "64=") .OR. -
-       (POINTER_SIZE .EQS. "64=ARGV"))
-$     THEN
-$       ARCHD = ARCH+ "_64"
-$       LIB32 = ""
-$       POINTER_SIZE = " /POINTER_SIZE=64"
-$     ELSE
-$!
-$!      Tell The User Entered An Invalid Option.
-$!
-$       WRITE SYS$OUTPUT ""
-$       WRITE SYS$OUTPUT "The Option ", P7, -
-         " Is Invalid.  The Valid Options Are:"
-$       WRITE SYS$OUTPUT ""
-$       WRITE SYS$OUTPUT -
-         "    """"       :  Compile with default (short) pointers."
-$       WRITE SYS$OUTPUT -
-         "    32       :  Compile with 32-bit (short) pointers."
-$       WRITE SYS$OUTPUT -
-         "    64       :  Compile with 64-bit (long) pointers (auto ARGV)."
-$       WRITE SYS$OUTPUT -
-         "    64=      :  Compile with 64-bit (long) pointers (no ARGV)."
-$       WRITE SYS$OUTPUT -
-         "    64=ARGV  :  Compile with 64-bit (long) pointers (ARGV)."
-$       WRITE SYS$OUTPUT ""
-$! 
-$!      Time To EXIT.
-$!
-$       EXIT
-$!
-$     ENDIF
-$!
-$   ENDIF
-$!
-$! End The P7 (POINTER_SIZE) Check.
-$!
-$ ENDIF
-$!
-$! Set basic C compiler /INCLUDE directories.
-$!
-$ CC_INCLUDES = "SYS$DISK:[.''ARCHD'],SYS$DISK:[],SYS$DISK:[-],"+ -
-   "SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.MODES],SYS$DISK:[.ASN1],SYS$DISK:[.EVP]"
-$!
-$! Check To See If P3 Is Blank.
-$!
-$ IF (P3.EQS."")
-$ THEN
-$!
-$!  O.K., The User Didn't Specify A Compiler, Let's Try To
-$!  Find Out Which One To Use.
-$!
-$!  Check To See If We Have GNU C.
-$!
-$   IF (F$TRNLNM("GNU_CC").NES."")
-$   THEN
-$!
-$!    Looks Like GNUC, Set To Use GNUC.
-$!
-$     P3 = "GNUC"
-$!
-$!  Else...
-$!
-$   ELSE
-$!
-$!    Check To See If We Have VAXC Or DECC.
-$!
-$     IF (ARCH.NES."VAX").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
-$     THEN 
-$!
-$!      Looks Like DECC, Set To Use DECC.
-$!
-$       P3 = "DECC"
-$!
-$!    Else...
-$!
-$     ELSE
-$!
-$!      Looks Like VAXC, Set To Use VAXC.
-$!
-$       P3 = "VAXC"
-$!
-$!    End The VAXC Compiler Check.
-$!
-$     ENDIF
-$!
-$!  End The DECC & VAXC Compiler Check.
-$!
-$   ENDIF
-$!
-$!  End The Compiler Check.
-$!
-$ ENDIF
-$!
-$! Check To See If We Have A Option For P4.
-$!
-$ IF (P4.EQS."")
-$ THEN
-$!
-$!  Find out what socket library we have available
-$!
-$   IF F$PARSE("SOCKETSHR:") .NES. ""
-$   THEN
-$!
-$!    We have SOCKETSHR, and it is my opinion that it's the best to use.
-$!
-$     P4 = "SOCKETSHR"
-$!
-$!    Tell the user
-$!
-$     WRITE SYS$OUTPUT "Using SOCKETSHR for TCP/IP"
-$!
-$!    Else, let's look for something else
-$!
-$   ELSE
-$!
-$!    Like UCX (the reason to do this before Multinet is that the UCX
-$!    emulation is easier to use...)
-$!
-$     IF F$TRNLNM("UCX$IPC_SHR") .NES. "" -
-         .OR. F$PARSE("SYS$SHARE:UCX$IPC_SHR.EXE") .NES. "" -
-         .OR. F$PARSE("SYS$LIBRARY:UCX$IPC.OLB") .NES. ""
-$     THEN
-$!
-$!      Last resort: a UCX or UCX-compatible library
-$!
-$       P4 = "UCX"
-$!
-$!      Tell the user
-$!
-$       WRITE SYS$OUTPUT "Using UCX or an emulation thereof for TCP/IP"
-$!
-$!      That was all...
-$!
-$     ENDIF
-$   ENDIF
-$ ENDIF
-$!
-$! Set Up Initial CC Definitions, Possibly With User Ones
-$!
-$ CCDEFS = "TCPIP_TYPE_''P4',DSO_VMS"
-$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
-$ CCEXTRAFLAGS = ""
-$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = "" !!! "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
-$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
-        CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
-$!
-$! Check To See If We Have A ZLIB Option.
-$!
-$ ZLIB = P8
-$ IF (ZLIB .NES. "")
-$ THEN
-$!
-$!  Check for expected ZLIB files.
-$!
-$   err = 0
-$   file1 = f$parse( "zlib.h", ZLIB, , , "SYNTAX_ONLY")
-$   if (f$search( file1) .eqs. "")
-$   then
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid."
-$     WRITE SYS$OUTPUT "    Can't find header: ''file1'"
-$     err = 1
-$   endif
-$   file1 = f$parse( "A.;", ZLIB)- "A.;"
-$!
-$   file2 = f$parse( ZLIB, "libz.olb", , , "SYNTAX_ONLY")
-$   if (f$search( file2) .eqs. "")
-$   then
-$     if (err .eq. 0)
-$     then
-$       WRITE SYS$OUTPUT ""
-$       WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid."
-$     endif
-$     WRITE SYS$OUTPUT "    Can't find library: ''file2'"
-$     WRITE SYS$OUTPUT ""
-$     err = err+ 2
-$   endif
-$   if (err .eq. 1)
-$   then
-$     WRITE SYS$OUTPUT ""
-$   endif
-$!
-$   if (err .ne. 0)
-$   then
-$     EXIT
-$   endif
-$!
-$   CCDEFS = """ZLIB=1"", "+ CCDEFS
-$   CC_INCLUDES = CC_INCLUDES+ ", "+ file1
-$   ZLIB_LIB = ", ''file2' /library"
-$!
-$!  Print info
-$!
-$   WRITE SYS$OUTPUT "ZLIB library spec: ", file2
-$!
-$! End The ZLIB Check.
-$!
-$ ENDIF
-$!
-$!  Check To See If The User Entered A Valid Parameter.
-$!
-$ IF (P3.EQS."VAXC").OR.(P3.EQS."DECC").OR.(P3.EQS."GNUC")
-$ THEN
-$!
-$!    Check To See If The User Wanted DECC.
-$!
-$   IF (P3.EQS."DECC")
-$   THEN
-$!
-$!    Looks Like DECC, Set To Use DECC.
-$!
-$     COMPILER = "DECC"
-$!
-$!    Tell The User We Are Using DECC.
-$!
-$     WRITE SYS$OUTPUT "Using DECC 'C' Compiler."
-$!
-$!    Use DECC...
-$!
-$     CC = "CC"
-$     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
-         THEN CC = "CC/DECC"
-$     CC = CC + " /''CC_OPTIMIZE' /''DEBUGGER' /STANDARD=RELAXED"+ -
-       "''POINTER_SIZE' /NOLIST /PREFIX=ALL" + -
-       " /INCLUDE=(''CC_INCLUDES')"+ -
-       CCEXTRAFLAGS
-$!
-$!    Define The Linker Options File Name.
-$!
-$     OPT_FILE = "VAX_DECC_OPTIONS.OPT"
-$!
-$!  End DECC Check.
-$!
-$   ENDIF
-$!
-$!  Check To See If We Are To Use VAXC.
-$!
-$   IF (P3.EQS."VAXC")
-$   THEN
-$!
-$!    Looks Like VAXC, Set To Use VAXC.
-$!
-$     COMPILER = "VAXC"
-$!
-$!    Tell The User We Are Using VAX C.
-$!
-$     WRITE SYS$OUTPUT "Using VAXC 'C' Compiler."
-$!
-$!    Compile Using VAXC.
-$!
-$     CC = "CC"
-$     IF ARCH.NES."VAX"
-$     THEN
-$       WRITE SYS$OUTPUT "There is no VAX C on ''ARCH'!"
-$       EXIT
-$     ENDIF
-$     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
-$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-       "/INCLUDE=(''CC_INCLUDES')"+ -
-           CCEXTRAFLAGS
-$     CCDEFS = """VAXC""," + CCDEFS
-$!
-$!    Define <sys> As SYS$COMMON:[SYSLIB]
-$!
-$     DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
-$!
-$!    Define The Linker Options File Name.
-$!
-$     OPT_FILE = "VAX_VAXC_OPTIONS.OPT"
-$!
-$!  End VAXC Check
-$!
-$   ENDIF
-$!
-$!  Check To See If We Are To Use GNU C.
-$!
-$   IF (P3.EQS."GNUC")
-$   THEN
-$!
-$!    Looks Like GNUC, Set To Use GNUC.
-$!
-$     COMPILER = "GNUC"
-$!
-$!    Tell The User We Are Using GNUC.
-$!
-$     WRITE SYS$OUTPUT "Using GNU 'C' Compiler."
-$!
-$!    Use GNU C...
-$!
-$     CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-       "/INCLUDE=(''CC_INCLUDES')"+ -
-           CCEXTRAFLAGS
-$!
-$!    Define The Linker Options File Name.
-$!
-$     OPT_FILE = "VAX_GNUC_OPTIONS.OPT"
-$!
-$!  End The GNU C Check.
-$!
-$   ENDIF
-$!
-$!  Set up default defines
-$!
-$   CCDEFS = """FLAT_INC=1""," + CCDEFS
-$!
-$!  Finish up the definition of CC.
-$!
-$   IF COMPILER .EQS. "DECC"
-$   THEN
-$     IF CCDISABLEWARNINGS .EQS. ""
-$     THEN
-$       CC4DISABLEWARNINGS = "DOLLARID"
-$       CC6DISABLEWARNINGS = "MIXLINKAGE"
-$     ELSE
-$       CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID"
-$       CC6DISABLEWARNINGS = CCDISABLEWARNINGS + ",MIXLINKAGE"
-$       CCDISABLEWARNINGS = " /WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
-$     ENDIF
-$     CC4DISABLEWARNINGS = " /WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
-$     CC6DISABLEWARNINGS = " /WARNING=(DISABLE=(" + CC6DISABLEWARNINGS + "))"
-$   ELSE
-$     CCDISABLEWARNINGS = ""
-$     CC4DISABLEWARNINGS = ""
-$     CC6DISABLEWARNINGS = ""
-$   ENDIF
-$   CC3 = CC + " /DEFINE=(" + CCDEFS + ISSEVEN + ")" + CCDISABLEWARNINGS
-$   CC = CC + " /DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
-$   IF ARCH .EQS. "VAX" .AND. COMPILER .EQS. "DECC" .AND. P2 .NES. "DEBUG"
-$   THEN
-$     CC5 = CC + " /OPTIMIZE=NODISJOINT"
-$     CC5_DIFFERENT = 1
-$   ELSE
-$     CC5 = CC
-$     CC5_DIFFERENT = 0
-$   ENDIF
-$   CC4 = CC - CCDISABLEWARNINGS + CC4DISABLEWARNINGS
-$   CC6 = CC - CCDISABLEWARNINGS + CC6DISABLEWARNINGS
-$!
-$!  Show user the result
-$!
-$   WRITE/SYMBOL SYS$OUTPUT "Main C Compiling Command: ",CC
-$!
-$!  Else The User Entered An Invalid Argument.
-$!
-$ ELSE
-$!
-$!  Tell The User We Don't Know What They Want.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The Option ",P3," Is Invalid.  The Valid Options Are:"
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "    VAXC  :  To Compile With VAX C."
-$   WRITE SYS$OUTPUT "    DECC  :  To Compile With DEC C."
-$   WRITE SYS$OUTPUT "    GNUC  :  To Compile With GNU C."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Time To EXIT.
-$!
-$   EXIT
-$!
-$! End The Valid Argument Check.
-$!
-$ ENDIF
-$!
-$! Build a MACRO command for the architecture at hand
-$!
-$ IF ARCH .EQS. "VAX" THEN MACRO = "MACRO/''DEBUGGER'"
-$ IF ARCH .NES. "VAX" THEN MACRO = "MACRO/MIGRATION/''DEBUGGER'/''MACRO_OPTIMIZE'"
-$!
-$!  Show user the result
-$!
-$   WRITE/SYMBOL SYS$OUTPUT "Main MACRO Compiling Command: ",MACRO
-$!
-$! Time to check the contents, and to make sure we get the correct library.
-$!
-$ IF P4.EQS."SOCKETSHR" .OR. P4.EQS."MULTINET" .OR. P4.EQS."UCX" -
-     .OR. P4.EQS."TCPIP" .OR. P4.EQS."NONE"
-$ THEN
-$!
-$!  Check to see if SOCKETSHR was chosen
-$!
-$   IF P4.EQS."SOCKETSHR"
-$   THEN
-$!
-$!    Set the library to use SOCKETSHR
-$!
-$     TCPIP_LIB = ",SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT /OPTIONS"
-$!
-$!    Done with SOCKETSHR
-$!
-$   ENDIF
-$!
-$!  Check to see if MULTINET was chosen
-$!
-$   IF P4.EQS."MULTINET"
-$   THEN
-$!
-$!    Set the library to use UCX emulation.
-$!
-$     P4 = "UCX"
-$!
-$!    Done with MULTINET
-$!
-$   ENDIF
-$!
-$!  Check to see if UCX was chosen
-$!
-$   IF P4.EQS."UCX"
-$   THEN
-$!
-$!    Set the library to use UCX.
-$!
-$     TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT /OPTIONS"
-$     IF F$TRNLNM("UCX$IPC_SHR") .NES. ""
-$     THEN
-$       TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT /OPTIONS"
-$     ELSE
-$       IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN -
-          TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT /OPTIONS"
-$     ENDIF
-$!
-$!    Done with UCX
-$!
-$   ENDIF
-$!
-$!  Check to see if TCPIP was chosen
-$!
-$   IF P4.EQS."TCPIP"
-$   THEN
-$!
-$!    Set the library to use TCPIP (post UCX).
-$!
-$     TCPIP_LIB = ",SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT /OPTIONS"
-$!
-$!    Done with TCPIP
-$!
-$   ENDIF
-$!
-$!  Check to see if NONE was chosen
-$!
-$   IF P4.EQS."NONE"
-$   THEN
-$!
-$!    Do not use a TCPIP library.
-$!
-$     TCPIP_LIB = ""
-$!
-$!    Done with TCPIP
-$!
-$   ENDIF
-$!
-$!  Print info
-$!
-$   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB- ","
-$!
-$!  Else The User Entered An Invalid Argument.
-$!
-$ ELSE
-$!
-$!  Tell The User We Don't Know What They Want.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The Option ",P4," Is Invalid.  The Valid Options Are:"
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "    SOCKETSHR  :  To link with SOCKETSHR TCP/IP library."
-$   WRITE SYS$OUTPUT "    UCX        :  To link with UCX TCP/IP library."
-$   WRITE SYS$OUTPUT "    TCPIP      :  To link with TCPIP (post UCX) TCP/IP library."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Time To EXIT.
-$!
-$   EXIT
-$!
-$!  Done with TCP/IP libraries
-$!
-$ ENDIF
-$!
-$! Check if the user wanted to compile just a subset of all the encryption
-$! methods.
-$!
-$ IF P6 .NES. ""
-$ THEN
-$   ENCRYPT_TYPES = P6
-$ ENDIF
-$!
-$!  Time To RETURN...
-$!
-$ RETURN
-$!
-$ INITIALISE:
-$!
-$! Save old value of the logical name OPENSSL
-$!
-$ __SAVE_OPENSSL = F$TRNLNM("OPENSSL","LNM$PROCESS_TABLE")
-$!
-$! Save directory information
-$!
-$ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A.;"
-$ __HERE = F$EDIT(__HERE,"UPCASE")
-$ __TOP = __HERE - "CRYPTO]"
-$ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
-$!
-$! Set up the logical name OPENSSL to point at the include directory
-$!
-$ DEFINE OPENSSL/NOLOG '__INCLUDE'
-$!
-$! Done
-$!
-$ RETURN
-$!
-$ CLEANUP:
-$!
-$! Restore the logical name OPENSSL if it had a value
-$!
-$ IF __SAVE_OPENSSL .EQS. ""
-$ THEN
-$   DEASSIGN OPENSSL
-$ ELSE
-$   DEFINE/NOLOG OPENSSL '__SAVE_OPENSSL'
-$ ENDIF
-$!
-$! Done
-$!
-$ RETURN
diff --git a/src/lib/libcrypto/crypto.h b/src/lib/libcrypto/crypto.h
index 6aeda0a9ac..f92fc5182d 100644
--- a/src/lib/libcrypto/crypto.h
+++ b/src/lib/libcrypto/crypto.h
@@ -488,10 +488,10 @@ void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int),
                                     long (**go)(void));
 
 void *CRYPTO_malloc_locked(int num, const char *file, int line);
-void CRYPTO_free_locked(void *);
+void CRYPTO_free_locked(void *ptr);
 void *CRYPTO_malloc(int num, const char *file, int line);
 char *CRYPTO_strdup(const char *str, const char *file, int line);
-void CRYPTO_free(void *);
+void CRYPTO_free(void *ptr);
 void *CRYPTO_realloc(void *addr,int num, const char *file, int line);
 void *CRYPTO_realloc_clean(void *addr,int old_num,int num,const char *file,
                            int line);
@@ -574,6 +574,13 @@ void OPENSSL_init(void);
 #define fips_cipher_abort(alg) while(0)
 #endif
 
+/* CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It
+ * takes an amount of time dependent on |len|, but independent of the contents
+ * of |a| and |b|. Unlike memcmp, it cannot be used to put elements into a
+ * defined order as the return value when a != b is undefined, other than to be
+ * non-zero. */
+int CRYPTO_memcmp(const void *a, const void *b, size_t len);
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
diff --git a/src/lib/libcrypto/des/des-lib.com b/src/lib/libcrypto/des/des-lib.com
deleted file mode 100644
index 348f1c0470..0000000000
--- a/src/lib/libcrypto/des/des-lib.com
+++ /dev/null
@@ -1,1005 +0,0 @@
-$!
-$!  DES-LIB.COM
-$!  Written By:  Robert Byer
-$!               Vice-President
-$!               A-Com Computing, Inc.
-$!               byer@mail.all-net.net
-$!
-$!  Changes by Richard Levitte <richard@levitte.org>
-$!
-$!  This command files compiles and creates the 
-$!  "[.xxx.EXE.CRYPTO.DES]LIBDES.OLB" library.  The "xxx" denotes the machine 
-$!  architecture of ALPHA, IA64 or VAX.
-$!
-$!  It was re-written to try to determine which "C" compiler to try to use
-$!  or the user can specify a compiler in P3.
-$!
-$!  Specify one of the following to build just that part, specify "ALL" to
-$!  just build everything.
-$!
-$!         ALL       To Just Build "Everything".
-$!         LIBRARY   To Just Build The [.xxx.EXE.CRYPTO.DES]LIBDES.OLB Library.
-$!         DESTEST   To Just Build The [.xxx.EXE.CRYPTO.DES]DESTEST.EXE Program.
-$!         SPEED     To Just Build The [.xxx.EXE.CRYPTO.DES]SPEED.EXE Program.
-$!         RPW       To Just Build The [.xxx.EXE.CRYPTO.DES]RPW.EXE Program.
-$!         DES       To Just Build The [.xxx.EXE.CRYPTO.DES]DES.EXE Program.
-$!         DES_OPTS  To Just Build The [.xxx.EXE.CRYPTO.DES]DES_OPTS.EXE Program.
-$!
-$!  Specify either DEBUG or NODEBUG as P2 to compile with or without
-$!  debugging information.
-$!
-$!  Specify which compiler at P3 to try to compile under.
-$!
-$!         VAXC  For VAX C.
-$!         DECC  For DEC C.
-$!         GNUC  For GNU C.
-$!
-$!  If you don't speficy a compiler, it will try to determine which
-$!  "C" compiler to try to use.
-$!
-$!  P4, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
-$!
-$!
-$! Make sure we know what architecture we run on.
-$!
-$!
-$! Check Which Architecture We Are Using.
-$!
-$ IF (F$GETSYI("CPU").LT.128)
-$ THEN
-$!
-$!  The Architecture Is VAX
-$!
-$   ARCH := VAX
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$!  The Architecture Is Alpha, IA64 or whatever comes in the future.
-$!
-$   ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
-$   IF (ARCH .EQS. "") THEN ARCH = "UNK"
-$!
-$! End The Architecture Check.
-$!
-$ ENDIF
-$!
-$! Define The OBJ Directory Name.
-$!
-$ OBJ_DIR := SYS$DISK:[--.'ARCH'.OBJ.CRYPTO.DES]
-$!
-$! Define The EXE Directory Name.
-$!
-$ EXE_DIR :== SYS$DISK:[--.'ARCH'.EXE.CRYPTO.DES]
-$!
-$! Check To Make Sure We Have Valid Command Line Parameters.
-$!
-$ GOSUB CHECK_OPTIONS
-$!
-$! Tell The User What Kind of Machine We Run On.
-$!
-$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine."
-$!
-$! Check To See If The Architecture Specific OBJ Directory Exists.
-$!
-$ IF (F$PARSE(OBJ_DIR).EQS."")
-$ THEN
-$!
-$!  It Dosen't Exist, So Create It.
-$!
-$   CREATE/DIR 'OBJ_DIR'
-$!
-$! End The Architecture Specific OBJ Directory Check.
-$!
-$ ENDIF
-$!
-$! Check To See If The Architecture Specific Directory Exists.
-$!
-$ IF (F$PARSE(EXE_DIR).EQS."")
-$ THEN
-$!
-$!  It Dosen't Exist, So Create It.
-$!
-$   CREATE/DIR 'EXE_DIR'
-$!
-$! End The Architecture Specific Directory Check.
-$!
-$ ENDIF
-$!
-$! Define The Library Name.
-$!
-$ LIB_NAME := 'EXE_DIR'LIBDES.OLB
-$!
-$! Check To See What We Are To Do.
-$!
-$ IF (BUILDALL.EQS."TRUE")
-$ THEN
-$!
-$!  Since Nothing Special Was Specified, Do Everything.
-$!
-$   GOSUB LIBRARY
-$   GOSUB DESTEST
-$   GOSUB SPEED
-$   GOSUB RPW
-$   GOSUB DES
-$   GOSUB DES_OPTS
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$!    Build Just What The User Wants Us To Build.
-$!
-$     GOSUB 'BUILDALL'
-$!
-$! End The BUILDALL Check.
-$!
-$ ENDIF
-$!
-$! Time To EXIT.
-$!
-$ EXIT
-$ LIBRARY:
-$!
-$! Tell The User That We Are Compiling.
-$!
-$ WRITE SYS$OUTPUT "Compiling The ",LIB_NAME," Files."
-$!
-$! Check To See If We Already Have A "[.xxx.EXE.CRYPTO.DES]LIBDES.OLB" Library...
-$!
-$ IF (F$SEARCH(LIB_NAME).EQS."")
-$ THEN
-$!
-$! Guess Not, Create The Library.
-$!
-$   LIBRARY/CREATE/OBJECT 'LIB_NAME'
-$!
-$! End The Library Exist Check.
-$!
-$ ENDIF
-$!
-$! Define The DES Library Files.
-$!
-$ LIB_DES = "set_key,ecb_enc,cbc_enc,"+ -
-                "ecb3_enc,cfb64enc,cfb64ede,cfb_enc,ofb64ede,"+ -
-                "enc_read,enc_writ,ofb64enc,"+ -
-                "ofb_enc,str2key,pcbc_enc,qud_cksm,rand_key,"+ -
-                "des_enc,fcrypt_b,read2pwd,"+ -
-                "fcrypt,xcbc_enc,read_pwd,rpc_enc,cbc_cksm,supp"
-$!
-$!  Define A File Counter And Set It To "0".
-$!
-$ FILE_COUNTER = 0
-$!
-$! Top Of The File Loop.
-$!
-$ NEXT_FILE:
-$!
-$! O.K, Extract The File Name From The File List.
-$!
-$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",LIB_DES)
-$!
-$! Check To See If We Are At The End Of The File List.
-$!
-$ IF (FILE_NAME.EQS.",") THEN GOTO FILE_DONE
-$!
-$! Increment The Counter.
-$!
-$ FILE_COUNTER = FILE_COUNTER + 1
-$!
-$! Create The Source File Name.
-$!
-$ SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME + ".C"
-$!
-$!  Tell The User We Are Compiling The Source File.
-$!
-$ WRITE SYS$OUTPUT "    ",FILE_NAME,".C"
-$!
-$! Create The Object File Name.
-$!
-$ OBJECT_FILE = OBJ_DIR + FILE_NAME + "." + ARCH + "OBJ"
-$ ON WARNING THEN GOTO NEXT_FILE
-$!
-$! Check To See If The File We Want To Compile Actually Exists.
-$!
-$ IF (F$SEARCH(SOURCE_FILE).EQS."")
-$ THEN
-$!
-$!  Tell The User That The File Dosen't Exist.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Dosen't Exist."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Exit The Build.
-$!
-$   EXIT
-$!
-$! End The File Exists Check.
-$!
-$ ENDIF
-$!
-$! Compile The File.
-$!
-$ ON ERROR THEN GOTO NEXT_FILE
-$ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
-$!
-$! Add It To The Library.
-$!
-$ LIBRARY/REPLACE/OBJECT 'LIB_NAME' 'OBJECT_FILE'
-$!
-$! Time To Clean Up The Object File.
-$!
-$ DELETE 'OBJECT_FILE';*
-$!
-$! Go Back And Do It Again.
-$!
-$ GOTO NEXT_FILE
-$!
-$! All Done With This Library Part.
-$!
-$ FILE_DONE:
-$!
-$! Tell The User That We Are All Done.
-$!
-$ WRITE SYS$OUTPUT "Library ",LIB_NAME," Built."
-$!
-$! All Done, Time To Return.
-$!
-$ RETURN
-$!
-$!  Compile The DESTEST Program.
-$!
-$ DESTEST:
-$!
-$! Check To See If We Have The Proper Libraries.
-$!
-$ GOSUB LIB_CHECK
-$!
-$! Check To See If We Have A Linker Option File.
-$!
-$ GOSUB CHECK_OPT_FILE
-$!
-$! Check To See If The File We Want To Compile Actually Exists.
-$!
-$ IF (F$SEARCH("SYS$DISK:[]DESTEST.C").EQS."")
-$ THEN
-$!
-$!  Tell The User That The File Dosen't Exist.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The File DESTEST.C Dosen't Exist."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Exit The Build.
-$!
-$   EXIT
-$!
-$! End The DESTEST.C File Check.
-$!
-$ ENDIF
-$!
-$! Tell The User What We Are Building.
-$!
-$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"DESTEST.EXE"
-$!
-$! Compile The DESTEST Program.
-$!
-$ CC/OBJECT='OBJ_DIR'DESTEST.OBJ SYS$DISK:[]DESTEST.C
-$!
-$! Link The DESTEST Program.
-$!
-$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'DESTEST.EXE -
-      'OBJ_DIR'DESTEST.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION
-$!
-$! All Done, Time To Return.
-$!
-$ RETURN
-$!
-$!  Compile The SPEED Program.
-$!
-$ SPEED:
-$!
-$! Check To See If We Have The Proper Libraries.
-$!
-$ GOSUB LIB_CHECK
-$!
-$! Check To See If We Have A Linker Option File.
-$!
-$ GOSUB CHECK_OPT_FILE
-$!
-$! Check To See If The File We Want To Compile Actually Exists.
-$!
-$ IF (F$SEARCH("SYS$DISK:[]SPEED.C").EQS."")
-$ THEN
-$!
-$!  Tell The User That The File Dosen't Exist.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The File SPEED.C Dosen't Exist."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Exit The Build.
-$!
-$   EXIT
-$!
-$! End The SPEED.C File Check.
-$!
-$ ENDIF
-$!
-$! Tell The User What We Are Building.
-$!
-$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"SPEED.EXE"
-$!
-$! Compile The SPEED Program.
-$!
-$ CC/OBJECT='OBJ_DIR'SPEED.OBJ SYS$DISK:[]SPEED.C
-$!
-$! Link The SPEED Program.
-$!
-$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'SPEED.EXE -
-      'OBJ_DIR'SPEED.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION
-$!
-$! All Done, Time To Return.
-$!
-$ RETURN
-$!
-$!  Compile The RPW Program.
-$!
-$ RPW:
-$!
-$! Check To See If We Have The Proper Libraries.
-$!
-$ GOSUB LIB_CHECK
-$!
-$! Check To See If We Have A Linker Option File.
-$!
-$ GOSUB CHECK_OPT_FILE
-$!
-$! Check To See If The File We Want To Compile Actually Exists.
-$!
-$ IF (F$SEARCH("SYS$DISK:[]RPW.C").EQS."")
-$ THEN
-$!
-$!  Tell The User That The File Dosen't Exist.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The File RPW.C Dosen't Exist."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Exit The Build.
-$!
-$   EXIT
-$!
-$! End The RPW.C File Check.
-$!
-$ ENDIF
-$!
-$! Tell The User What We Are Building.
-$!
-$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"RPW.EXE"
-$!
-$! Compile The RPW Program.
-$!
-$ CC/OBJECT='OBJ_DIR'RPW.OBJ SYS$DISK:[]RPW.C
-$!
-$! Link The RPW Program.
-$!
-$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'RPW.EXE -
-      'OBJ_DIR'RPW.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION
-$!
-$! All Done, Time To Return.
-$!
-$ RETURN
-$!
-$!  Compile The DES Program.
-$!
-$ DES:
-$!
-$! Check To See If We Have The Proper Libraries.
-$!
-$ GOSUB LIB_CHECK
-$!
-$! Check To See If We Have A Linker Option File.
-$!
-$ GOSUB CHECK_OPT_FILE
-$!
-$! Check To See If The File We Want To Compile Actually Exists.
-$!
-$ IF (F$SEARCH("SYS$DISK:[]DES.C").EQS."")
-$ THEN
-$!
-$!  Tell The User That The File Dosen't Exist.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The File DES.C Dosen't Exist."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Exit The Build.
-$!
-$   EXIT
-$!
-$! End The DES.C File Check.
-$!
-$ ENDIF
-$!
-$! Tell The User What We Are Building.
-$!
-$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"DES.EXE"
-$!
-$! Compile The DES Program.
-$!
-$ CC/OBJECT='OBJ_DIR'DES.OBJ SYS$DISK:[]DES.C
-$ CC/OBJECT='OBJ_DIR'DES.OBJ SYS$DISK:[]CBC3_ENC.C
-$!
-$! Link The DES Program.
-$!
-$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'DES.EXE -
-      'OBJ_DIR'DES.OBJ,'OBJ_DIR'CBC3_ENC.OBJ,-
-      'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION
-$!
-$! All Done, Time To Return.
-$!
-$ RETURN
-$!
-$!  Compile The DES_OPTS Program.
-$!
-$ DES_OPTS:
-$!
-$! Check To See If We Have The Proper Libraries.
-$!
-$ GOSUB LIB_CHECK
-$!
-$! Check To See If We Have A Linker Option File.
-$!
-$ GOSUB CHECK_OPT_FILE
-$!
-$! Check To See If The File We Want To Compile Actually Exists.
-$!
-$ IF (F$SEARCH("SYS$DISK:[]DES_OPTS.C").EQS."")
-$ THEN
-$!
-$!  Tell The User That The File Dosen't Exist.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The File DES_OPTS.C Dosen't Exist."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Exit The Build.
-$!
-$   EXIT
-$!
-$! End The DES_OPTS.C File Check.
-$!
-$ ENDIF
-$!
-$! Tell The User What We Are Building.
-$!
-$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"DES_OPTS.EXE"
-$!
-$! Compile The DES_OPTS Program.
-$!
-$ CC/OBJECT='OBJ_DIR'DES_OPTS.OBJ SYS$DISK:[]DES_OPTS.C
-$!
-$! Link The DES_OPTS Program.
-$!
-$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'DES_OPTS.EXE -
-      'OBJ_DIR'DES_OPTS.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION
-$!
-$! All Done, Time To Return.
-$!
-$ RETURN
-$ EXIT
-$!
-$! Check For The Link Option FIle.
-$!
-$ CHECK_OPT_FILE:
-$!
-$! Check To See If We Need To Make A VAX C Option File.
-$!
-$ IF (COMPILER.EQS."VAXC")
-$ THEN
-$!
-$!  Check To See If We Already Have A VAX C Linker Option File.
-$!
-$   IF (F$SEARCH(OPT_FILE).EQS."")
-$   THEN
-$!
-$!    We Need A VAX C Linker Option File.
-$!
-$     CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File To Link Agianst 
-! The Sharable VAX C Runtime Library.
-!
-SYS$SHARE:VAXCRTL.EXE/SHARE
-$EOD
-$!
-$!  End The Option File Check.
-$!
-$   ENDIF
-$!
-$! End The VAXC Check.
-$!
-$ ENDIF
-$!
-$! Check To See If We Need A GNU C Option File.
-$!
-$ IF (COMPILER.EQS."GNUC")
-$ THEN
-$!
-$!  Check To See If We Already Have A GNU C Linker Option File.
-$!
-$   IF (F$SEARCH(OPT_FILE).EQS."")
-$   THEN
-$!
-$!    We Need A GNU C Linker Option File.
-$!
-$     CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File To Link Agianst 
-! The Sharable C Runtime Library.
-!
-GNU_CC:[000000]GCCLIB/LIBRARY
-SYS$SHARE:VAXCRTL/SHARE
-$EOD
-$!
-$!  End The Option File Check.
-$!
-$   ENDIF
-$!
-$! End The GNU C Check.
-$!
-$ ENDIF
-$!
-$! Check To See If We Need A DEC C Option File.
-$!
-$ IF (COMPILER.EQS."DECC")
-$ THEN
-$!
-$!  Check To See If We Already Have A DEC C Linker Option File.
-$!
-$   IF (F$SEARCH(OPT_FILE).EQS."")
-$   THEN
-$!
-$!    Figure Out If We Need An non-VAX Or A VAX Linker Option File.
-$!
-$     IF (F$GETSYI("CPU").LT.128)
-$     THEN
-$!
-$!      We Need A DEC C Linker Option File For VAX.
-$!
-$       CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File To Link Agianst 
-! The Sharable DEC C Runtime Library.
-!
-SYS$SHARE:DECC$SHR.EXE/SHARE
-$EOD
-$!
-$!    Else...
-$!
-$     ELSE
-$!
-$!      Create The non-VAX Linker Option File.
-$!
-$       CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File For non-VAX To Link Agianst 
-! The Sharable C Runtime Library.
-!
-SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
-SYS$SHARE:CMA$OPEN_RTL/SHARE
-$EOD
-$!
-$!    End The DEC C Option File Check.
-$!
-$     ENDIF
-$!
-$!  End The Option File Search.
-$!
-$   ENDIF
-$!
-$! End The DEC C Check.
-$!
-$ ENDIF
-$!
-$!  Tell The User What Linker Option File We Are Using.
-$!
-$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"."     
-$!
-$! Time To RETURN.
-$!
-$ RETURN
-$!
-$! Library Check.
-$!
-$ LIB_CHECK:
-$!
-$!  Look For The Library LIBDES.OLB.
-$!
-$ IF (F$SEARCH(LIB_NAME).EQS."")
-$ THEN
-$!
-$!    Tell The User We Can't Find The [.xxx.CRYPTO.DES]LIBDES.OLB Library.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "Can't Find The Library ",LIB_NAME,"."
-$   WRITE SYS$OUTPUT "We Can't Link Without It."
-$   WRITE SYS$OUTPUT ""
-$!
-$!    Since We Can't Link Without It, Exit.
-$!
-$   EXIT
-$ ENDIF
-$!
-$! Time To Return.
-$!
-$ RETURN
-$!
-$! Check The User's Options.
-$!
-$ CHECK_OPTIONS:
-$!
-$! Check To See If We Are To "Just Build Everything".
-$!
-$ IF (P1.EQS."ALL")
-$ THEN
-$!
-$!   P1 Is "ALL", So Build Everything.
-$!
-$    BUILDALL = "TRUE"
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$!  Else, Check To See If P1 Has A Valid Argument.
-$!
-$   IF (P1.EQS."LIBRARY").OR.(P1.EQS."DESTEST").OR.(P1.EQS."SPEED") -
-       .OR.(P1.EQS."RPW").OR.(P1.EQS."DES").OR.(P1.EQS."DES_OPTS")
-$   THEN
-$!
-$!    A Valid Argument.
-$!
-$     BUILDALL = P1
-$!
-$!  Else...
-$!
-$   ELSE
-$!
-$!    Tell The User We Don't Know What They Want.
-$!
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "The Option ",P1," Is Invalid.  The Valid Options Are:"
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "    ALL      :  Just Build Everything."
-$     WRITE SYS$OUTPUT "    LIBRARY  :  To Compile Just The [.xxx.EXE.CRYPTO.DES]LIBDES.OLB Library."
-$     WRITE SYS$OUTPUT "    DESTEST  :  To Compile Just The [.xxx.EXE.CRYPTO.DES]DESTEST.EXE Program."
-$     WRITE SYS$OUTPUT "    SPEED    :  To Compile Just The [.xxx.EXE.CRYPTO.DES]SPEED.EXE Program."
-$     WRITE SYS$OUTPUT "    RPW      :  To Compile Just The [.xxx.EXE.CRYPTO.DES]RPW.EXE Program."
-$     WRITE SYS$OUTPUT "    DES      :  To Compile Just The [.xxx.EXE.CRYPTO.DES]DES.EXE Program."
-$     WRITE SYS$OUTPUT "    DES_OPTS :  To Compile Just The [.xxx.EXE.CRYTPO.DES]DES_OPTS.EXE Program."
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT " Where 'xxx' Stands For: "
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "    ALPHA    :  Alpha Architecture."
-$     WRITE SYS$OUTPUT "    IA64     :  IA64 Architecture."
-$     WRITE SYS$OUTPUT "    VAX      :  VAX Architecture."
-$     WRITE SYS$OUTPUT ""
-$!
-$!    Time To EXIT.
-$!
-$     EXIT
-$!
-$!  End The Valid Argument Check.
-$!
-$   ENDIF
-$!
-$! End The P1 Check.
-$!
-$ ENDIF
-$!
-$! Check To See If We Are To Compile Without Debugger Information.
-$!
-$ IF (P2.EQS."NODEBUG")
-$ THEN
-$!
-$!   P2 Is Blank, So Compile Without Debugger Information.
-$!
-$    DEBUGGER  = "NODEBUG"
-$    TRACEBACK = "NOTRACEBACK" 
-$    GCC_OPTIMIZE = "OPTIMIZE"
-$    CC_OPTIMIZE = "OPTIMIZE"
-$    WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
-$    WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$!  Check To See If We Are To Compile With Debugger Information.
-$!
-$   IF (P2.EQS."DEBUG")
-$   THEN
-$!
-$!    Compile With Debugger Information.
-$!
-$     DEBUGGER  = "DEBUG"
-$     TRACEBACK = "TRACEBACK"
-$     GCC_OPTIMIZE = "NOOPTIMIZE"
-$     CC_OPTIMIZE = "NOOPTIMIZE"
-$     WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile."
-$     WRITE SYS$OUTPUT "Compiling Without Compiler Optimization."
-$!
-$!  Else...
-$!
-$   ELSE
-$!
-$!    Tell The User Entered An Invalid Option..
-$!
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "The Option ",P2," Is Invalid.  The Valid Options Are:"
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "    DEBUG    :  Compile With The Debugger Information."
-$     WRITE SYS$OUTPUT "    NODEBUG  :  Compile Without The Debugger Information."
-$     WRITE SYS$OUTPUT ""
-$!
-$!    Time To EXIT.
-$!
-$     EXIT
-$!
-$!  End The Valid Argument Check.
-$!
-$   ENDIF
-$!
-$! End The P2 Check.
-$!
-$ ENDIF
-$!
-$! Special Threads For OpenVMS v7.1 Or Later.
-$!
-$! Written By:  Richard Levitte
-$!              richard@levitte.org
-$!
-$!
-$! Check To See If We Have A Option For P4.
-$!
-$ IF (P4.EQS."")
-$ THEN
-$!
-$!  Get The Version Of VMS We Are Using.
-$!
-$   ISSEVEN := ""
-$   TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION")))
-$   TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP))
-$!
-$!  Check To See If The VMS Version Is v7.1 Or Later.
-$!
-$   IF (TMP.GE.71)
-$   THEN
-$!
-$!    We Have OpenVMS v7.1 Or Later, So Use The Special Threads.
-$!
-$     ISSEVEN := ,PTHREAD_USE_D4
-$!
-$!  End The VMS Version Check.
-$!
-$   ENDIF
-$!
-$! End The P4 Check.
-$!
-$ ENDIF
-$!
-$! Check To See If P3 Is Blank.
-$!
-$ IF (P3.EQS."")
-$ THEN
-$!
-$!  O.K., The User Didn't Specify A Compiler, Let's Try To
-$!  Find Out Which One To Use.
-$!
-$!  Check To See If We Have GNU C.
-$!
-$   IF (F$TRNLNM("GNU_CC").NES."")
-$   THEN
-$!
-$!    Looks Like GNUC, Set To Use GNUC.
-$!
-$     P3 = "GNUC"
-$!
-$!  Else...
-$!
-$   ELSE
-$!
-$!    Check To See If We Have VAXC Or DECC.
-$!
-$     IF (ARCH.NES."VAX").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
-$     THEN 
-$!
-$!      Looks Like DECC, Set To Use DECC.
-$!
-$       P3 = "DECC"
-$!
-$!    Else...
-$!
-$     ELSE
-$!
-$!      Looks Like VAXC, Set To Use VAXC.
-$!
-$       P3 = "VAXC"
-$!
-$!    End The VAXC Compiler Check.
-$!
-$     ENDIF
-$!
-$!  End The DECC & VAXC Compiler Check.
-$!
-$   ENDIF
-$!
-$!  End The Compiler Check.
-$!
-$ ENDIF
-$!
-$! Set Up Initial CC Definitions, Possibly With User Ones
-$!
-$ CCDEFS = ""
-$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = USER_CCDEFS
-$ CCEXTRAFLAGS = ""
-$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = ""
-$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
-        CCDISABLEWARNINGS = USER_CCDISABLEWARNINGS
-$!
-$!  Check To See If The User Entered A Valid Paramter.
-$!
-$ IF (P3.EQS."VAXC").OR.(P3.EQS."DECC").OR.(P3.EQS."GNUC")
-$ THEN
-$!
-$!    Check To See If The User Wanted DECC.
-$!
-$   IF (P3.EQS."DECC")
-$   THEN
-$!
-$!    Looks Like DECC, Set To Use DECC.
-$!
-$     COMPILER = "DECC"
-$!
-$!    Tell The User We Are Using DECC.
-$!
-$     WRITE SYS$OUTPUT "Using DECC 'C' Compiler."
-$!
-$!    Use DECC...
-$!
-$     CC = "CC"
-$     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
-         THEN CC = "CC/DECC"
-$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
-           "/NOLIST/PREFIX=ALL" + CCEXTRAFLAGS
-$!
-$!    Define The Linker Options File Name.
-$!
-$     OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT"
-$!
-$!  End DECC Check.
-$!
-$   ENDIF
-$!
-$!  Check To See If We Are To Use VAXC.
-$!
-$   IF (P3.EQS."VAXC")
-$   THEN
-$!
-$!    Looks Like VAXC, Set To Use VAXC.
-$!
-$     COMPILER = "VAXC"
-$!
-$!    Tell The User We Are Using VAX C.
-$!
-$     WRITE SYS$OUTPUT "Using VAXC 'C' Compiler."
-$!
-$!    Compile Using VAXC.
-$!
-$     CC = "CC"
-$     IF ARCH.NES."VAX"
-$     THEN
-$       WRITE SYS$OUTPUT "There is no VAX C on ''ARCH'!"
-$       EXIT
-$     ENDIF
-$     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
-$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + CCEXTRAFLAGS
-$     CCDEFS = """VAXC""," + CCDEFS
-$!
-$!    Define <sys> As SYS$COMMON:[SYSLIB]
-$!
-$     DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
-$!
-$!    Define The Linker Options File Name.
-$!
-$     OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT"
-$!
-$!  End VAXC Check
-$!
-$   ENDIF
-$!
-$!  Check To See If We Are To Use GNU C.
-$!
-$   IF (P3.EQS."GNUC")
-$   THEN
-$!
-$!    Looks Like GNUC, Set To Use GNUC.
-$!
-$     COMPILER = "GNUC"
-$!
-$!    Tell The User We Are Using GNUC.
-$!
-$     WRITE SYS$OUTPUT "Using GNU 'C' Compiler."
-$!
-$!    Use GNU C...
-$!
-$     CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + CCEXTRAFLAGS
-$!
-$!    Define The Linker Options File Name.
-$!
-$     OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT"
-$!
-$!  End The GNU C Check.
-$!
-$   ENDIF
-$!
-$!  Set up default defines
-$!
-$   CCDEFS = """FLAT_INC=1""," + CCDEFS
-$!
-$!  Finish up the definition of CC.
-$!
-$   IF COMPILER .EQS. "DECC"
-$   THEN
-$     IF CCDISABLEWARNINGS .EQS. ""
-$     THEN
-$       CC4DISABLEWARNINGS = "DOLLARID"
-$     ELSE
-$       CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID"
-$       CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
-$     ENDIF
-$     CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
-$   ELSE
-$     CCDISABLEWARNINGS = ""
-$     CC4DISABLEWARNINGS = ""
-$   ENDIF
-$   CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
-$!
-$!  Show user the result
-$!
-$   WRITE SYS$OUTPUT "Main Compiling Command: ",CC
-$!
-$!  Else The User Entered An Invalid Argument.
-$!
-$ ELSE
-$!
-$!  Tell The User We Don't Know What They Want.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The Option ",P3," Is Invalid.  The Valid Options Are:"
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "    VAXC  :  To Compile With VAX C."
-$   WRITE SYS$OUTPUT "    DECC  :  To Compile With DEC C."
-$   WRITE SYS$OUTPUT "    GNUC  :  To Compile With GNU C."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Time To EXIT.
-$!
-$   EXIT
-$!
-$! End The P3 Check.
-$!
-$ ENDIF
-$!
-$!  Time To RETURN...
-$!
-$ RETURN
diff --git a/src/lib/libcrypto/des/des.h b/src/lib/libcrypto/des/des.h
index 23c8cfc901..1eaedcbd24 100644
--- a/src/lib/libcrypto/des/des.h
+++ b/src/lib/libcrypto/des/des.h
@@ -56,8 +56,8 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef HEADER_DES_H
-#define HEADER_DES_H
+#ifndef HEADER_NEW_DES_H
+#define HEADER_NEW_DES_H
 
 #include <openssl/e_os2.h>      /* OPENSSL_EXTERN, OPENSSL_NO_DES,
                                    DES_LONG (via openssl/opensslconf.h */
@@ -71,8 +71,6 @@
 # define OPENSSL_EXTERN OPENSSL_EXPORT
 #endif
 
-#define des_SPtrans DES_SPtrans
-
 #ifdef  __cplusplus
 extern "C" {
 #endif
diff --git a/src/lib/libcrypto/des/des_old.h b/src/lib/libcrypto/des/des_old.h
index 8665ba4e7e..2b2c372354 100644
--- a/src/lib/libcrypto/des/des_old.h
+++ b/src/lib/libcrypto/des/des_old.h
@@ -88,8 +88,8 @@
  *
  */
 
-#ifndef HEADER_DES_OLD_H
-#define HEADER_DES_OLD_H
+#ifndef HEADER_DES_H
+#define HEADER_DES_H
 
 #include <openssl/e_os2.h>      /* OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG */
 
@@ -97,7 +97,7 @@
 #error DES is disabled.
 #endif
 
-#ifndef HEADER_DES_H
+#ifndef HEADER_NEW_DES_H
 #error You must include des.h, not des_old.h directly.
 #endif
 
diff --git a/src/lib/libcrypto/des/set_key.c b/src/lib/libcrypto/des/set_key.c
index d3e69ca8b5..da4d62e112 100644
--- a/src/lib/libcrypto/des/set_key.c
+++ b/src/lib/libcrypto/des/set_key.c
@@ -63,9 +63,8 @@
  * 1.1 added norm_expand_bits
  * 1.0 First working version
  */
-#include "des_locl.h"
-
 #include <openssl/crypto.h>
+#include "des_locl.h"
 
 OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key,0)   /* defaults to false */
 
diff --git a/src/lib/libcrypto/des/str2key.c b/src/lib/libcrypto/des/str2key.c
index 9c2054bda6..1077f99d1b 100644
--- a/src/lib/libcrypto/des/str2key.c
+++ b/src/lib/libcrypto/des/str2key.c
@@ -56,8 +56,8 @@
  * [including the GNU Public Licence.]
  */
 
-#include "des_locl.h"
 #include <openssl/crypto.h>
+#include "des_locl.h"
 
 void DES_string_to_key(const char *str, DES_cblock *key)
         {
diff --git a/src/lib/libcrypto/doc/ERR_get_error.pod b/src/lib/libcrypto/doc/ERR_get_error.pod
index 34443045fc..828ecf529b 100644
--- a/src/lib/libcrypto/doc/ERR_get_error.pod
+++ b/src/lib/libcrypto/doc/ERR_get_error.pod
@@ -52,8 +52,11 @@ ERR_get_error_line_data(), ERR_peek_error_line_data() and
 ERR_get_last_error_line_data() store additional data and flags
 associated with the error code in *B<data>
 and *B<flags>, unless these are B<NULL>. *B<data> contains a string
-if *B<flags>&B<ERR_TXT_STRING>. If it has been allocated by OPENSSL_malloc(),
-*B<flags>&B<ERR_TXT_MALLOCED> is true.
+if *B<flags>&B<ERR_TXT_STRING> is true. 
+
+An application B<MUST NOT> free the *B<data> pointer (or any other pointers
+returned by these functions) with OPENSSL_free() as freeing is handled
+automatically by the error library.
 
 =head1 RETURN VALUES
 
diff --git a/src/lib/libcrypto/doc/EVP_BytesToKey.pod b/src/lib/libcrypto/doc/EVP_BytesToKey.pod
index d375c46e03..0ea7d55c0f 100644
--- a/src/lib/libcrypto/doc/EVP_BytesToKey.pod
+++ b/src/lib/libcrypto/doc/EVP_BytesToKey.pod
@@ -17,7 +17,7 @@ EVP_BytesToKey - password based encryption routine
 
 EVP_BytesToKey() derives a key and IV from various parameters. B<type> is
 the cipher to derive the key and IV for. B<md> is the message digest to use.
-The B<salt> paramter is used as a salt in the derivation: it should point to
+The B<salt> parameter is used as a salt in the derivation: it should point to
 an 8 byte buffer or NULL if no salt is used. B<data> is a buffer containing
 B<datal> bytes which is used to derive the keying data. B<count> is the
 iteration count to use. The derived key and IV will be written to B<key>
diff --git a/src/lib/libcrypto/doc/EVP_DigestInit.pod b/src/lib/libcrypto/doc/EVP_DigestInit.pod
index 1aa15acb61..367691cc7a 100644
--- a/src/lib/libcrypto/doc/EVP_DigestInit.pod
+++ b/src/lib/libcrypto/doc/EVP_DigestInit.pod
@@ -252,9 +252,9 @@ digest name passed on the command line.
 
 =head1 SEE ALSO
 
-L<evp(3)|evp(3)>, L<HMAC(3)|HMAC(3)>, L<MD2(3)|MD2(3)>,
-L<MD5(3)|MD5(3)>, L<MDC2(3)|MDC2(3)>, L<RIPEMD160(3)|RIPEMD160(3)>,
-L<SHA1(3)|SHA1(3)>
+L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
+L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
 
 =head1 HISTORY
 
diff --git a/src/lib/libcrypto/doc/EVP_EncryptInit.pod b/src/lib/libcrypto/doc/EVP_EncryptInit.pod
index 8271d3dfc4..1c4bf184a1 100644
--- a/src/lib/libcrypto/doc/EVP_EncryptInit.pod
+++ b/src/lib/libcrypto/doc/EVP_EncryptInit.pod
@@ -152,7 +152,7 @@ does not remain in memory.
 
 EVP_EncryptInit(), EVP_DecryptInit() and EVP_CipherInit() behave in a
 similar way to EVP_EncryptInit_ex(), EVP_DecryptInit_ex and
-EVP_CipherInit_ex() except the B<ctx> paramter does not need to be
+EVP_CipherInit_ex() except the B<ctx> parameter does not need to be
 initialized and they always use the default cipher implementation.
 
 EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() behave in a
diff --git a/src/lib/libcrypto/doc/EVP_SignInit.pod b/src/lib/libcrypto/doc/EVP_SignInit.pod
index 781d43e401..620a623ab6 100644
--- a/src/lib/libcrypto/doc/EVP_SignInit.pod
+++ b/src/lib/libcrypto/doc/EVP_SignInit.pod
@@ -89,10 +89,10 @@ The previous two bugs are fixed in the newer EVP_SignDigest*() function.
 =head1 SEE ALSO
 
 L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>,
-L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
-L<evp(3)|evp(3)>, L<HMAC(3)|HMAC(3)>, L<MD2(3)|MD2(3)>,
-L<MD5(3)|MD5(3)>, L<MDC2(3)|MDC2(3)>, L<RIPEMD(3)|RIPEMD(3)>,
-L<SHA1(3)|SHA1(3)>, L<digest(1)|digest(1)>
+L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
+L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
+L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
 
 =head1 HISTORY
 
diff --git a/src/lib/libcrypto/doc/dsa.pod b/src/lib/libcrypto/doc/dsa.pod
index ae2e5d81f9..da07d2b930 100644
--- a/src/lib/libcrypto/doc/dsa.pod
+++ b/src/lib/libcrypto/doc/dsa.pod
@@ -101,7 +101,8 @@ Standard, DSS), ANSI X9.30
 =head1 SEE ALSO
 
 L<bn(3)|bn(3)>, L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
-L<rsa(3)|rsa(3)>, L<SHA1(3)|SHA1(3)>, L<DSA_new(3)|DSA_new(3)>,
+L<rsa(3)|rsa(3)>, L<sha(3)|sha(3)>, L<engine(3)|engine(3)>,
+L<DSA_new(3)|DSA_new(3)>,
 L<DSA_size(3)|DSA_size(3)>,
 L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>,
 L<DSA_dup_DH(3)|DSA_dup_DH(3)>,
diff --git a/src/lib/libcrypto/dso/dso_dlfcn.c b/src/lib/libcrypto/dso/dso_dlfcn.c
index e21b9f6dbc..5f351b318d 100644
--- a/src/lib/libcrypto/dso/dso_dlfcn.c
+++ b/src/lib/libcrypto/dso/dso_dlfcn.c
@@ -86,7 +86,7 @@ DSO_METHOD *DSO_METHOD_dlfcn(void)
 # if defined(_AIX) || defined(__CYGWIN__) || \
      defined(__SCO_VERSION__) || defined(_SCO_ELF) || \
      (defined(__osf__) && !defined(RTLD_NEXT))     || \
-     (defined(__OpenBSD__) && (!defined(__ELF__) || !defined(RTLD_SELF))) || \
+     (defined(__OpenBSD__) && !defined(RTLD_SELF)) || \
         defined(__ANDROID__)
 #  undef HAVE_DLINFO
 # endif
diff --git a/src/lib/libcrypto/ec/ec.h b/src/lib/libcrypto/ec/ec.h
index 9d01325af3..dfe8710d33 100644
--- a/src/lib/libcrypto/ec/ec.h
+++ b/src/lib/libcrypto/ec/ec.h
@@ -274,10 +274,10 @@ int EC_GROUP_get_curve_name(const EC_GROUP *group);
 void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag);
 int EC_GROUP_get_asn1_flag(const EC_GROUP *group);
 
-void EC_GROUP_set_point_conversion_form(EC_GROUP *, point_conversion_form_t);
+void EC_GROUP_set_point_conversion_form(EC_GROUP *group, point_conversion_form_t form);
 point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *);
 
-unsigned char *EC_GROUP_get0_seed(const EC_GROUP *);
+unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x);
 size_t EC_GROUP_get_seed_len(const EC_GROUP *);
 size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len);
 
@@ -626,8 +626,8 @@ int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *c
  */
 int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);
 
-int EC_POINT_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
-int EC_POINTs_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
+int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx);
+int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx);
 
 /** Computes r = generator * n sum_{i=0}^num p[i] * m[i]
  *  \param  group  underlying EC_GROUP object
@@ -800,16 +800,24 @@ const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key);
 int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub);
 
 unsigned EC_KEY_get_enc_flags(const EC_KEY *key);
-void EC_KEY_set_enc_flags(EC_KEY *, unsigned int);
-point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *);
-void EC_KEY_set_conv_form(EC_KEY *, point_conversion_form_t);
+void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags);
+point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key);
+void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform);
 /* functions to set/get method specific data  */
-void *EC_KEY_get_key_method_data(EC_KEY *, 
+void *EC_KEY_get_key_method_data(EC_KEY *key, 
         void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
-void EC_KEY_insert_key_method_data(EC_KEY *, void *data,
+/** Sets the key method data of an EC_KEY object, if none has yet been set.
+ *  \param  key              EC_KEY object
+ *  \param  data             opaque data to install.
+ *  \param  dup_func         a function that duplicates |data|.
+ *  \param  free_func        a function that frees |data|.
+ *  \param  clear_free_func  a function that wipes and frees |data|.
+ *  \return the previously set data pointer, or NULL if |data| was inserted.
+ */
+void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data,
         void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
 /* wrapper functions for the underlying EC_GROUP object */
-void EC_KEY_set_asn1_flag(EC_KEY *, int);
+void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag);
 
 /** Creates a table of pre-computed multiples of the generator to 
  *  accelerate further EC_KEY operations.
diff --git a/src/lib/libcrypto/ec/ec_lib.c b/src/lib/libcrypto/ec/ec_lib.c
index 25247b5803..de9a0cc2b3 100644
--- a/src/lib/libcrypto/ec/ec_lib.c
+++ b/src/lib/libcrypto/ec/ec_lib.c
@@ -480,10 +480,10 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx)
         if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) !=
             EC_METHOD_get_field_type(EC_GROUP_method_of(b)))
                 return 1;
-        /* compare the curve name (if present) */
+        /* compare the curve name (if present in both) */
         if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) &&
-            EC_GROUP_get_curve_name(a) == EC_GROUP_get_curve_name(b))
-                return 0;
+            EC_GROUP_get_curve_name(a) != EC_GROUP_get_curve_name(b))
+                return 1;
 
         if (!ctx)
                 ctx_new = ctx = BN_CTX_new();
@@ -993,12 +993,12 @@ int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN
         if (group->meth->point_cmp == 0)
                 {
                 ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return 0;
+                return -1;
                 }
         if ((group->meth != a->meth) || (a->meth != b->meth))
                 {
                 ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS);
-                return 0;
+                return -1;
                 }
         return group->meth->point_cmp(group, a, b, ctx);
         }
diff --git a/src/lib/libcrypto/ec/ecp_mont.c b/src/lib/libcrypto/ec/ecp_mont.c
index 079e47431b..f04f132c7a 100644
--- a/src/lib/libcrypto/ec/ecp_mont.c
+++ b/src/lib/libcrypto/ec/ecp_mont.c
@@ -114,7 +114,6 @@ const EC_METHOD *EC_GFp_mont_method(void)
                 ec_GFp_mont_field_decode,
                 ec_GFp_mont_field_set_to_one };
 
-
         return &ret;
 #endif
         }
diff --git a/src/lib/libcrypto/ec/ectest.c b/src/lib/libcrypto/ec/ectest.c
index f107782de0..102eaa9b23 100644
--- a/src/lib/libcrypto/ec/ectest.c
+++ b/src/lib/libcrypto/ec/ectest.c
@@ -236,7 +236,7 @@ static void group_order_tests(EC_GROUP *group)
         }
 
 static void prime_field_tests(void)
-        {       
+        {
         BN_CTX *ctx = NULL;
         BIGNUM *p, *a, *b;
         EC_GROUP *group;
diff --git a/src/lib/libcrypto/ecdh/Makefile b/src/lib/libcrypto/ecdh/Makefile
index 65d8904ee8..ba05fea05c 100644
--- a/src/lib/libcrypto/ecdh/Makefile
+++ b/src/lib/libcrypto/ecdh/Makefile
@@ -84,17 +84,12 @@ ech_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 ech_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 ech_err.o: ech_err.c
 ech_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-ech_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-ech_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-ech_key.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-ech_key.o: ../../include/openssl/engine.h ../../include/openssl/evp.h
-ech_key.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-ech_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-ech_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-ech_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-ech_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-ech_key.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-ech_key.o: ../../include/openssl/x509_vfy.h ech_key.c ech_locl.h
+ech_key.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ech_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+ech_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ech_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+ech_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ech_key.o: ech_key.c ech_locl.h
 ech_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 ech_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 ech_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
diff --git a/src/lib/libcrypto/engine/eng_all.c b/src/lib/libcrypto/engine/eng_all.c
index 0ae5d672b1..6093376df4 100644
--- a/src/lib/libcrypto/engine/eng_all.c
+++ b/src/lib/libcrypto/engine/eng_all.c
@@ -73,7 +73,6 @@ void ENGINE_load_builtin_engines(void)
 #if !defined(OPENSSL_NO_HW) && (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV))
         ENGINE_load_cryptodev();
 #endif
-
 #ifndef OPENSSL_NO_RSAX
         ENGINE_load_rsax();
 #endif
diff --git a/src/lib/libcrypto/engine/eng_list.c b/src/lib/libcrypto/engine/eng_list.c
index 27846edb1e..95c858960b 100644
--- a/src/lib/libcrypto/engine/eng_list.c
+++ b/src/lib/libcrypto/engine/eng_list.c
@@ -408,6 +408,7 @@ ENGINE *ENGINE_by_id(const char *id)
                                 !ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) ||
                                 !ENGINE_ctrl_cmd_string(iterator, "DIR_ADD",
                                         load_dir, 0) ||
+                                !ENGINE_ctrl_cmd_string(iterator, "LIST_ADD", "1", 0) ||
                                 !ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0))
                                 goto notfound;
                 return iterator;
diff --git a/src/lib/libcrypto/err/err_all.c b/src/lib/libcrypto/err/err_all.c
index bd8946d8ba..8eb547d98d 100644
--- a/src/lib/libcrypto/err/err_all.c
+++ b/src/lib/libcrypto/err/err_all.c
@@ -64,7 +64,9 @@
 #endif
 #include <openssl/buffer.h>
 #include <openssl/bio.h>
+#ifndef OPENSSL_NO_COMP
 #include <openssl/comp.h>
+#endif
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
@@ -95,6 +97,9 @@
 #include <openssl/ui.h>
 #include <openssl/ocsp.h>
 #include <openssl/err.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
 #include <openssl/ts.h>
 #ifndef OPENSSL_NO_CMS
 #include <openssl/cms.h>
@@ -102,11 +107,6 @@
 #ifndef OPENSSL_NO_JPAKE
 #include <openssl/jpake.h>
 #endif
-#include <openssl/comp.h>
-
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 
 void ERR_load_crypto_strings(void)
         {
@@ -130,7 +130,9 @@ void ERR_load_crypto_strings(void)
         ERR_load_ASN1_strings();
         ERR_load_CONF_strings();
         ERR_load_CRYPTO_strings();
+#ifndef OPENSSL_NO_COMP
         ERR_load_COMP_strings();
+#endif
 #ifndef OPENSSL_NO_EC
         ERR_load_EC_strings();
 #endif
@@ -153,15 +155,14 @@ void ERR_load_crypto_strings(void)
 #endif
         ERR_load_OCSP_strings();
         ERR_load_UI_strings();
+#ifdef OPENSSL_FIPS
+        ERR_load_FIPS_strings();
+#endif
 #ifndef OPENSSL_NO_CMS
         ERR_load_CMS_strings();
 #endif
 #ifndef OPENSSL_NO_JPAKE
         ERR_load_JPAKE_strings();
 #endif
-        ERR_load_COMP_strings();
-#endif
-#ifdef OPENSSL_FIPS
-        ERR_load_FIPS_strings();
 #endif
         }
diff --git a/src/lib/libcrypto/evp/Makefile b/src/lib/libcrypto/evp/Makefile
index 0fe1b96bff..0447b442bc 100644
--- a/src/lib/libcrypto/evp/Makefile
+++ b/src/lib/libcrypto/evp/Makefile
@@ -67,7 +67,7 @@ files:
 links:
         @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
         @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
-        cp $(TESTDATA) ../../test
+        @[ -f $(TESTDATA) ] && cp $(TESTDATA) ../../test && echo "$(TESTDATA) -> ../../test/$(TESTDATA)"
         @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
@@ -356,6 +356,20 @@ evp_acnf.o: ../../include/openssl/opensslconf.h
 evp_acnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 evp_acnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 evp_acnf.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_acnf.c
+evp_cnf.o: ../../e_os.h ../../include/openssl/asn1.h
+evp_cnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+evp_cnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+evp_cnf.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+evp_cnf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+evp_cnf.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+evp_cnf.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+evp_cnf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_cnf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+evp_cnf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+evp_cnf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+evp_cnf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+evp_cnf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+evp_cnf.o: ../../include/openssl/x509v3.h ../cryptlib.h evp_cnf.c
 evp_enc.o: ../../e_os.h ../../include/openssl/asn1.h
 evp_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 evp_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
@@ -437,28 +451,22 @@ evp_pkey.o: ../asn1/asn1_locl.h ../cryptlib.h evp_pkey.c
 m_dss.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 m_dss.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 m_dss.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-m_dss.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-m_dss.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-m_dss.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-m_dss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_dss.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-m_dss.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_dss.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_dss.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+m_dss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_dss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 m_dss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 m_dss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_dss.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 m_dss.o: ../cryptlib.h m_dss.c
 m_dss1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 m_dss1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 m_dss1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-m_dss1.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-m_dss1.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-m_dss1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-m_dss1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_dss1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-m_dss1.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_dss1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_dss1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+m_dss1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_dss1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 m_dss1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 m_dss1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_dss1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 m_dss1.o: ../cryptlib.h m_dss1.c
 m_ecdsa.o: ../../e_os.h ../../include/openssl/asn1.h
 m_ecdsa.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
@@ -563,16 +571,13 @@ m_sha.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 m_sha.o: ../cryptlib.h evp_locl.h m_sha.c
 m_sha1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 m_sha1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-m_sha1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-m_sha1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-m_sha1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_sha1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-m_sha1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-m_sha1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-m_sha1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+m_sha1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_sha1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+m_sha1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_sha1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_sha1.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
 m_sha1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 m_sha1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_sha1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 m_sha1.o: ../cryptlib.h m_sha1.c
 m_sigver.o: ../../e_os.h ../../include/openssl/asn1.h
 m_sigver.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
diff --git a/src/lib/libcrypto/evp/bio_b64.c b/src/lib/libcrypto/evp/bio_b64.c
index 72a2a67277..ac6d441aad 100644
--- a/src/lib/libcrypto/evp/bio_b64.c
+++ b/src/lib/libcrypto/evp/bio_b64.c
@@ -264,7 +264,7 @@ static int b64_read(BIO *b, char *out, int outl)
                                 }
 
                         /* we fell off the end without starting */
-                        if (j == i)
+                        if ((j == i) && (num == 0))
                                 {
                                 /* Is this is one long chunk?, if so, keep on
                                  * reading until a new line. */
diff --git a/src/lib/libcrypto/evp/digest.c b/src/lib/libcrypto/evp/digest.c
index 467e6b5ae9..d14e8e48d5 100644
--- a/src/lib/libcrypto/evp/digest.c
+++ b/src/lib/libcrypto/evp/digest.c
@@ -267,6 +267,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
         return FIPS_digestfinal(ctx, md, size);
 #else
         int ret;
+
         OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
         ret=ctx->digest->final(ctx,md);
         if (size != NULL)
@@ -365,8 +366,11 @@ int EVP_Digest(const void *data, size_t count,
 
 void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
         {
-        EVP_MD_CTX_cleanup(ctx);
-        OPENSSL_free(ctx);
+        if (ctx)
+                {
+                EVP_MD_CTX_cleanup(ctx);
+                OPENSSL_free(ctx);
+                }
         }
 
 /* This call frees resources associated with the context */
diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
index 1e4af0cb75..c7869b69ef 100644
--- a/src/lib/libcrypto/evp/e_aes.c
+++ b/src/lib/libcrypto/evp/e_aes.c
@@ -842,7 +842,10 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                         gctx->ctr = NULL;
                         break;
                         }
+                else
 #endif
+                (void)0;        /* terminate potentially open 'else' */
+
                 AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks);
                 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f)AES_encrypt);
 #ifdef AES_CTR_ASM
@@ -969,8 +972,6 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 
         if (!gctx->iv_set)
                 return -1;
-        if (!ctx->encrypt && gctx->taglen < 0)
-                return -1;
         if (in)
                 {
                 if (out == NULL)
@@ -1012,6 +1013,8 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                 {
                 if (!ctx->encrypt)
                         {
+                        if (gctx->taglen < 0)
+                                return -1;
                         if (CRYPTO_gcm128_finish(&gctx->gcm,
                                         ctx->buf, gctx->taglen) != 0)
                                 return -1;
@@ -1083,14 +1086,17 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                         xctx->xts.block1 = (block128_f)vpaes_decrypt;
                         }
 
-                vpaes_set_encrypt_key(key + ctx->key_len/2,
+                    vpaes_set_encrypt_key(key + ctx->key_len/2,
                                                 ctx->key_len * 4, &xctx->ks2);
-                xctx->xts.block2 = (block128_f)vpaes_encrypt;
+                    xctx->xts.block2 = (block128_f)vpaes_encrypt;
 
-                xctx->xts.key1 = &xctx->ks1;
-                break;
-                }
+                    xctx->xts.key1 = &xctx->ks1;
+                    break;
+                    }
+                else
 #endif
+                (void)0;        /* terminate potentially open 'else' */
+
                 if (enc)
                         {
                         AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1);
@@ -1217,6 +1223,7 @@ static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                         vpaes_set_encrypt_key(key, ctx->key_len*8, &cctx->ks);
                         CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
                                         &cctx->ks, (block128_f)vpaes_encrypt);
+                        cctx->str = NULL;
                         cctx->key_set = 1;
                         break;
                         }
diff --git a/src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c b/src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c
index 483e04b605..fb2c884a78 100644
--- a/src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c
@@ -328,10 +328,11 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 
                                 if (res!=SHA_CBLOCK) continue;
 
-                                mask = 0-((inp_len+8-j)>>(sizeof(j)*8-1));
+                                /* j is not incremented yet */
+                                mask = 0-((inp_len+7-j)>>(sizeof(j)*8-1));
                                 data->u[SHA_LBLOCK-1] |= bitlen&mask;
                                 sha1_block_data_order(&key->md,data,1);
-                                mask &= 0-((j-inp_len-73)>>(sizeof(j)*8-1));
+                                mask &= 0-((j-inp_len-72)>>(sizeof(j)*8-1));
                                 pmac->u[0] |= key->md.h0 & mask;
                                 pmac->u[1] |= key->md.h1 & mask;
                                 pmac->u[2] |= key->md.h2 & mask;
diff --git a/src/lib/libcrypto/evp/e_des3.c b/src/lib/libcrypto/evp/e_des3.c
index 1e69972662..8d7b7de292 100644
--- a/src/lib/libcrypto/evp/e_des3.c
+++ b/src/lib/libcrypto/evp/e_des3.c
@@ -101,7 +101,7 @@ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                               const unsigned char *in, size_t inl)
 {
-        if (inl>=EVP_MAXCHUNK)
+        while (inl>=EVP_MAXCHUNK)
                 {
                 DES_ede3_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK,
                                &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
@@ -132,7 +132,7 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         printf("\n");
         }
 #endif    /* KSSL_DEBUG */
-        if (inl>=EVP_MAXCHUNK)
+        while (inl>=EVP_MAXCHUNK)
                 {
                 DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK,
                              &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
@@ -151,7 +151,7 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                               const unsigned char *in, size_t inl)
 {
-        if (inl>=EVP_MAXCHUNK)
+        while (inl>=EVP_MAXCHUNK)
                 {
                 DES_ede3_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, 
                                &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h
index 3b1fa87576..faeb3c24e6 100644
--- a/src/lib/libcrypto/evp/evp.h
+++ b/src/lib/libcrypto/evp/evp.h
@@ -788,8 +788,8 @@ const EVP_CIPHER *EVP_aes_128_cfb128(void);
 # define EVP_aes_128_cfb EVP_aes_128_cfb128
 const EVP_CIPHER *EVP_aes_128_ofb(void);
 const EVP_CIPHER *EVP_aes_128_ctr(void);
-const EVP_CIPHER *EVP_aes_128_gcm(void);
 const EVP_CIPHER *EVP_aes_128_ccm(void);
+const EVP_CIPHER *EVP_aes_128_gcm(void);
 const EVP_CIPHER *EVP_aes_128_xts(void);
 const EVP_CIPHER *EVP_aes_192_ecb(void);
 const EVP_CIPHER *EVP_aes_192_cbc(void);
@@ -799,8 +799,8 @@ const EVP_CIPHER *EVP_aes_192_cfb128(void);
 # define EVP_aes_192_cfb EVP_aes_192_cfb128
 const EVP_CIPHER *EVP_aes_192_ofb(void);
 const EVP_CIPHER *EVP_aes_192_ctr(void);
-const EVP_CIPHER *EVP_aes_192_gcm(void);
 const EVP_CIPHER *EVP_aes_192_ccm(void);
+const EVP_CIPHER *EVP_aes_192_gcm(void);
 const EVP_CIPHER *EVP_aes_256_ecb(void);
 const EVP_CIPHER *EVP_aes_256_cbc(void);
 const EVP_CIPHER *EVP_aes_256_cfb1(void);
@@ -809,8 +809,8 @@ const EVP_CIPHER *EVP_aes_256_cfb128(void);
 # define EVP_aes_256_cfb EVP_aes_256_cfb128
 const EVP_CIPHER *EVP_aes_256_ofb(void);
 const EVP_CIPHER *EVP_aes_256_ctr(void);
-const EVP_CIPHER *EVP_aes_256_gcm(void);
 const EVP_CIPHER *EVP_aes_256_ccm(void);
+const EVP_CIPHER *EVP_aes_256_gcm(void);
 const EVP_CIPHER *EVP_aes_256_xts(void);
 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
 const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void);
@@ -1242,6 +1242,8 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
         int (*ctrl_str)(EVP_PKEY_CTX *ctx,
                                         const char *type, const char *value));
 
+void EVP_add_alg_module(void);
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
@@ -1256,6 +1258,7 @@ void ERR_load_EVP_strings(void);
 #define EVP_F_AES_INIT_KEY                               133
 #define EVP_F_AES_XTS                                    172
 #define EVP_F_AES_XTS_CIPHER                             175
+#define EVP_F_ALG_MODULE_INIT                            177
 #define EVP_F_CAMELLIA_INIT_KEY                          159
 #define EVP_F_CMAC_INIT                                  173
 #define EVP_F_D2I_PKEY                                   100
@@ -1349,15 +1352,19 @@ void ERR_load_EVP_strings(void);
 #define EVP_R_DIFFERENT_PARAMETERS                       153
 #define EVP_R_DISABLED_FOR_FIPS                          163
 #define EVP_R_ENCODE_ERROR                               115
+#define EVP_R_ERROR_LOADING_SECTION                      165
+#define EVP_R_ERROR_SETTING_FIPS_MODE                    166
 #define EVP_R_EVP_PBE_CIPHERINIT_ERROR                   119
 #define EVP_R_EXPECTING_AN_RSA_KEY                       127
 #define EVP_R_EXPECTING_A_DH_KEY                         128
 #define EVP_R_EXPECTING_A_DSA_KEY                        129
 #define EVP_R_EXPECTING_A_ECDSA_KEY                      141
 #define EVP_R_EXPECTING_A_EC_KEY                         142
+#define EVP_R_FIPS_MODE_NOT_SUPPORTED                    167
 #define EVP_R_INITIALIZATION_ERROR                       134
 #define EVP_R_INPUT_NOT_INITIALIZED                      111
 #define EVP_R_INVALID_DIGEST                             152
+#define EVP_R_INVALID_FIPS_MODE                          168
 #define EVP_R_INVALID_KEY_LENGTH                         130
 #define EVP_R_INVALID_OPERATION                          148
 #define EVP_R_IV_TOO_LARGE                               102
@@ -1382,6 +1389,7 @@ void ERR_load_EVP_strings(void);
 #define EVP_R_TOO_LARGE                                  164
 #define EVP_R_UNKNOWN_CIPHER                             160
 #define EVP_R_UNKNOWN_DIGEST                             161
+#define EVP_R_UNKNOWN_OPTION                             169
 #define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
 #define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS                135
 #define EVP_R_UNSUPPORTED_ALGORITHM                      156
diff --git a/src/lib/libcrypto/evp/evp_err.c b/src/lib/libcrypto/evp/evp_err.c
index db0f76d59b..08eab9882f 100644
--- a/src/lib/libcrypto/evp/evp_err.c
+++ b/src/lib/libcrypto/evp/evp_err.c
@@ -75,6 +75,7 @@ static ERR_STRING_DATA EVP_str_functs[]=
 {ERR_FUNC(EVP_F_AES_INIT_KEY),  "AES_INIT_KEY"},
 {ERR_FUNC(EVP_F_AES_XTS),       "AES_XTS"},
 {ERR_FUNC(EVP_F_AES_XTS_CIPHER),        "AES_XTS_CIPHER"},
+{ERR_FUNC(EVP_F_ALG_MODULE_INIT),       "ALG_MODULE_INIT"},
 {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY),     "CAMELLIA_INIT_KEY"},
 {ERR_FUNC(EVP_F_CMAC_INIT),     "CMAC_INIT"},
 {ERR_FUNC(EVP_F_D2I_PKEY),      "D2I_PKEY"},
@@ -171,15 +172,19 @@ static ERR_STRING_DATA EVP_str_reasons[]=
 {ERR_REASON(EVP_R_DIFFERENT_PARAMETERS)  ,"different parameters"},
 {ERR_REASON(EVP_R_DISABLED_FOR_FIPS)     ,"disabled for fips"},
 {ERR_REASON(EVP_R_ENCODE_ERROR)          ,"encode error"},
+{ERR_REASON(EVP_R_ERROR_LOADING_SECTION) ,"error loading section"},
+{ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE),"error setting fips mode"},
 {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"},
 {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY)  ,"expecting an rsa key"},
 {ERR_REASON(EVP_R_EXPECTING_A_DH_KEY)    ,"expecting a dh key"},
 {ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY)   ,"expecting a dsa key"},
 {ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY) ,"expecting a ecdsa key"},
 {ERR_REASON(EVP_R_EXPECTING_A_EC_KEY)    ,"expecting a ec key"},
+{ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED),"fips mode not supported"},
 {ERR_REASON(EVP_R_INITIALIZATION_ERROR)  ,"initialization error"},
 {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"},
 {ERR_REASON(EVP_R_INVALID_DIGEST)        ,"invalid digest"},
+{ERR_REASON(EVP_R_INVALID_FIPS_MODE)     ,"invalid fips mode"},
 {ERR_REASON(EVP_R_INVALID_KEY_LENGTH)    ,"invalid key length"},
 {ERR_REASON(EVP_R_INVALID_OPERATION)     ,"invalid operation"},
 {ERR_REASON(EVP_R_IV_TOO_LARGE)          ,"iv too large"},
@@ -204,6 +209,7 @@ static ERR_STRING_DATA EVP_str_reasons[]=
 {ERR_REASON(EVP_R_TOO_LARGE)             ,"too large"},
 {ERR_REASON(EVP_R_UNKNOWN_CIPHER)        ,"unknown cipher"},
 {ERR_REASON(EVP_R_UNKNOWN_DIGEST)        ,"unknown digest"},
+{ERR_REASON(EVP_R_UNKNOWN_OPTION)        ,"unknown option"},
 {ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"},
 {ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS),"unsuported number of rounds"},
 {ERR_REASON(EVP_R_UNSUPPORTED_ALGORITHM) ,"unsupported algorithm"},
diff --git a/src/lib/libcrypto/evp/m_dss.c b/src/lib/libcrypto/evp/m_dss.c
index 4ad63ada6f..6fb7e9a861 100644
--- a/src/lib/libcrypto/evp/m_dss.c
+++ b/src/lib/libcrypto/evp/m_dss.c
@@ -60,7 +60,7 @@
 #include "cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/objects.h>
-#include <openssl/x509.h>
+#include <openssl/sha.h>
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
diff --git a/src/lib/libcrypto/evp/m_dss1.c b/src/lib/libcrypto/evp/m_dss1.c
index f80170efeb..2df362a670 100644
--- a/src/lib/libcrypto/evp/m_dss1.c
+++ b/src/lib/libcrypto/evp/m_dss1.c
@@ -63,7 +63,7 @@
 
 #include <openssl/evp.h>
 #include <openssl/objects.h>
-#include <openssl/x509.h>
+#include <openssl/sha.h>
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
diff --git a/src/lib/libcrypto/evp/m_sha1.c b/src/lib/libcrypto/evp/m_sha1.c
index 3cb11f1ebb..bd0c01ad3c 100644
--- a/src/lib/libcrypto/evp/m_sha1.c
+++ b/src/lib/libcrypto/evp/m_sha1.c
@@ -65,7 +65,7 @@
 
 #include <openssl/evp.h>
 #include <openssl/objects.h>
-#include <openssl/x509.h>
+#include <openssl/sha.h>
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
diff --git a/src/lib/libcrypto/evp/p5_crpt2.c b/src/lib/libcrypto/evp/p5_crpt2.c
index 975d004df4..fe3c6c8813 100644
--- a/src/lib/libcrypto/evp/p5_crpt2.c
+++ b/src/lib/libcrypto/evp/p5_crpt2.c
@@ -85,19 +85,24 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
         unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4];
         int cplen, j, k, tkeylen, mdlen;
         unsigned long i = 1;
-        HMAC_CTX hctx;
+        HMAC_CTX hctx_tpl, hctx;
 
         mdlen = EVP_MD_size(digest);
         if (mdlen < 0)
                 return 0;
 
-        HMAC_CTX_init(&hctx);
+        HMAC_CTX_init(&hctx_tpl);
         p = out;
         tkeylen = keylen;
         if(!pass)
                 passlen = 0;
         else if(passlen == -1)
                 passlen = strlen(pass);
+        if (!HMAC_Init_ex(&hctx_tpl, pass, passlen, digest, NULL))
+                {
+                HMAC_CTX_cleanup(&hctx_tpl);
+                return 0;
+                }
         while(tkeylen)
                 {
                 if(tkeylen > mdlen)
@@ -111,19 +116,36 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
                 itmp[1] = (unsigned char)((i >> 16) & 0xff);
                 itmp[2] = (unsigned char)((i >> 8) & 0xff);
                 itmp[3] = (unsigned char)(i & 0xff);
-                if (!HMAC_Init_ex(&hctx, pass, passlen, digest, NULL)
-                        || !HMAC_Update(&hctx, salt, saltlen)
-                        || !HMAC_Update(&hctx, itmp, 4)
-                        || !HMAC_Final(&hctx, digtmp, NULL))
+                if (!HMAC_CTX_copy(&hctx, &hctx_tpl))
                         {
+                        HMAC_CTX_cleanup(&hctx_tpl);
+                        return 0;
+                        }
+                if (!HMAC_Update(&hctx, salt, saltlen)
+                    || !HMAC_Update(&hctx, itmp, 4)
+                    || !HMAC_Final(&hctx, digtmp, NULL))
+                        {
+                        HMAC_CTX_cleanup(&hctx_tpl);
                         HMAC_CTX_cleanup(&hctx);
                         return 0;
                         }
+                HMAC_CTX_cleanup(&hctx);
                 memcpy(p, digtmp, cplen);
                 for(j = 1; j < iter; j++)
                         {
-                        HMAC(digest, pass, passlen,
-                                 digtmp, mdlen, digtmp, NULL);
+                        if (!HMAC_CTX_copy(&hctx, &hctx_tpl))
+                                {
+                                HMAC_CTX_cleanup(&hctx_tpl);
+                                return 0;
+                                }
+                        if (!HMAC_Update(&hctx, digtmp, mdlen)
+                            || !HMAC_Final(&hctx, digtmp, NULL))
+                                {
+                                HMAC_CTX_cleanup(&hctx_tpl);
+                                HMAC_CTX_cleanup(&hctx);
+                                return 0;
+                                }
+                        HMAC_CTX_cleanup(&hctx);
                         for(k = 0; k < cplen; k++)
                                 p[k] ^= digtmp[k];
                         }
@@ -131,7 +153,7 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
                 i++;
                 p+= cplen;
                 }
-        HMAC_CTX_cleanup(&hctx);
+        HMAC_CTX_cleanup(&hctx_tpl);
 #ifdef DEBUG_PKCS5V2
         fprintf(stderr, "Password:\n");
         h__dump (pass, passlen);
diff --git a/src/lib/libcrypto/evp/p_sign.c b/src/lib/libcrypto/evp/p_sign.c
index dfa48c157c..8afb664306 100644
--- a/src/lib/libcrypto/evp/p_sign.c
+++ b/src/lib/libcrypto/evp/p_sign.c
@@ -80,7 +80,7 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
         {
         unsigned char m[EVP_MAX_MD_SIZE];
         unsigned int m_len;
-        int i=0,ok=0,v;
+        int i = 0,ok = 0,v;
         EVP_MD_CTX tmp_ctx;
         EVP_PKEY_CTX *pkctx = NULL;
 
diff --git a/src/lib/libcrypto/evp/p_verify.c b/src/lib/libcrypto/evp/p_verify.c
index 5f5c409f45..c66d63ccf8 100644
--- a/src/lib/libcrypto/evp/p_verify.c
+++ b/src/lib/libcrypto/evp/p_verify.c
@@ -67,7 +67,7 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
         {
         unsigned char m[EVP_MAX_MD_SIZE];
         unsigned int m_len;
-        int i=-1,ok=0,v;
+        int i = 0,ok = 0,v;
         EVP_MD_CTX tmp_ctx;
         EVP_PKEY_CTX *pkctx = NULL;
 
diff --git a/src/lib/libcrypto/install-crypto.com b/src/lib/libcrypto/install-crypto.com
deleted file mode 100755
index 85b3d583cf..0000000000
--- a/src/lib/libcrypto/install-crypto.com
+++ /dev/null
@@ -1,196 +0,0 @@
-$! INSTALL.COM -- Installs the files in a given directory tree
-$!
-$! Author: Richard Levitte <richard@levitte.org>
-$! Time of creation: 22-MAY-1998 10:13
-$!
-$! Changes by Zoltan Arpadffy <zoli@polarhome.com>
-$!
-$! P1  root of the directory tree
-$! P2  "64" for 64-bit pointers.
-$!
-$!
-$! Announce/identify.
-$!
-$ proc = f$environment( "procedure")
-$ write sys$output "@@@ "+ -
-   f$parse( proc, , , "name")+ f$parse( proc, , , "type")
-$!
-$ on error then goto tidy
-$ on control_c then goto tidy
-$!
-$ if (p1 .eqs. "")
-$ then
-$   write sys$output "First argument missing."
-$   write sys$output -
-     "It should be the directory where you want things installed."
-$     exit
-$ endif
-$!
-$ if (f$getsyi( "cpu") .lt. 128)
-$ then
-$   arch = "VAX"
-$ else
-$   arch = f$edit( f$getsyi( "arch_name"), "upcase")
-$   if (arch .eqs. "") then arch = "UNK"
-$ endif
-$!
-$ archd = arch
-$ lib32 = "32"
-$ shr = "_SHR32"
-$!
-$ if (p2 .nes. "")
-$ then
-$   if (p2 .eqs. "64")
-$   then
-$     archd = arch+ "_64"
-$     lib32 = ""
-$     shr = "_SHR"
-$   else
-$     if (p2 .nes. "32")
-$     then
-$       write sys$output "Second argument invalid."
-$       write sys$output "It should be "32", "64", or nothing."
-$       exit
-$     endif
-$   endif
-$ endif
-$!
-$ root = f$parse( p1, "[]A.;0", , , "syntax_only, no_conceal") - "A.;0"
-$ root_dev = f$parse( root, , , "device", "syntax_only")
-$ root_dir = f$parse( root, , , "directory", "syntax_only") - -
-   "[000000." - "][" - "[" - "]"
-$ root = root_dev + "[" + root_dir
-$!
-$ define /nolog wrk_sslroot 'root'.] /trans=conc
-$ define /nolog wrk_sslinclude wrk_sslroot:[include]
-$ define /nolog wrk_sslxlib wrk_sslroot:['arch'_lib]
-$!
-$ if f$parse("wrk_sslroot:[000000]") .eqs. "" then -
-   create /directory /log wrk_sslroot:[000000]
-$ if f$parse("wrk_sslinclude:") .eqs. "" then -
-   create /directory /log wrk_sslinclude:
-$ if f$parse("wrk_sslxlib:") .eqs. "" then -
-   create /directory /log wrk_sslxlib:
-$!
-$ sdirs := , -
-   'archd', -
-   objects, -
-   md2, md4, md5, sha, mdc2, hmac, ripemd, whrlpool, -
-   des, aes, rc2, rc4, rc5, idea, bf, cast, camellia, seed, -
-   bn, ec, rsa, dsa, ecdsa, dh, ecdh, dso, engine, -
-   buffer, bio, stack, lhash, rand, err, -
-   evp, asn1, pem, x509, x509v3, conf, txt_db, pkcs7, pkcs12, comp, ocsp, -
-   ui, krb5, -
-   store, cms, pqueue, ts, jpake
-$!
-$ exheader_ := crypto.h, opensslv.h, ebcdic.h, symhacks.h, ossl_typ.h
-$ exheader_'archd' := opensslconf.h
-$ exheader_objects := objects.h, obj_mac.h
-$ exheader_md2 := md2.h
-$ exheader_md4 := md4.h
-$ exheader_md5 := md5.h
-$ exheader_sha := sha.h
-$ exheader_mdc2 := mdc2.h
-$ exheader_hmac := hmac.h
-$ exheader_ripemd := ripemd.h
-$ exheader_whrlpool := whrlpool.h
-$ exheader_des := des.h, des_old.h
-$ exheader_aes := aes.h
-$ exheader_rc2 := rc2.h
-$ exheader_rc4 := rc4.h
-$ exheader_rc5 := rc5.h
-$ exheader_idea := idea.h
-$ exheader_bf := blowfish.h
-$ exheader_cast := cast.h
-$ exheader_camellia := camellia.h
-$ exheader_seed := seed.h
-$ exheader_modes := modes.h
-$ exheader_bn := bn.h
-$ exheader_ec := ec.h
-$ exheader_rsa := rsa.h
-$ exheader_dsa := dsa.h
-$ exheader_ecdsa := ecdsa.h
-$ exheader_dh := dh.h
-$ exheader_ecdh := ecdh.h
-$ exheader_dso := dso.h
-$ exheader_engine := engine.h
-$ exheader_buffer := buffer.h
-$ exheader_bio := bio.h
-$ exheader_stack := stack.h, safestack.h
-$ exheader_lhash := lhash.h
-$ exheader_rand := rand.h
-$ exheader_err := err.h
-$ exheader_evp := evp.h
-$ exheader_asn1 := asn1.h, asn1_mac.h, asn1t.h
-$ exheader_pem := pem.h, pem2.h
-$ exheader_x509 := x509.h, x509_vfy.h
-$ exheader_x509v3 := x509v3.h
-$ exheader_conf := conf.h, conf_api.h
-$ exheader_txt_db := txt_db.h
-$ exheader_pkcs7 := pkcs7.h
-$ exheader_pkcs12 := pkcs12.h
-$ exheader_comp := comp.h
-$ exheader_ocsp := ocsp.h
-$ exheader_ui := ui.h, ui_compat.h
-$ exheader_krb5 := krb5_asn.h
-$! exheader_store := store.h, str_compat.h
-$ exheader_store := store.h
-$ exheader_cms := cms.h
-$ exheader_pqueue := pqueue.h
-$ exheader_ts := ts.h
-$ exheader_jpake := jpake.h
-$ libs := ssl_libcrypto
-$!
-$ exe_dir := [-.'archd'.exe.crypto]
-$!
-$! Header files.
-$!
-$ i = 0
-$ loop_sdirs: 
-$   d = f$edit( f$element( i, ",", sdirs), "trim")
-$   i = i + 1
-$   if d .eqs. "," then goto loop_sdirs_end
-$   tmp = exheader_'d'
-$   if (d .nes. "") then d = "."+ d
-$   copy /protection = w:re ['d']'tmp' wrk_sslinclude: /log
-$ goto loop_sdirs
-$ loop_sdirs_end:
-$!
-$! Object libraries, shareable images.
-$!
-$ i = 0
-$ loop_lib: 
-$   e = f$edit( f$element( i, ",", libs), "trim")
-$   i = i + 1
-$   if e .eqs. "," then goto loop_lib_end
-$   set noon
-$   file = exe_dir+ e+ lib32+ ".olb"
-$   if f$search( file) .nes. ""
-$   then
-$     copy /protection = w:re 'file' wrk_sslxlib: /log
-$   endif
-$!
-$   file = exe_dir+ e+ shr+ ".exe"
-$   if f$search( file) .nes. ""
-$   then
-$     copy /protection = w:re 'file' wrk_sslxlib: /log
-$   endif
-$   set on
-$ goto loop_lib
-$ loop_lib_end:
-$!
-$ tidy:
-$!
-$ call deass wrk_sslroot
-$ call deass wrk_sslinclude
-$ call deass wrk_sslxlib
-$!
-$ exit
-$!
-$ deass: subroutine
-$ if (f$trnlnm( p1, "LNM$PROCESS") .nes. "")
-$ then
-$   deassign /process 'p1'
-$ endif
-$ endsubroutine
-$!
diff --git a/src/lib/libcrypto/install.com b/src/lib/libcrypto/install.com
deleted file mode 100644
index ad3e4d48c7..0000000000
--- a/src/lib/libcrypto/install.com
+++ /dev/null
@@ -1,155 +0,0 @@
-$! INSTALL.COM -- Installs the files in a given directory tree
-$!
-$! Author: Richard Levitte <richard@levitte.org>
-$! Time of creation: 22-MAY-1998 10:13
-$!
-$! Changes by Zoltan Arpadffy <zoli@polarhome.com>
-$!
-$! P1   root of the directory tree
-$!
-$       IF P1 .EQS. ""
-$       THEN
-$           WRITE SYS$OUTPUT "First argument missing."
-$           WRITE SYS$OUTPUT -
-                  "It should be the directory where you want things installed."
-$           EXIT
-$       ENDIF
-$
-$       IF (F$GETSYI("CPU").LT.128)
-$       THEN
-$           ARCH := VAX
-$       ELSE
-$           ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
-$           IF (ARCH .EQS. "") THEN ARCH = "UNK"
-$       ENDIF
-$
-$       ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
-$       ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
-$       ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
-                   - "[000000." - "][" - "[" - "]"
-$       ROOT = ROOT_DEV + "[" + ROOT_DIR
-$
-$       DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
-$       DEFINE/NOLOG WRK_SSLLIB WRK_SSLROOT:['ARCH'_LIB]
-$       DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE]
-$
-$       IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
-           CREATE/DIR/LOG WRK_SSLROOT:[000000]
-$       IF F$PARSE("WRK_SSLLIB:") .EQS. "" THEN -
-           CREATE/DIR/LOG WRK_SSLLIB:
-$       IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN -
-           CREATE/DIR/LOG WRK_SSLINCLUDE:
-$
-$       SDIRS := ,-
-                 _'ARCH',-
-                 OBJECTS,-
-                 MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,WHRLPOOL,-
-                 DES,AES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,-
-                 BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,-
-                 BUFFER,BIO,STACK,LHASH,RAND,ERR,-
-                 EVP,ASN1,PEM,X509,X509V3,CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,-
-                 UI,KRB5,-
-                 STORE,CMS,PQUEUE,TS,JPAKE
-$       EXHEADER_ := crypto.h,opensslv.h,ebcdic.h,symhacks.h,ossl_typ.h
-$       EXHEADER__'ARCH' := opensslconf.h
-$       EXHEADER_OBJECTS := objects.h,obj_mac.h
-$       EXHEADER_MD2 := md2.h
-$       EXHEADER_MD4 := md4.h
-$       EXHEADER_MD5 := md5.h
-$       EXHEADER_SHA := sha.h
-$       EXHEADER_MDC2 := mdc2.h
-$       EXHEADER_HMAC := hmac.h
-$       EXHEADER_RIPEMD := ripemd.h
-$       EXHEADER_WHRLPOOL := whrlpool.h
-$       EXHEADER_DES := des.h,des_old.h
-$       EXHEADER_AES := aes.h
-$       EXHEADER_RC2 := rc2.h
-$       EXHEADER_RC4 := rc4.h
-$       EXHEADER_RC5 := rc5.h
-$       EXHEADER_IDEA := idea.h
-$       EXHEADER_BF := blowfish.h
-$       EXHEADER_CAST := cast.h
-$       EXHEADER_CAMELLIA := camellia.h
-$       EXHEADER_SEED := seed.h
-$       EXHEADER_MODES := modes.h
-$       EXHEADER_BN := bn.h
-$       EXHEADER_EC := ec.h
-$       EXHEADER_RSA := rsa.h
-$       EXHEADER_DSA := dsa.h
-$       EXHEADER_ECDSA := ecdsa.h
-$       EXHEADER_DH := dh.h
-$       EXHEADER_ECDH := ecdh.h
-$       EXHEADER_DSO := dso.h
-$       EXHEADER_ENGINE := engine.h
-$       EXHEADER_BUFFER := buffer.h
-$       EXHEADER_BIO := bio.h
-$       EXHEADER_STACK := stack.h,safestack.h
-$       EXHEADER_LHASH := lhash.h
-$       EXHEADER_RAND := rand.h
-$       EXHEADER_ERR := err.h
-$       EXHEADER_EVP := evp.h
-$       EXHEADER_ASN1 := asn1.h,asn1_mac.h,asn1t.h
-$       EXHEADER_PEM := pem.h,pem2.h
-$       EXHEADER_X509 := x509.h,x509_vfy.h
-$       EXHEADER_X509V3 := x509v3.h
-$       EXHEADER_CONF := conf.h,conf_api.h
-$       EXHEADER_TXT_DB := txt_db.h
-$       EXHEADER_PKCS7 := pkcs7.h
-$       EXHEADER_PKCS12 := pkcs12.h
-$       EXHEADER_COMP := comp.h
-$       EXHEADER_OCSP := ocsp.h
-$       EXHEADER_UI := ui.h,ui_compat.h
-$       EXHEADER_KRB5 := krb5_asn.h
-$!      EXHEADER_STORE := store.h,str_compat.h
-$       EXHEADER_STORE := store.h
-$       EXHEADER_CMS := cms.h
-$       EXHEADER_PQUEUE := pqueue.h
-$       EXHEADER_TS := ts.h
-$       EXHEADER_JPAKE := jpake.h
-$       LIBS := LIBCRYPTO
-$
-$       EXE_DIR := [-.'ARCH'.EXE.CRYPTO]
-$
-$       I = 0
-$ LOOP_SDIRS: 
-$       D = F$EDIT(F$ELEMENT(I, ",", SDIRS),"TRIM")
-$       I = I + 1
-$       IF D .EQS. "," THEN GOTO LOOP_SDIRS_END
-$       tmp = EXHEADER_'D'
-$       IF D .EQS. ""
-$       THEN
-$         COPY 'tmp' WRK_SSLINCLUDE: /LOG
-$       ELSE
-$         IF D .EQS. "_''ARCH'"
-$         THEN
-$           COPY [-.'ARCH'.CRYPTO]'tmp' WRK_SSLINCLUDE: /LOG
-$         ELSE
-$           COPY [.'D']'tmp' WRK_SSLINCLUDE: /LOG
-$         ENDIF
-$       ENDIF
-$       SET FILE/PROT=WORLD:RE WRK_SSLINCLUDE:'tmp'
-$       GOTO LOOP_SDIRS
-$ LOOP_SDIRS_END:
-$
-$       I = 0
-$ LOOP_LIB: 
-$       E = F$EDIT(F$ELEMENT(I, ",", LIBS),"TRIM")
-$       I = I + 1
-$       IF E .EQS. "," THEN GOTO LOOP_LIB_END
-$       SET NOON
-$       IF F$SEARCH(EXE_DIR+E+".OLB") .NES. ""
-$       THEN
-$         COPY 'EXE_DIR''E'.OLB WRK_SSLLIB:'E'.OLB/log
-$         SET FILE/PROT=W:RE WRK_SSLLIB:'E'.OLB
-$       ENDIF
-$       ! Preparing for the time when we have shareable images
-$       IF F$SEARCH(EXE_DIR+E+".EXE") .NES. ""
-$       THEN
-$         COPY 'EXE_DIR''E'.EXE WRK_SSLLIB:'E'.EXE/log
-$         SET FILE/PROT=W:RE WRK_SSLLIB:'E'.EXE
-$       ENDIF
-$       SET ON
-$       GOTO LOOP_LIB
-$ LOOP_LIB_END:
-$
-$       EXIT
diff --git a/src/lib/libcrypto/md4/md4_dgst.c b/src/lib/libcrypto/md4/md4_dgst.c
index 82c2cb2d98..b5b165b052 100644
--- a/src/lib/libcrypto/md4/md4_dgst.c
+++ b/src/lib/libcrypto/md4/md4_dgst.c
@@ -106,22 +106,23 @@ void md4_block_data_order (MD4_CTX *c, const void *data_, size_t num)
 
         for (;num--;)
                 {
-        HOST_c2l(data,l); X( 0)=l;              HOST_c2l(data,l); X( 1)=l;
+        (void)HOST_c2l(data,l); X( 0)=l;
+        (void)HOST_c2l(data,l); X( 1)=l;
         /* Round 0 */
-        R0(A,B,C,D,X( 0), 3,0); HOST_c2l(data,l); X( 2)=l;
-        R0(D,A,B,C,X( 1), 7,0); HOST_c2l(data,l); X( 3)=l;
-        R0(C,D,A,B,X( 2),11,0); HOST_c2l(data,l); X( 4)=l;
-        R0(B,C,D,A,X( 3),19,0); HOST_c2l(data,l); X( 5)=l;
-        R0(A,B,C,D,X( 4), 3,0); HOST_c2l(data,l); X( 6)=l;
-        R0(D,A,B,C,X( 5), 7,0); HOST_c2l(data,l); X( 7)=l;
-        R0(C,D,A,B,X( 6),11,0); HOST_c2l(data,l); X( 8)=l;
-        R0(B,C,D,A,X( 7),19,0); HOST_c2l(data,l); X( 9)=l;
-        R0(A,B,C,D,X( 8), 3,0); HOST_c2l(data,l); X(10)=l;
-        R0(D,A,B,C,X( 9), 7,0); HOST_c2l(data,l); X(11)=l;
-        R0(C,D,A,B,X(10),11,0); HOST_c2l(data,l); X(12)=l;
-        R0(B,C,D,A,X(11),19,0); HOST_c2l(data,l); X(13)=l;
-        R0(A,B,C,D,X(12), 3,0); HOST_c2l(data,l); X(14)=l;
-        R0(D,A,B,C,X(13), 7,0); HOST_c2l(data,l); X(15)=l;
+        R0(A,B,C,D,X( 0), 3,0); (void)HOST_c2l(data,l); X( 2)=l;
+        R0(D,A,B,C,X( 1), 7,0); (void)HOST_c2l(data,l); X( 3)=l;
+        R0(C,D,A,B,X( 2),11,0); (void)HOST_c2l(data,l); X( 4)=l;
+        R0(B,C,D,A,X( 3),19,0); (void)HOST_c2l(data,l); X( 5)=l;
+        R0(A,B,C,D,X( 4), 3,0); (void)HOST_c2l(data,l); X( 6)=l;
+        R0(D,A,B,C,X( 5), 7,0); (void)HOST_c2l(data,l); X( 7)=l;
+        R0(C,D,A,B,X( 6),11,0); (void)HOST_c2l(data,l); X( 8)=l;
+        R0(B,C,D,A,X( 7),19,0); (void)HOST_c2l(data,l); X( 9)=l;
+        R0(A,B,C,D,X( 8), 3,0); (void)HOST_c2l(data,l); X(10)=l;
+        R0(D,A,B,C,X( 9), 7,0); (void)HOST_c2l(data,l); X(11)=l;
+        R0(C,D,A,B,X(10),11,0); (void)HOST_c2l(data,l); X(12)=l;
+        R0(B,C,D,A,X(11),19,0); (void)HOST_c2l(data,l); X(13)=l;
+        R0(A,B,C,D,X(12), 3,0); (void)HOST_c2l(data,l); X(14)=l;
+        R0(D,A,B,C,X(13), 7,0); (void)HOST_c2l(data,l); X(15)=l;
         R0(C,D,A,B,X(14),11,0);
         R0(B,C,D,A,X(15),19,0);
         /* Round 1 */
diff --git a/src/lib/libcrypto/md4/md4_locl.h b/src/lib/libcrypto/md4/md4_locl.h
index c8085b0ead..99c3e5004c 100644
--- a/src/lib/libcrypto/md4/md4_locl.h
+++ b/src/lib/libcrypto/md4/md4_locl.h
@@ -77,10 +77,10 @@ void md4_block_data_order (MD4_CTX *c, const void *p,size_t num);
 #define HASH_FINAL              MD4_Final
 #define HASH_MAKE_STRING(c,s)   do {    \
         unsigned long ll;               \
-        ll=(c)->A; HOST_l2c(ll,(s));    \
-        ll=(c)->B; HOST_l2c(ll,(s));    \
-        ll=(c)->C; HOST_l2c(ll,(s));    \
-        ll=(c)->D; HOST_l2c(ll,(s));    \
+        ll=(c)->A; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->B; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->C; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->D; (void)HOST_l2c(ll,(s));      \
         } while (0)
 #define HASH_BLOCK_DATA_ORDER   md4_block_data_order
 
diff --git a/src/lib/libcrypto/md5/md5_locl.h b/src/lib/libcrypto/md5/md5_locl.h
index 968d577995..74d63d1f9c 100644
--- a/src/lib/libcrypto/md5/md5_locl.h
+++ b/src/lib/libcrypto/md5/md5_locl.h
@@ -86,10 +86,10 @@ void md5_block_data_order (MD5_CTX *c, const void *p,size_t num);
 #define HASH_FINAL              MD5_Final
 #define HASH_MAKE_STRING(c,s)   do {    \
         unsigned long ll;               \
-        ll=(c)->A; HOST_l2c(ll,(s));    \
-        ll=(c)->B; HOST_l2c(ll,(s));    \
-        ll=(c)->C; HOST_l2c(ll,(s));    \
-        ll=(c)->D; HOST_l2c(ll,(s));    \
+        ll=(c)->A; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->B; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->C; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->D; (void)HOST_l2c(ll,(s));      \
         } while (0)
 #define HASH_BLOCK_DATA_ORDER   md5_block_data_order
 
diff --git a/src/lib/libcrypto/mdc2/mdc2dgst.c b/src/lib/libcrypto/mdc2/mdc2dgst.c
index b74bb1a759..d66ed6a1c6 100644
--- a/src/lib/libcrypto/mdc2/mdc2dgst.c
+++ b/src/lib/libcrypto/mdc2/mdc2dgst.c
@@ -59,9 +59,9 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <openssl/crypto.h>
 #include <openssl/des.h>
 #include <openssl/mdc2.h>
-#include <openssl/crypto.h>
 
 #undef c2l
 #define c2l(c,l)        (l =((DES_LONG)(*((c)++)))    , \
diff --git a/src/lib/libcrypto/mem.c b/src/lib/libcrypto/mem.c
index 24ccf729ca..55e829dc92 100644
--- a/src/lib/libcrypto/mem.c
+++ b/src/lib/libcrypto/mem.c
@@ -121,10 +121,10 @@ static void (*set_debug_options_func)(long) = NULL;
 static long (*get_debug_options_func)(void) = NULL;
 #endif
 
-
 int CRYPTO_set_mem_functions(void *(*m)(size_t), void *(*r)(void *, size_t),
         void (*f)(void *))
         {
+        /* Dummy call just to ensure OPENSSL_init() gets linked in */
         OPENSSL_init();
         if (!allow_customize)
                 return 0;
diff --git a/src/lib/libcrypto/modes/Makefile b/src/lib/libcrypto/modes/Makefile
index 3d8bafd571..c825b12f25 100644
--- a/src/lib/libcrypto/modes/Makefile
+++ b/src/lib/libcrypto/modes/Makefile
@@ -53,10 +53,7 @@ ghash-x86_64.s:	asm/ghash-x86_64.pl
 ghash-sparcv9.s:        asm/ghash-sparcv9.pl
         $(PERL) asm/ghash-sparcv9.pl $@ $(CFLAGS)
 ghash-alpha.s:  asm/ghash-alpha.pl
-        (preproc=/tmp/$$$$.$@; trap "rm $$preproc" INT; \
-        $(PERL) asm/ghash-alpha.pl > $$preproc && \
-        $(CC) -E $$preproc > $@ && rm $$preproc)
-
+        $(PERL) $< | $(CC) -E - | tee $@ > /dev/null
 ghash-parisc.s: asm/ghash-parisc.pl
         $(PERL) asm/ghash-parisc.pl $(PERLASM_SCHEME) $@
 
diff --git a/src/lib/libcrypto/objects/o_names.c b/src/lib/libcrypto/objects/o_names.c
index 84380a96a9..4a548c2ed4 100644
--- a/src/lib/libcrypto/objects/o_names.c
+++ b/src/lib/libcrypto/objects/o_names.c
@@ -73,7 +73,7 @@ int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),
                 name_funcs_stack=sk_NAME_FUNCS_new_null();
                 MemCheck_on();
                 }
-        if ((name_funcs_stack == NULL))
+        if (name_funcs_stack == NULL)
                 {
                 /* ERROR */
                 return(0);
diff --git a/src/lib/libcrypto/ocsp/ocsp_vfy.c b/src/lib/libcrypto/ocsp/ocsp_vfy.c
index 91a45c9133..276718304d 100644
--- a/src/lib/libcrypto/ocsp/ocsp_vfy.c
+++ b/src/lib/libcrypto/ocsp/ocsp_vfy.c
@@ -111,6 +111,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
                         init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs);
                 if(!init_res)
                         {
+                        ret = -1;
                         OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB);
                         goto end;
                         }
diff --git a/src/lib/libcrypto/opensslv.h b/src/lib/libcrypto/opensslv.h
index 71be3590af..ebe7180723 100644
--- a/src/lib/libcrypto/opensslv.h
+++ b/src/lib/libcrypto/opensslv.h
@@ -25,11 +25,11 @@
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-#define OPENSSL_VERSION_NUMBER  0x1000103fL
+#define OPENSSL_VERSION_NUMBER  0x1000107fL
 #ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.1c-fips 10 May 2012"
+#define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.1g-fips 7 Apr 2014"
 #else
-#define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.1c 10 May 2012"
+#define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.1g 7 Apr 2014"
 #endif
 #define OPENSSL_VERSION_PTEXT   " part of " OPENSSL_VERSION_TEXT
 
diff --git a/src/lib/libcrypto/pem/pem_all.c b/src/lib/libcrypto/pem/pem_all.c
index 3e7a6093ad..eac0460e3e 100644
--- a/src/lib/libcrypto/pem/pem_all.c
+++ b/src/lib/libcrypto/pem/pem_all.c
@@ -193,7 +193,61 @@ RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb,
 
 #endif
 
+#ifdef OPENSSL_FIPS
+
+int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+        if (FIPS_mode())
+                {
+                EVP_PKEY *k;
+                int ret;
+                k = EVP_PKEY_new();
+                if (!k)
+                        return 0;
+                EVP_PKEY_set1_RSA(k, x);
+
+                ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
+                EVP_PKEY_free(k);
+                return ret;
+                }
+        else
+                return PEM_ASN1_write_bio((i2d_of_void *)i2d_RSAPrivateKey,
+                                        PEM_STRING_RSA,bp,x,enc,kstr,klen,cb,u);
+}
+
+#ifndef OPENSSL_NO_FP_API
+int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+        if (FIPS_mode())
+                {
+                EVP_PKEY *k;
+                int ret;
+                k = EVP_PKEY_new();
+                if (!k)
+                        return 0;
+
+                EVP_PKEY_set1_RSA(k, x);
+
+                ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
+                EVP_PKEY_free(k);
+                return ret;
+                }
+        else
+                return PEM_ASN1_write((i2d_of_void *)i2d_RSAPrivateKey,
+                                        PEM_STRING_RSA,fp,x,enc,kstr,klen,cb,u);
+}
+#endif
+
+#else
+
 IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)
+
+#endif
+
 IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)
 IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)
 
@@ -223,7 +277,59 @@ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb,
         return pkey_get_dsa(pktmp, dsa);        /* will free pktmp */
 }
 
+#ifdef OPENSSL_FIPS
+
+int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+        if (FIPS_mode())
+                {
+                EVP_PKEY *k;
+                int ret;
+                k = EVP_PKEY_new();
+                if (!k)
+                        return 0;
+                EVP_PKEY_set1_DSA(k, x);
+
+                ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
+                EVP_PKEY_free(k);
+                return ret;
+                }
+        else
+                return PEM_ASN1_write_bio((i2d_of_void *)i2d_DSAPrivateKey,
+                                        PEM_STRING_DSA,bp,x,enc,kstr,klen,cb,u);
+}
+
+#ifndef OPENSSL_NO_FP_API
+int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+        if (FIPS_mode())
+                {
+                EVP_PKEY *k;
+                int ret;
+                k = EVP_PKEY_new();
+                if (!k)
+                        return 0;
+                EVP_PKEY_set1_DSA(k, x);
+                ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
+                EVP_PKEY_free(k);
+                return ret;
+                }
+        else
+                return PEM_ASN1_write((i2d_of_void *)i2d_DSAPrivateKey,
+                                        PEM_STRING_DSA,fp,x,enc,kstr,klen,cb,u);
+}
+#endif
+
+#else
+
 IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)
+
+#endif
+
 IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)
 
 #ifndef OPENSSL_NO_FP_API
@@ -269,8 +375,63 @@ EC_KEY *PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb,
 
 IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, ECPKParameters)
 
+
+
+#ifdef OPENSSL_FIPS
+
+int PEM_write_bio_ECPrivateKey(BIO *bp, EC_KEY *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+        if (FIPS_mode())
+                {
+                EVP_PKEY *k;
+                int ret;
+                k = EVP_PKEY_new();
+                if (!k)
+                        return 0;
+                EVP_PKEY_set1_EC_KEY(k, x);
+
+                ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
+                EVP_PKEY_free(k);
+                return ret;
+                }
+        else
+                return PEM_ASN1_write_bio((i2d_of_void *)i2d_ECPrivateKey,
+                                                PEM_STRING_ECPRIVATEKEY,
+                                                bp,x,enc,kstr,klen,cb,u);
+}
+
+#ifndef OPENSSL_NO_FP_API
+int PEM_write_ECPrivateKey(FILE *fp, EC_KEY *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+        if (FIPS_mode())
+                {
+                EVP_PKEY *k;
+                int ret;
+                k = EVP_PKEY_new();
+                if (!k)
+                        return 0;
+                EVP_PKEY_set1_EC_KEY(k, x);
+                ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
+                EVP_PKEY_free(k);
+                return ret;
+                }
+        else
+                return PEM_ASN1_write((i2d_of_void *)i2d_ECPrivateKey,
+                                                PEM_STRING_ECPRIVATEKEY,
+                                                fp,x,enc,kstr,klen,cb,u);
+}
+#endif
+
+#else
+
 IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ECPrivateKey)
 
+#endif
+
 IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY)
 
 #ifndef OPENSSL_NO_FP_API
diff --git a/src/lib/libcrypto/pem/pem_info.c b/src/lib/libcrypto/pem/pem_info.c
index 1b2be527ed..cc7f24a9c1 100644
--- a/src/lib/libcrypto/pem/pem_info.c
+++ b/src/lib/libcrypto/pem/pem_info.c
@@ -167,6 +167,7 @@ start:
 #ifndef OPENSSL_NO_RSA
                         if (strcmp(name,PEM_STRING_RSA) == 0)
                         {
+                        d2i=(D2I_OF(void))d2i_RSAPrivateKey;
                         if (xi->x_pkey != NULL) 
                                 {
                                 if (!sk_X509_INFO_push(ret,xi)) goto err;
diff --git a/src/lib/libcrypto/pem/pem_lib.c b/src/lib/libcrypto/pem/pem_lib.c
index cfc89a9921..5a421fc4b6 100644
--- a/src/lib/libcrypto/pem/pem_lib.c
+++ b/src/lib/libcrypto/pem/pem_lib.c
@@ -394,7 +394,8 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
                         goto err;
                 /* The 'iv' is used as the iv and as a salt.  It is
                  * NOT taken from the BytesToKey function */
-                EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);
+                if (!EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL))
+                        goto err;
 
                 if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE);
 
@@ -406,12 +407,15 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
                 /* k=strlen(buf); */
 
                 EVP_CIPHER_CTX_init(&ctx);
-                EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv);
-                EVP_EncryptUpdate(&ctx,data,&j,data,i);
-                EVP_EncryptFinal_ex(&ctx,&(data[j]),&i);
+                ret = 1;
+                if (!EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv)
+                        || !EVP_EncryptUpdate(&ctx,data,&j,data,i)
+                        || !EVP_EncryptFinal_ex(&ctx,&(data[j]),&i))
+                        ret = 0;
                 EVP_CIPHER_CTX_cleanup(&ctx);
+                if (ret == 0)
+                        goto err;
                 i+=j;
-                ret=1;
                 }
         else
                 {
@@ -459,14 +463,17 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
         ebcdic2ascii(buf, buf, klen);
 #endif
 
-        EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]),
-                (unsigned char *)buf,klen,1,key,NULL);
+        if (!EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]),
+                (unsigned char *)buf,klen,1,key,NULL))
+                return 0;
 
         j=(int)len;
         EVP_CIPHER_CTX_init(&ctx);
-        EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0]));
-        EVP_DecryptUpdate(&ctx,data,&i,data,j);
-        o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);
+        o = EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0]));
+        if (o)
+                o = EVP_DecryptUpdate(&ctx,data,&i,data,j);
+        if (o)
+                o = EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);
         EVP_CIPHER_CTX_cleanup(&ctx);
         OPENSSL_cleanse((char *)buf,sizeof(buf));
         OPENSSL_cleanse((char *)key,sizeof(key));
diff --git a/src/lib/libcrypto/pem/pem_seal.c b/src/lib/libcrypto/pem/pem_seal.c
index 59690b56ae..b6b4e13498 100644
--- a/src/lib/libcrypto/pem/pem_seal.c
+++ b/src/lib/libcrypto/pem/pem_seal.c
@@ -96,7 +96,8 @@ int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
         EVP_EncodeInit(&ctx->encode);
 
         EVP_MD_CTX_init(&ctx->md);
-        EVP_SignInit(&ctx->md,md_type);
+        if (!EVP_SignInit(&ctx->md,md_type))
+                goto err;
 
         EVP_CIPHER_CTX_init(&ctx->cipher);
         ret=EVP_SealInit(&ctx->cipher,type,ek,ekl,iv,pubk,npubk);
@@ -163,7 +164,8 @@ int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
                 goto err;
                 }
 
-        EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i);
+        if (!EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i))
+                goto err;
         EVP_EncodeUpdate(&ctx->encode,out,&j,s,i);
         *outl=j;
         out+=j;
diff --git a/src/lib/libcrypto/perlasm/cbc.pl b/src/lib/libcrypto/perlasm/cbc.pl
index 6fc2510905..24561e759a 100644
--- a/src/lib/libcrypto/perlasm/cbc.pl
+++ b/src/lib/libcrypto/perlasm/cbc.pl
@@ -150,7 +150,7 @@ sub cbc
 &set_label("PIC_point");
         &blindpop("edx");
         &lea("ecx",&DWP(&label("cbc_enc_jmp_table")."-".&label("PIC_point"),"edx"));
-        &mov($count,&DWP(0,"ecx",$count,4))
+        &mov($count,&DWP(0,"ecx",$count,4));
         &add($count,"edx");
         &xor("ecx","ecx");
         &xor("edx","edx");
diff --git a/src/lib/libcrypto/pkcs12/p12_crt.c b/src/lib/libcrypto/pkcs12/p12_crt.c
index 96b131defa..a34915d02d 100644
--- a/src/lib/libcrypto/pkcs12/p12_crt.c
+++ b/src/lib/libcrypto/pkcs12/p12_crt.c
@@ -90,7 +90,14 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
 
         /* Set defaults */
         if (!nid_cert)
+                {
+#ifdef OPENSSL_FIPS
+                if (FIPS_mode())
+                        nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+                else
+#endif
                 nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
+                }
         if (!nid_key)
                 nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
         if (!iter)
diff --git a/src/lib/libcrypto/pkcs12/p12_key.c b/src/lib/libcrypto/pkcs12/p12_key.c
index c55c7b60b3..61d58502fd 100644
--- a/src/lib/libcrypto/pkcs12/p12_key.c
+++ b/src/lib/libcrypto/pkcs12/p12_key.c
@@ -176,24 +176,32 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
                 out += u;
                 for (j = 0; j < v; j++) B[j] = Ai[j % u];
                 /* Work out B + 1 first then can use B as tmp space */
-                if (!BN_bin2bn (B, v, Bpl1)) goto err;
-                if (!BN_add_word (Bpl1, 1)) goto err;
+                if (!BN_bin2bn (B, v, Bpl1))
+                        goto err;
+                if (!BN_add_word (Bpl1, 1))
+                        goto err;
                 for (j = 0; j < Ilen ; j+=v) {
-                        if (!BN_bin2bn (I + j, v, Ij)) goto err;
-                        if (!BN_add (Ij, Ij, Bpl1)) goto err;
-                        BN_bn2bin (Ij, B);
+                        if (!BN_bin2bn(I + j, v, Ij))
+                                goto err;
+                        if (!BN_add(Ij, Ij, Bpl1))
+                                goto err;
+                        if (!BN_bn2bin(Ij, B))
+                                goto err;
                         Ijlen = BN_num_bytes (Ij);
                         /* If more than 2^(v*8) - 1 cut off MSB */
                         if (Ijlen > v) {
-                                BN_bn2bin (Ij, B);
+                                if (!BN_bn2bin (Ij, B))
+                                        goto err;
                                 memcpy (I + j, B + 1, v);
 #ifndef PKCS12_BROKEN_KEYGEN
                         /* If less than v bytes pad with zeroes */
                         } else if (Ijlen < v) {
                                 memset(I + j, 0, v - Ijlen);
-                                BN_bn2bin(Ij, I + j + v - Ijlen); 
+                                if (!BN_bn2bin(Ij, I + j + v - Ijlen))
+                                        goto err;
 #endif
-                        } else BN_bn2bin (Ij, I + j);
+                        } else if (!BN_bn2bin (Ij, I + j))
+                                goto err;
                 }
         }
 
diff --git a/src/lib/libcrypto/rand/md_rand.c b/src/lib/libcrypto/rand/md_rand.c
index fcdd3f2a84..aee1c30b0a 100644
--- a/src/lib/libcrypto/rand/md_rand.c
+++ b/src/lib/libcrypto/rand/md_rand.c
@@ -123,10 +123,10 @@
 
 #include "e_os.h"
 
+#include <openssl/crypto.h>
 #include <openssl/rand.h>
 #include "rand_lcl.h"
 
-#include <openssl/crypto.h>
 #include <openssl/err.h>
 
 #ifdef BN_DEBUG
@@ -198,6 +198,9 @@ static void ssleay_rand_add(const void *buf, int num, double add)
         EVP_MD_CTX m;
         int do_not_lock;
 
+        if (!num)
+                return;
+
         /*
          * (Based on the rand(3) manpage)
          *
@@ -380,8 +383,11 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
          * are fed into the hash function and the results are kept in the
          * global 'md'.
          */
-
-        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+#ifdef OPENSSL_FIPS
+        /* NB: in FIPS mode we are already under a lock */
+        if (!FIPS_mode())
+#endif
+                CRYPTO_w_lock(CRYPTO_LOCK_RAND);
 
         /* prevent ssleay_rand_bytes() from trying to obtain the lock again */
         CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
@@ -460,7 +466,10 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
 
         /* before unlocking, we must clear 'crypto_lock_rand' */
         crypto_lock_rand = 0;
-        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+#ifdef OPENSSL_FIPS
+        if (!FIPS_mode())
+#endif
+                CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
 
         while (num > 0)
                 {
@@ -512,10 +521,16 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
         MD_Init(&m);
         MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
         MD_Update(&m,local_md,MD_DIGEST_LENGTH);
-        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+#ifdef OPENSSL_FIPS
+        if (!FIPS_mode())
+#endif
+                CRYPTO_w_lock(CRYPTO_LOCK_RAND);
         MD_Update(&m,md,MD_DIGEST_LENGTH);
         MD_Final(&m,md);
-        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+#ifdef OPENSSL_FIPS
+        if (!FIPS_mode())
+#endif
+                CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
 
         EVP_MD_CTX_cleanup(&m);
         if (ok)
diff --git a/src/lib/libcrypto/rand/rand.h b/src/lib/libcrypto/rand/rand.h
index dc8fcf94c5..bb5520e80a 100644
--- a/src/lib/libcrypto/rand/rand.h
+++ b/src/lib/libcrypto/rand/rand.h
@@ -138,6 +138,7 @@ void ERR_load_RAND_strings(void);
 #define RAND_F_SSLEAY_RAND_BYTES                         100
 
 /* Reason codes. */
+#define RAND_R_DUAL_EC_DRBG_DISABLED                     104
 #define RAND_R_ERROR_INITIALISING_DRBG                   102
 #define RAND_R_ERROR_INSTANTIATING_DRBG                  103
 #define RAND_R_NO_FIPS_RANDOM_METHOD_SET                 101
diff --git a/src/lib/libcrypto/rand/rand_err.c b/src/lib/libcrypto/rand/rand_err.c
index b8586c8f4a..c4c80fc8cc 100644
--- a/src/lib/libcrypto/rand/rand_err.c
+++ b/src/lib/libcrypto/rand/rand_err.c
@@ -78,6 +78,7 @@ static ERR_STRING_DATA RAND_str_functs[]=
 
 static ERR_STRING_DATA RAND_str_reasons[]=
         {
+{ERR_REASON(RAND_R_DUAL_EC_DRBG_DISABLED),"dual ec drbg disabled"},
 {ERR_REASON(RAND_R_ERROR_INITIALISING_DRBG),"error initialising drbg"},
 {ERR_REASON(RAND_R_ERROR_INSTANTIATING_DRBG),"error instantiating drbg"},
 {ERR_REASON(RAND_R_NO_FIPS_RANDOM_METHOD_SET),"no fips random method set"},
diff --git a/src/lib/libcrypto/rand/rand_lib.c b/src/lib/libcrypto/rand/rand_lib.c
index daf1dab973..5ac0e14caf 100644
--- a/src/lib/libcrypto/rand/rand_lib.c
+++ b/src/lib/libcrypto/rand/rand_lib.c
@@ -210,8 +210,11 @@ static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout,
 
 static void drbg_free_entropy(DRBG_CTX *ctx, unsigned char *out, size_t olen)
         {
-        OPENSSL_cleanse(out, olen);
-        OPENSSL_free(out);
+        if (out)
+                {
+                OPENSSL_cleanse(out, olen);
+                OPENSSL_free(out);
+                }
         }
 
 /* Set "additional input" when generating random data. This uses the
@@ -266,6 +269,14 @@ int RAND_init_fips(void)
         DRBG_CTX *dctx;
         size_t plen;
         unsigned char pers[32], *p;
+#ifndef OPENSSL_ALLOW_DUAL_EC_DRBG
+        if (fips_drbg_type >> 16)
+                {
+                RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_DUAL_EC_DRBG_DISABLED);
+                return 0;
+                }
+#endif
+                
         dctx = FIPS_get_default_drbg();
         if (FIPS_drbg_init(dctx, fips_drbg_type, fips_drbg_flags) <= 0)
                 {
diff --git a/src/lib/libcrypto/rand/rand_win.c b/src/lib/libcrypto/rand/rand_win.c
index 5d134e186b..34ffcd23f9 100644
--- a/src/lib/libcrypto/rand/rand_win.c
+++ b/src/lib/libcrypto/rand/rand_win.c
@@ -750,7 +750,7 @@ static void readscreen(void)
   int           y;              /* y-coordinate of screen lines to grab */
   int           n = 16;         /* number of screen lines to grab at a time */
 
-  if (GetVersion() < 0x80000000 && OPENSSL_isservice()>0)
+  if (check_winnt() && OPENSSL_isservice()>0)
     return;
 
   /* Create a screen DC and a memory DC compatible to screen DC */
diff --git a/src/lib/libcrypto/rand/randfile.c b/src/lib/libcrypto/rand/randfile.c
index 030e07f418..7f1428072d 100644
--- a/src/lib/libcrypto/rand/randfile.c
+++ b/src/lib/libcrypto/rand/randfile.c
@@ -57,7 +57,9 @@
  */
 
 /* We need to define this to get macros like S_IFBLK and S_IFCHR */
+#if !defined(OPENSSL_SYS_VXWORKS)
 #define _XOPEN_SOURCE 500
+#endif
 
 #include <errno.h>
 #include <stdio.h>
diff --git a/src/lib/libcrypto/rc4/asm/rc4-x86_64.pl b/src/lib/libcrypto/rc4/asm/rc4-x86_64.pl
index d6eac205e9..75750dbf33 100755
--- a/src/lib/libcrypto/rc4/asm/rc4-x86_64.pl
+++ b/src/lib/libcrypto/rc4/asm/rc4-x86_64.pl
@@ -112,7 +112,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 
-open STDOUT,"| $^X $xlate $flavour $output";
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
 
 $dat="%rdi";        # arg1
 $len="%rsi";        # arg2
diff --git a/src/lib/libcrypto/rc4/rc4test.c b/src/lib/libcrypto/rc4/rc4test.c
index 633a79e758..4312605ccb 100644
--- a/src/lib/libcrypto/rc4/rc4test.c
+++ b/src/lib/libcrypto/rc4/rc4test.c
@@ -120,6 +120,12 @@ int main(int argc, char *argv[])
         RC4_KEY key;
         unsigned char obuf[512];
 
+#if !defined(OPENSSL_PIC)
+        void OPENSSL_cpuid_setup(void);
+
+        OPENSSL_cpuid_setup();
+#endif
+
         for (i=0; i<6; i++)
                 {
                 RC4_set_key(&key,keys[i][0],&(keys[i][1]));
diff --git a/src/lib/libcrypto/ripemd/rmd_dgst.c b/src/lib/libcrypto/ripemd/rmd_dgst.c
index 9ff1a0705e..d8e72da51b 100644
--- a/src/lib/libcrypto/ripemd/rmd_dgst.c
+++ b/src/lib/libcrypto/ripemd/rmd_dgst.c
@@ -88,7 +88,7 @@ fips_md_init(RIPEMD160)
 void ripemd160_block_data_order (RIPEMD160_CTX *ctx, const void *p, size_t num)
         {
         const unsigned char *data=p;
-        register volatile unsigned MD32_REG_T A,B,C,D,E;
+        register unsigned MD32_REG_T A,B,C,D,E;
         unsigned MD32_REG_T a,b,c,d,e,l;
 #ifndef MD32_XARRAY
         /* See comment in crypto/sha/sha_locl.h for details. */
@@ -105,21 +105,21 @@ void ripemd160_block_data_order (RIPEMD160_CTX *ctx, const void *p, size_t num)
 
         A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E;
 
-        HOST_c2l(data,l); X( 0)=l;      HOST_c2l(data,l); X( 1)=l;
-        RIP1(A,B,C,D,E,WL00,SL00);      HOST_c2l(data,l); X( 2)=l;
-        RIP1(E,A,B,C,D,WL01,SL01);      HOST_c2l(data,l); X( 3)=l;
-        RIP1(D,E,A,B,C,WL02,SL02);      HOST_c2l(data,l); X( 4)=l;
-        RIP1(C,D,E,A,B,WL03,SL03);      HOST_c2l(data,l); X( 5)=l;
-        RIP1(B,C,D,E,A,WL04,SL04);      HOST_c2l(data,l); X( 6)=l;
-        RIP1(A,B,C,D,E,WL05,SL05);      HOST_c2l(data,l); X( 7)=l;
-        RIP1(E,A,B,C,D,WL06,SL06);      HOST_c2l(data,l); X( 8)=l;
-        RIP1(D,E,A,B,C,WL07,SL07);      HOST_c2l(data,l); X( 9)=l;
-        RIP1(C,D,E,A,B,WL08,SL08);      HOST_c2l(data,l); X(10)=l;
-        RIP1(B,C,D,E,A,WL09,SL09);      HOST_c2l(data,l); X(11)=l;
-        RIP1(A,B,C,D,E,WL10,SL10);      HOST_c2l(data,l); X(12)=l;
-        RIP1(E,A,B,C,D,WL11,SL11);      HOST_c2l(data,l); X(13)=l;
-        RIP1(D,E,A,B,C,WL12,SL12);      HOST_c2l(data,l); X(14)=l;
-        RIP1(C,D,E,A,B,WL13,SL13);      HOST_c2l(data,l); X(15)=l;
+        (void)HOST_c2l(data,l); X( 0)=l;(void)HOST_c2l(data,l); X( 1)=l;
+        RIP1(A,B,C,D,E,WL00,SL00);      (void)HOST_c2l(data,l); X( 2)=l;
+        RIP1(E,A,B,C,D,WL01,SL01);      (void)HOST_c2l(data,l); X( 3)=l;
+        RIP1(D,E,A,B,C,WL02,SL02);      (void)HOST_c2l(data,l); X( 4)=l;
+        RIP1(C,D,E,A,B,WL03,SL03);      (void)HOST_c2l(data,l); X( 5)=l;
+        RIP1(B,C,D,E,A,WL04,SL04);      (void)HOST_c2l(data,l); X( 6)=l;
+        RIP1(A,B,C,D,E,WL05,SL05);      (void)HOST_c2l(data,l); X( 7)=l;
+        RIP1(E,A,B,C,D,WL06,SL06);      (void)HOST_c2l(data,l); X( 8)=l;
+        RIP1(D,E,A,B,C,WL07,SL07);      (void)HOST_c2l(data,l); X( 9)=l;
+        RIP1(C,D,E,A,B,WL08,SL08);      (void)HOST_c2l(data,l); X(10)=l;
+        RIP1(B,C,D,E,A,WL09,SL09);      (void)HOST_c2l(data,l); X(11)=l;
+        RIP1(A,B,C,D,E,WL10,SL10);      (void)HOST_c2l(data,l); X(12)=l;
+        RIP1(E,A,B,C,D,WL11,SL11);      (void)HOST_c2l(data,l); X(13)=l;
+        RIP1(D,E,A,B,C,WL12,SL12);      (void)HOST_c2l(data,l); X(14)=l;
+        RIP1(C,D,E,A,B,WL13,SL13);      (void)HOST_c2l(data,l); X(15)=l;
         RIP1(B,C,D,E,A,WL14,SL14);
         RIP1(A,B,C,D,E,WL15,SL15);
 
diff --git a/src/lib/libcrypto/ripemd/rmd_locl.h b/src/lib/libcrypto/ripemd/rmd_locl.h
index f14b346e66..2bd8957d14 100644
--- a/src/lib/libcrypto/ripemd/rmd_locl.h
+++ b/src/lib/libcrypto/ripemd/rmd_locl.h
@@ -88,11 +88,11 @@ void ripemd160_block_data_order (RIPEMD160_CTX *c, const void *p,size_t num);
 #define HASH_FINAL              RIPEMD160_Final
 #define HASH_MAKE_STRING(c,s)   do {    \
         unsigned long ll;               \
-        ll=(c)->A; HOST_l2c(ll,(s));    \
-        ll=(c)->B; HOST_l2c(ll,(s));    \
-        ll=(c)->C; HOST_l2c(ll,(s));    \
-        ll=(c)->D; HOST_l2c(ll,(s));    \
-        ll=(c)->E; HOST_l2c(ll,(s));    \
+        ll=(c)->A; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->B; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->C; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->D; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->E; (void)HOST_l2c(ll,(s));      \
         } while (0)
 #define HASH_BLOCK_DATA_ORDER   ripemd160_block_data_order
 
diff --git a/src/lib/libcrypto/rsa/rsa.h b/src/lib/libcrypto/rsa/rsa.h
index 4814a2fc15..5f269e577a 100644
--- a/src/lib/libcrypto/rsa/rsa.h
+++ b/src/lib/libcrypto/rsa/rsa.h
@@ -280,7 +280,7 @@ struct rsa_st
 
 RSA *   RSA_new(void);
 RSA *   RSA_new_method(ENGINE *engine);
-int     RSA_size(const RSA *);
+int     RSA_size(const RSA *rsa);
 
 /* Deprecated version */
 #ifndef OPENSSL_NO_DEPRECATED
diff --git a/src/lib/libcrypto/rsa/rsa_chk.c b/src/lib/libcrypto/rsa/rsa_chk.c
index 9d848db8c6..cc30e77132 100644
--- a/src/lib/libcrypto/rsa/rsa_chk.c
+++ b/src/lib/libcrypto/rsa/rsa_chk.c
@@ -59,6 +59,12 @@ int RSA_check_key(const RSA *key)
         BN_CTX *ctx;
         int r;
         int ret=1;
+
+        if (!key->p || !key->q || !key->n || !key->e || !key->d)
+                {
+                RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_VALUE_MISSING);
+                return 0;
+                }
         
         i = BN_new();
         j = BN_new();
diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c
index 2e1ddd48d3..88ee2cb557 100644
--- a/src/lib/libcrypto/rsa/rsa_eay.c
+++ b/src/lib/libcrypto/rsa/rsa_eay.c
@@ -847,12 +847,12 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
         if (!BN_mod(r0,pr1,rsa->p,ctx)) goto err;
 
         /* If p < q it is occasionally possible for the correction of
-         * adding 'p' if r0 is negative above to leave the result still
+         * adding 'p' if r0 is negative above to leave the result still
          * negative. This can break the private key operations: the following
          * second correction should *always* correct this rare occurrence.
          * This will *never* happen with OpenSSL generated keys because
-         * they ensure p > q [steve]
-         */
+         * they ensure p > q [steve]
+         */
         if (BN_is_negative(r0))
                 if (!BN_add(r0,r0,rsa->p)) goto err;
         if (!BN_mul(r1,r0,rsa->q,ctx)) goto err;
diff --git a/src/lib/libcrypto/rsa/rsa_oaep.c b/src/lib/libcrypto/rsa/rsa_oaep.c
index e08ac151ff..af4d24a56e 100644
--- a/src/lib/libcrypto/rsa/rsa_oaep.c
+++ b/src/lib/libcrypto/rsa/rsa_oaep.c
@@ -149,7 +149,7 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
         if (!EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL))
                 return -1;
 
-        if (timingsafe_bcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)
+        if (CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)
                 goto decoding_err;
         else
                 {
diff --git a/src/lib/libcrypto/sha/Makefile b/src/lib/libcrypto/sha/Makefile
index 2eb2b7af99..6d191d3936 100644
--- a/src/lib/libcrypto/sha/Makefile
+++ b/src/lib/libcrypto/sha/Makefile
@@ -60,9 +60,7 @@ sha256-armv4.S: asm/sha256-armv4.pl
         $(PERL) $< $(PERLASM_SCHEME) $@
 
 sha1-alpha.s:   asm/sha1-alpha.pl
-        (preproc=/tmp/$$$$.$@; trap "rm $$preproc" INT; \
-        $(PERL) asm/sha1-alpha.pl > $$preproc && \
-        $(CC) -E $$preproc > $@ && rm $$preproc)
+        $(PERL) $< | $(CC) -E - | tee $@ > /dev/null
 
 # Solaris make has to be explicitly told
 sha1-x86_64.s:  asm/sha1-x86_64.pl;     $(PERL) asm/sha1-x86_64.pl $(PERLASM_SCHEME) > $@
diff --git a/src/lib/libcrypto/sha/sha1_one.c b/src/lib/libcrypto/sha/sha1_one.c
index 7c65b60276..c56ec94020 100644
--- a/src/lib/libcrypto/sha/sha1_one.c
+++ b/src/lib/libcrypto/sha/sha1_one.c
@@ -58,8 +58,8 @@
 
 #include <stdio.h>
 #include <string.h>
-#include <openssl/sha.h>
 #include <openssl/crypto.h>
+#include <openssl/sha.h>
 
 #ifndef OPENSSL_NO_SHA1
 unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md)
diff --git a/src/lib/libcrypto/sha/sha1dgst.c b/src/lib/libcrypto/sha/sha1dgst.c
index 81219af088..a98690225f 100644
--- a/src/lib/libcrypto/sha/sha1dgst.c
+++ b/src/lib/libcrypto/sha/sha1dgst.c
@@ -56,8 +56,8 @@
  * [including the GNU Public Licence.]
  */
 
-#include <openssl/opensslconf.h>
 #include <openssl/crypto.h>
+#include <openssl/opensslconf.h>
 #if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA)
 
 #undef  SHA_0
diff --git a/src/lib/libcrypto/sha/sha_dgst.c b/src/lib/libcrypto/sha/sha_dgst.c
index c946ad827d..fb63b17ff2 100644
--- a/src/lib/libcrypto/sha/sha_dgst.c
+++ b/src/lib/libcrypto/sha/sha_dgst.c
@@ -56,8 +56,8 @@
  * [including the GNU Public Licence.]
  */
 
-#include <openssl/opensslconf.h>
 #include <openssl/crypto.h>
+#include <openssl/opensslconf.h>
 #if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA)
 
 #undef  SHA_1
diff --git a/src/lib/libcrypto/sha/sha_locl.h b/src/lib/libcrypto/sha/sha_locl.h
index 7a0c3ca8d8..d673255f78 100644
--- a/src/lib/libcrypto/sha/sha_locl.h
+++ b/src/lib/libcrypto/sha/sha_locl.h
@@ -69,11 +69,11 @@
 #define HASH_CBLOCK             SHA_CBLOCK
 #define HASH_MAKE_STRING(c,s)   do {    \
         unsigned long ll;               \
-        ll=(c)->h0; HOST_l2c(ll,(s));   \
-        ll=(c)->h1; HOST_l2c(ll,(s));   \
-        ll=(c)->h2; HOST_l2c(ll,(s));   \
-        ll=(c)->h3; HOST_l2c(ll,(s));   \
-        ll=(c)->h4; HOST_l2c(ll,(s));   \
+        ll=(c)->h0; (void)HOST_l2c(ll,(s));     \
+        ll=(c)->h1; (void)HOST_l2c(ll,(s));     \
+        ll=(c)->h2; (void)HOST_l2c(ll,(s));     \
+        ll=(c)->h3; (void)HOST_l2c(ll,(s));     \
+        ll=(c)->h4; (void)HOST_l2c(ll,(s));     \
         } while (0)
 
 #if defined(SHA_0)
@@ -256,21 +256,21 @@ static void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num)
                 }
         else
                 {
-                HOST_c2l(data,l); X( 0)=l;              HOST_c2l(data,l); X( 1)=l;
-                BODY_00_15( 0,A,B,C,D,E,T,X( 0));       HOST_c2l(data,l); X( 2)=l;
-                BODY_00_15( 1,T,A,B,C,D,E,X( 1));       HOST_c2l(data,l); X( 3)=l;
-                BODY_00_15( 2,E,T,A,B,C,D,X( 2));       HOST_c2l(data,l); X( 4)=l;
-                BODY_00_15( 3,D,E,T,A,B,C,X( 3));       HOST_c2l(data,l); X( 5)=l;
-                BODY_00_15( 4,C,D,E,T,A,B,X( 4));       HOST_c2l(data,l); X( 6)=l;
-                BODY_00_15( 5,B,C,D,E,T,A,X( 5));       HOST_c2l(data,l); X( 7)=l;
-                BODY_00_15( 6,A,B,C,D,E,T,X( 6));       HOST_c2l(data,l); X( 8)=l;
-                BODY_00_15( 7,T,A,B,C,D,E,X( 7));       HOST_c2l(data,l); X( 9)=l;
-                BODY_00_15( 8,E,T,A,B,C,D,X( 8));       HOST_c2l(data,l); X(10)=l;
-                BODY_00_15( 9,D,E,T,A,B,C,X( 9));       HOST_c2l(data,l); X(11)=l;
-                BODY_00_15(10,C,D,E,T,A,B,X(10));       HOST_c2l(data,l); X(12)=l;
-                BODY_00_15(11,B,C,D,E,T,A,X(11));       HOST_c2l(data,l); X(13)=l;
-                BODY_00_15(12,A,B,C,D,E,T,X(12));       HOST_c2l(data,l); X(14)=l;
-                BODY_00_15(13,T,A,B,C,D,E,X(13));       HOST_c2l(data,l); X(15)=l;
+                (void)HOST_c2l(data,l); X( 0)=l;        (void)HOST_c2l(data,l); X( 1)=l;
+                BODY_00_15( 0,A,B,C,D,E,T,X( 0));       (void)HOST_c2l(data,l); X( 2)=l;
+                BODY_00_15( 1,T,A,B,C,D,E,X( 1));       (void)HOST_c2l(data,l); X( 3)=l;
+                BODY_00_15( 2,E,T,A,B,C,D,X( 2));       (void)HOST_c2l(data,l); X( 4)=l;
+                BODY_00_15( 3,D,E,T,A,B,C,X( 3));       (void)HOST_c2l(data,l); X( 5)=l;
+                BODY_00_15( 4,C,D,E,T,A,B,X( 4));       (void)HOST_c2l(data,l); X( 6)=l;
+                BODY_00_15( 5,B,C,D,E,T,A,X( 5));       (void)HOST_c2l(data,l); X( 7)=l;
+                BODY_00_15( 6,A,B,C,D,E,T,X( 6));       (void)HOST_c2l(data,l); X( 8)=l;
+                BODY_00_15( 7,T,A,B,C,D,E,X( 7));       (void)HOST_c2l(data,l); X( 9)=l;
+                BODY_00_15( 8,E,T,A,B,C,D,X( 8));       (void)HOST_c2l(data,l); X(10)=l;
+                BODY_00_15( 9,D,E,T,A,B,C,X( 9));       (void)HOST_c2l(data,l); X(11)=l;
+                BODY_00_15(10,C,D,E,T,A,B,X(10));       (void)HOST_c2l(data,l); X(12)=l;
+                BODY_00_15(11,B,C,D,E,T,A,X(11));       (void)HOST_c2l(data,l); X(13)=l;
+                BODY_00_15(12,A,B,C,D,E,T,X(12));       (void)HOST_c2l(data,l); X(14)=l;
+                BODY_00_15(13,T,A,B,C,D,E,X(13));       (void)HOST_c2l(data,l); X(15)=l;
                 BODY_00_15(14,E,T,A,B,C,D,X(14));
                 BODY_00_15(15,D,E,T,A,B,C,X(15));
                 }
diff --git a/src/lib/libcrypto/symhacks.h b/src/lib/libcrypto/symhacks.h
index 403f592dcd..bd2f000d59 100644
--- a/src/lib/libcrypto/symhacks.h
+++ b/src/lib/libcrypto/symhacks.h
@@ -193,17 +193,23 @@
 #undef SSL_CTX_set_srp_username_callback
 #define SSL_CTX_set_srp_username_callback       SSL_CTX_set_srp_un_cb
 #undef ssl_add_clienthello_use_srtp_ext
-#define ssl_add_clienthello_use_srtp_ext ssl_add_clihello_use_srtp_ext
+#define ssl_add_clienthello_use_srtp_ext        ssl_add_clihello_use_srtp_ext
 #undef ssl_add_serverhello_use_srtp_ext
-#define ssl_add_serverhello_use_srtp_ext ssl_add_serhello_use_srtp_ext
+#define ssl_add_serverhello_use_srtp_ext        ssl_add_serhello_use_srtp_ext
 #undef ssl_parse_clienthello_use_srtp_ext
-#define ssl_parse_clienthello_use_srtp_ext ssl_parse_clihello_use_srtp_ext
+#define ssl_parse_clienthello_use_srtp_ext      ssl_parse_clihello_use_srtp_ext
 #undef ssl_parse_serverhello_use_srtp_ext
-#define ssl_parse_serverhello_use_srtp_ext ssl_parse_serhello_use_srtp_ext
+#define ssl_parse_serverhello_use_srtp_ext      ssl_parse_serhello_use_srtp_ext
 #undef SSL_CTX_set_next_protos_advertised_cb
-#define SSL_CTX_set_next_protos_advertised_cb SSL_CTX_set_next_protos_adv_cb
+#define SSL_CTX_set_next_protos_advertised_cb   SSL_CTX_set_next_protos_adv_cb
 #undef SSL_CTX_set_next_proto_select_cb
-#define SSL_CTX_set_next_proto_select_cb SSL_CTX_set_next_proto_sel_cb
+#define SSL_CTX_set_next_proto_select_cb        SSL_CTX_set_next_proto_sel_cb
+#undef ssl3_cbc_record_digest_supported
+#define ssl3_cbc_record_digest_supported        ssl3_cbc_record_digest_support
+#undef ssl_check_clienthello_tlsext_late
+#define ssl_check_clienthello_tlsext_late       ssl_check_clihello_tlsext_late
+#undef ssl_check_clienthello_tlsext_early
+#define ssl_check_clienthello_tlsext_early      ssl_check_clihello_tlsext_early
 
 /* Hack some long ENGINE names */
 #undef ENGINE_get_default_BN_mod_exp_crt
@@ -316,8 +322,6 @@
 #define ec_GFp_simple_point_set_to_infinity     ec_GFp_simple_pt_set_to_inf
 #undef ec_GFp_simple_points_make_affine
 #define ec_GFp_simple_points_make_affine        ec_GFp_simple_pts_make_affine
-#undef ec_GFp_simple_group_get_curve_GFp
-#define ec_GFp_simple_group_get_curve_GFp       ec_GFp_simple_grp_get_curve_GFp
 #undef ec_GFp_simple_set_Jprojective_coordinates_GFp
 #define ec_GFp_simple_set_Jprojective_coordinates_GFp \
                                                 ec_GFp_smp_set_Jproj_coords_GFp
diff --git a/src/lib/libcrypto/threads/pthreads-vms.com b/src/lib/libcrypto/threads/pthreads-vms.com
deleted file mode 100644
index 1cf92bdf57..0000000000
--- a/src/lib/libcrypto/threads/pthreads-vms.com
+++ /dev/null
@@ -1,14 +0,0 @@
-$! To compile mttest on VMS.
-$!
-$! WARNING: only tested with DEC C so far.
-$
-$ if (f$getsyi("cpu").lt.128)
-$ then
-$     arch := VAX
-$ else
-$     arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$     if (arch .eqs. "") then arch = "UNK"
-$ endif
-$ define/user openssl [--.include.openssl]
-$ cc/def=PTHREADS mttest.c
-$ link mttest,[--.'arch'.exe.ssl]libssl/lib,[--.'arch'.exe.crypto]libcrypto/lib
diff --git a/src/lib/libcrypto/ui/ui_openssl.c b/src/lib/libcrypto/ui/ui_openssl.c
index e319faa47b..a38c7581e6 100644
--- a/src/lib/libcrypto/ui/ui_openssl.c
+++ b/src/lib/libcrypto/ui/ui_openssl.c
@@ -122,9 +122,15 @@
  * sigaction and fileno included. -pedantic would be more appropriate for
  * the intended purposes, but we can't prevent users from adding -ansi.
  */
+#if defined(OPENSSL_SYSNAME_VXWORKS)
+#include <sys/types.h>
+#endif
+
 #if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
+#ifndef _POSIX_C_SOURCE
 #define _POSIX_C_SOURCE 2
 #endif
+#endif
 #include <signal.h>
 #include <stdio.h>
 #include <string.h>
@@ -398,8 +404,8 @@ static int read_till_nl(FILE *in)
         char buf[SIZE+1];
 
         do      {
-                if (fgets(buf,sizeof(buf),in) == NULL)
-                        break;
+                if (!fgets(buf,SIZE,in))
+                        return 0;
                 } while (strchr(buf,'\n') == NULL);
         return 1;
         }
diff --git a/src/lib/libcrypto/util/deltree.com b/src/lib/libcrypto/util/deltree.com
deleted file mode 100644
index 9f36b1a5e9..0000000000
--- a/src/lib/libcrypto/util/deltree.com
+++ /dev/null
@@ -1,34 +0,0 @@
-$! DELTREE.COM
-$
-$ call deltree 'p1'
-$ exit $status
-$
-$ deltree: subroutine ! P1 is a name of a directory
-$       on control_y then goto dt_STOP
-$       on warning then goto dt_exit
-$       _dt_def = f$trnlnm("SYS$DISK")+f$directory()
-$       if f$parse(p1) .eqs. "" then exit
-$       set default 'f$parse(p1,,,"DEVICE")''f$parse(p1,,,"DIRECTORY")'
-$       p1 = f$parse(p1,,,"NAME") + f$parse(p1,,,"TYPE")
-$       _fp = f$parse(".DIR",p1)
-$ dt_loop:
-$       _f = f$search(_fp)
-$       if _f .eqs. "" then goto dt_loopend
-$       call deltree [.'f$parse(_f,,,"NAME")']*.*
-$       goto dt_loop
-$ dt_loopend:
-$       _fp = f$parse(p1,".;*")
-$       if f$search(_fp) .eqs. "" then goto dt_exit
-$       set noon
-$       set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) '_fp'
-$       set on
-$       delete/nolog '_fp'
-$ dt_exit:
-$       set default '_dt_def'
-$       goto dt_end
-$ dt_STOP:
-$       set default '_dt_def'
-$       stop/id=""
-$       exit
-$ dt_end:
-$       endsubroutine
diff --git a/src/lib/libcrypto/util/libeay.num b/src/lib/libcrypto/util/libeay.num
index 93f80ba0c6..aa86b2b8b1 100644
--- a/src/lib/libcrypto/util/libeay.num
+++ b/src/lib/libcrypto/util/libeay.num
@@ -3510,6 +3510,8 @@ BIO_get_callback_arg                    3902	EXIST::FUNCTION:
 BIO_set_callback                        3903    EXIST::FUNCTION:
 d2i_ASIdOrRange                         3904    EXIST::FUNCTION:RFC3779
 i2d_ASIdentifiers                       3905    EXIST::FUNCTION:RFC3779
+CRYPTO_memcmp                           3906    EXIST::FUNCTION:
+BN_consttime_swap                       3907    EXIST::FUNCTION:
 SEED_decrypt                            3908    EXIST::FUNCTION:SEED
 SEED_encrypt                            3909    EXIST::FUNCTION:SEED
 SEED_cbc_encrypt                        3910    EXIST::FUNCTION:SEED
@@ -3687,7 +3689,7 @@ FIPS_dh_new                             4073	NOEXIST::FUNCTION:
 FIPS_corrupt_dsa_keygen                 4074    NOEXIST::FUNCTION:
 FIPS_dh_free                            4075    NOEXIST::FUNCTION:
 fips_pkey_signature_test                4076    NOEXIST::FUNCTION:
-EVP_add_alg_module                      4077    NOEXIST::FUNCTION:
+EVP_add_alg_module                      4077    EXIST::FUNCTION:
 int_RAND_init_engine_callbacks          4078    NOEXIST::FUNCTION:
 int_EVP_CIPHER_set_engine_callbacks     4079    NOEXIST::FUNCTION:
 int_EVP_MD_init_engine_callbacks        4080    NOEXIST::FUNCTION:
diff --git a/src/lib/libcrypto/util/mk1mf.pl b/src/lib/libcrypto/util/mk1mf.pl
index 458f830401..72fa089f6b 100644
--- a/src/lib/libcrypto/util/mk1mf.pl
+++ b/src/lib/libcrypto/util/mk1mf.pl
@@ -1222,7 +1222,7 @@ sub read_options
                                 }
                         }
                 }
-        elsif (/^([^=]*)=(.*)$/ && !/^-D/){ $VARS{$1}=$2; }
+        elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; }
         elsif (/^-[lL].*$/)     { $l_flags.="$_ "; }
         elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/)
                 { $c_flags.="$_ "; }
diff --git a/src/lib/libcrypto/util/pl/BC-32.pl b/src/lib/libcrypto/util/pl/BC-32.pl
index 1f1e13fb40..b41bb45e82 100644
--- a/src/lib/libcrypto/util/pl/BC-32.pl
+++ b/src/lib/libcrypto/util/pl/BC-32.pl
@@ -18,7 +18,7 @@ $out_def="out32";
 $tmp_def="tmp32";
 $inc_def="inc32";
 #enable max error messages, disable most common warnings
-$cflags="-DWIN32_LEAN_AND_MEAN -q -w-ccc -w-rch -w-pia -w-aus -w-par -w-inl  -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp -D_strnicmp=strnicmp ";
+$cflags="-DWIN32_LEAN_AND_MEAN -q -w-ccc -w-rch -w-pia -w-aus -w-par -w-inl  -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp -D_strnicmp=strnicmp -D_timeb=timeb -D_ftime=ftime ";
 if ($debug)
 {
     $cflags.="-Od -y -v -vi- -D_DEBUG";
@@ -38,7 +38,7 @@ $efile="";
 $exep='.exe';
 if ($no_sock)
         { $ex_libs=""; }
-else    { $ex_libs="cw32mt.lib import32.lib"; }
+else    { $ex_libs="cw32mt.lib import32.lib crypt32.lib ws2_32.lib"; }
 
 # static library stuff
 $mklib='tlib /P64';
@@ -51,8 +51,8 @@ $lfile='';
 $shlib_ex_obj="";
 $app_ex_obj="c0x32.obj"; 
 
-$asm='nasmw -f obj -d__omf__';
-$asm.=" /Zi" if $debug;
+$asm=(`nasm -v 2>NUL` ge `nasmw -v 2>NUL`?"nasm":"nasmw")." -f obj -d__omf__";
+$asm.=" -g" if $debug;
 $afile='-o';
 
 $bn_mulw_obj='';
diff --git a/src/lib/libcrypto/util/pl/VC-32.pl b/src/lib/libcrypto/util/pl/VC-32.pl
index c503bd52b9..3705fc73b7 100644
--- a/src/lib/libcrypto/util/pl/VC-32.pl
+++ b/src/lib/libcrypto/util/pl/VC-32.pl
@@ -27,6 +27,8 @@ $zlib_lib="zlib1.lib";
 $l_flags =~ s/-L("\[^"]+")/\/libpath:$1/g;
 $l_flags =~ s/-L(\S+)/\/libpath:$1/g;
 
+my $ff = "";
+
 # C compiler stuff
 $cc='cl';
 if ($FLAVOR =~ /WIN64/)
@@ -118,7 +120,7 @@ elsif ($FLAVOR =~ /CE/)
     $base_cflags.=' -I$(WCECOMPAT)/include'             if (defined($ENV{'WCECOMPAT'}));
     $base_cflags.=' -I$(PORTSDK_LIBPATH)/../../include' if (defined($ENV{'PORTSDK_LIBPATH'}));
     $opt_cflags=' /MC /O1i';    # optimize for space, but with intrinsics...
-    $dbg_clfags=' /MC /Od -DDEBUG -D_DEBUG';
+    $dbg_cflags=' /MC /Od -DDEBUG -D_DEBUG';
     $lflags="/nologo /opt:ref $wcelflag";
     }
 else    # Win32
@@ -126,6 +128,7 @@ else	# Win32
     $base_cflags= " $mf_cflag";
     my $f = $shlib || $fips ?' /MD':' /MT';
     $lib_cflag='/Zl' if (!$shlib);      # remove /DEFAULTLIBs from static lib
+    $ff = "/fixed";
     $opt_cflags=$f.' /Ox /O2 /Ob2';
     $dbg_cflags=$f.'d /Od -DDEBUG -D_DEBUG';
     $lflags="/nologo /subsystem:console /opt:ref";
@@ -318,7 +321,7 @@ sub do_lib_rule
                         $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";
                         $ret.="\tSET FIPS_TARGET=$target\n";
                         $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";
-                        $ret.="\t\$(FIPSLINK) \$(MLFLAGS) /map $base_arg $efile$target ";
+                        $ret.="\t\$(FIPSLINK) \$(MLFLAGS) $ff /map $base_arg $efile$target ";
                         $ret.="$name @<<\n  \$(SHLIB_EX_OBJ) $objs \$(EX_LIBS) ";
                         $ret.="\$(OBJ_D)${o}fips_premain.obj $ex\n<<\n";
                         }
@@ -355,7 +358,7 @@ sub do_link_rule
                 $ret.="\tSET FIPS_TARGET=$target\n";
                 $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";
                 $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";
-                $ret.="\t\$(FIPSLINK) \$(LFLAGS) /map $efile$target @<<\n";
+                $ret.="\t\$(FIPSLINK) \$(LFLAGS) $ff /map $efile$target @<<\n";
                 $ret.="\t\$(APP_EX_OBJ) $files \$(OBJ_D)${o}fips_premain.obj $libs\n<<\n";
                 }
         else
diff --git a/src/lib/libcrypto/x509/by_dir.c b/src/lib/libcrypto/x509/by_dir.c
index 27ca5150c1..c6602dae4f 100644
--- a/src/lib/libcrypto/x509/by_dir.c
+++ b/src/lib/libcrypto/x509/by_dir.c
@@ -218,7 +218,7 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
 
         s=dir;
         p=s;
-        for (;;p++)
+        do
                 {
                 if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0'))
                         {
@@ -264,9 +264,7 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
                                 return 0;
                                 }
                         }
-                if (*p == '\0')
-                        break;
-                }
+                } while (*p++ != '\0');
         return 1;
         }
 
diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c
index 7c2aaee2e9..352aa37434 100644
--- a/src/lib/libcrypto/x509/x509_cmp.c
+++ b/src/lib/libcrypto/x509/x509_cmp.c
@@ -86,10 +86,9 @@ unsigned long X509_issuer_and_serial_hash(X509 *a)
 
         EVP_MD_CTX_init(&ctx);
         f=X509_NAME_oneline(a->cert_info->issuer,NULL,0);
-        ret=strlen(f);
         if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL))
                 goto err;
-        if (!EVP_DigestUpdate(&ctx,(unsigned char *)f,ret))
+        if (!EVP_DigestUpdate(&ctx,(unsigned char *)f,strlen(f)))
                 goto err;
         OPENSSL_free(f);
         if(!EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
@@ -249,14 +248,14 @@ unsigned long X509_NAME_hash_old(X509_NAME *x)
         i2d_X509_NAME(x,NULL);
         EVP_MD_CTX_init(&md_ctx);
         EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-        EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL);
-        EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length);
-        EVP_DigestFinal_ex(&md_ctx,md,NULL);
+        if (EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL)
+            && EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length)
+            && EVP_DigestFinal_ex(&md_ctx,md,NULL))
+                ret=(((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
+                     ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
+                     )&0xffffffffL;
         EVP_MD_CTX_cleanup(&md_ctx);
 
-        ret=(   ((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
-                ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
-                )&0xffffffffL;
         return(ret);
         }
 #endif
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
index b0779db023..920066aeba 100644
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -694,6 +694,7 @@ static int check_cert(X509_STORE_CTX *ctx)
         X509_CRL *crl = NULL, *dcrl = NULL;
         X509 *x;
         int ok, cnum;
+        unsigned int last_reasons;
         cnum = ctx->error_depth;
         x = sk_X509_value(ctx->chain, cnum);
         ctx->current_cert = x;
@@ -702,6 +703,7 @@ static int check_cert(X509_STORE_CTX *ctx)
         ctx->current_reasons = 0;
         while (ctx->current_reasons != CRLDP_ALL_REASONS)
                 {
+                last_reasons = ctx->current_reasons;
                 /* Try to retrieve relevant CRL */
                 if (ctx->get_crl)
                         ok = ctx->get_crl(ctx, &crl, x);
@@ -745,6 +747,15 @@ static int check_cert(X509_STORE_CTX *ctx)
                 X509_CRL_free(dcrl);
                 crl = NULL;
                 dcrl = NULL;
+                /* If reasons not updated we wont get anywhere by
+                 * another iteration, so exit loop.
+                 */
+                if (last_reasons == ctx->current_reasons)
+                        {
+                        ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
+                        ok = ctx->verify_cb(0, ctx);
+                        goto err;
+                        }
                 }
         err:
         X509_CRL_free(crl);
@@ -872,7 +883,7 @@ static int crl_extension_match(X509_CRL *a, X509_CRL *b, int nid)
         {
         ASN1_OCTET_STRING *exta, *extb;
         int i;
-        i = X509_CRL_get_ext_by_NID(a, nid, 0);
+        i = X509_CRL_get_ext_by_NID(a, nid, -1);
         if (i >= 0)
                 {
                 /* Can't have multiple occurrences */
@@ -883,7 +894,7 @@ static int crl_extension_match(X509_CRL *a, X509_CRL *b, int nid)
         else
                 exta = NULL;
 
-        i = X509_CRL_get_ext_by_NID(b, nid, 0);
+        i = X509_CRL_get_ext_by_NID(b, nid, -1);
 
         if (i >= 0)
                 {
@@ -1451,10 +1462,9 @@ static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
          * a certificate was revoked. This has since been changed since 
          * critical extension can change the meaning of CRL entries.
          */
-        if (crl->flags & EXFLAG_CRITICAL)
+        if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
+                && (crl->flags & EXFLAG_CRITICAL))
                 {
-                if (ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
-                        return 1;
                 ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
                 ok = ctx->verify_cb(0, ctx);
                 if(!ok)
diff --git a/src/lib/libcrypto/x509/x_all.c b/src/lib/libcrypto/x509/x_all.c
index b94aeeb873..e06602d65a 100644
--- a/src/lib/libcrypto/x509/x_all.c
+++ b/src/lib/libcrypto/x509/x_all.c
@@ -97,6 +97,7 @@ int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
 
 int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx)
         {
+        x->cert_info->enc.modified = 1;
         return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF),
                 x->cert_info->signature,
                 x->sig_alg, x->signature, x->cert_info, ctx);
@@ -123,6 +124,7 @@ int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
 
 int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx)
         {
+        x->crl->enc.modified = 1;
         return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO),
                 x->crl->sig_alg, x->sig_alg, x->signature, x->crl, ctx);
         }
diff --git a/src/lib/libcrypto/x509v3/v3_purp.c b/src/lib/libcrypto/x509v3/v3_purp.c
index 181bd34979..ad688657e0 100644
--- a/src/lib/libcrypto/x509v3/v3_purp.c
+++ b/src/lib/libcrypto/x509v3/v3_purp.c
@@ -474,11 +474,11 @@ static void x509v3_cache_extensions(X509 *x)
         for (i = 0; i < X509_get_ext_count(x); i++)
                 {
                 ex = X509_get_ext(x, i);
-                if (!X509_EXTENSION_get_critical(ex))
-                        continue;
                 if (OBJ_obj2nid(X509_EXTENSION_get_object(ex))
                                         == NID_freshest_crl)
                         x->ex_flags |= EXFLAG_FRESHEST;
+                if (!X509_EXTENSION_get_critical(ex))
+                        continue;
                 if (!X509_supported_extension(ex))
                         {
                         x->ex_flags |= EXFLAG_CRITICAL;
diff --git a/src/lib/libcrypto/x86_64cpuid.pl b/src/lib/libcrypto/x86_64cpuid.pl
index 7b7b93b223..6ebfd017ea 100644
--- a/src/lib/libcrypto/x86_64cpuid.pl
+++ b/src/lib/libcrypto/x86_64cpuid.pl
@@ -11,7 +11,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 
-open STDOUT,"| $^X $xlate $flavour $output";
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
 
 ($arg1,$arg2,$arg3,$arg4)=$win64?("%rcx","%rdx","%r8", "%r9") : # Win64 order
                                  ("%rdi","%rsi","%rdx","%rcx"); # Unix order