466 files changed, 3284 insertions, 35459 deletions

diff --git a/src/lib/libcrypto/aes/asm/aes-x86_64.pl b/src/lib/libcrypto/aes/asm/aes-x86_64.pl
index 48fa857d5b..34cbb5d844 100755
--- a/src/lib/libcrypto/aes/asm/aes-x86_64.pl
+++ b/src/lib/libcrypto/aes/asm/aes-x86_64.pl
@@ -36,7 +36,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 
-open STDOUT,"| $^X $xlate $flavour $output";
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
 
 $verticalspin=1;        # unlike 32-bit version $verticalspin performs
                         # ~15% better on both AMD and Intel cores
diff --git a/src/lib/libcrypto/aes/asm/aesni-x86_64.pl b/src/lib/libcrypto/aes/asm/aesni-x86_64.pl
index 499f3b3f42..0dbb194b8d 100644
--- a/src/lib/libcrypto/aes/asm/aesni-x86_64.pl
+++ b/src/lib/libcrypto/aes/asm/aesni-x86_64.pl
@@ -172,7 +172,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 
-open STDOUT,"| $^X $xlate $flavour $output";
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
 
 $movkey = $PREFIX eq "aesni" ? "movups" : "movups";
 @_4args=$win64? ("%rcx","%rdx","%r8", "%r9") :  # Win64 order
diff --git a/src/lib/libcrypto/asn1/a_int.c b/src/lib/libcrypto/asn1/a_int.c
index ad0d2506f6..297c45a9ff 100644
--- a/src/lib/libcrypto/asn1/a_int.c
+++ b/src/lib/libcrypto/asn1/a_int.c
@@ -116,7 +116,7 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
         int pad=0,ret,i,neg;
         unsigned char *p,*n,pb=0;
 
-        if ((a == NULL) || (a->data == NULL)) return(0);
+        if (a == NULL) return(0);
         neg=a->type & V_ASN1_NEG;
         if (a->length == 0)
                 ret=1;
diff --git a/src/lib/libcrypto/asn1/a_strex.c b/src/lib/libcrypto/asn1/a_strex.c
index 264ebf2393..ead37ac325 100644
--- a/src/lib/libcrypto/asn1/a_strex.c
+++ b/src/lib/libcrypto/asn1/a_strex.c
@@ -567,6 +567,7 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
         if(mbflag == -1) return -1;
         mbflag |= MBSTRING_FLAG;
         stmp.data = NULL;
+        stmp.length = 0;
         ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
         if(ret < 0) return ret;
         *out = stmp.data;
diff --git a/src/lib/libcrypto/asn1/asn1_err.c b/src/lib/libcrypto/asn1/asn1_err.c
index 1a30bf119b..aa60203ba8 100644
--- a/src/lib/libcrypto/asn1/asn1_err.c
+++ b/src/lib/libcrypto/asn1/asn1_err.c
@@ -305,7 +305,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE),"unknown public key type"},
 {ERR_REASON(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM),"unknown signature algorithm"},
 {ERR_REASON(ASN1_R_UNKNOWN_TAG)          ,"unknown tag"},
-{ERR_REASON(ASN1_R_UNKOWN_FORMAT)        ,"unkown format"},
+{ERR_REASON(ASN1_R_UNKOWN_FORMAT)        ,"unknown format"},
 {ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),"unsupported any defined by type"},
 {ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER)   ,"unsupported cipher"},
 {ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM),"unsupported encryption algorithm"},
diff --git a/src/lib/libcrypto/asn1/x_pubkey.c b/src/lib/libcrypto/asn1/x_pubkey.c
index 627ec87f9f..b649e1fcf9 100644
--- a/src/lib/libcrypto/asn1/x_pubkey.c
+++ b/src/lib/libcrypto/asn1/x_pubkey.c
@@ -175,12 +175,15 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
         CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
         if (key->pkey)
                 {
+                CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
                 EVP_PKEY_free(ret);
                 ret = key->pkey;
                 }
         else
+                {
                 key->pkey = ret;
-        CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
+                CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
+                }
         CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY);
 
         return ret;
diff --git a/src/lib/libcrypto/bio/bss_dgram.c b/src/lib/libcrypto/bio/bss_dgram.c
index 1b1e4bec81..54c012c47d 100644
--- a/src/lib/libcrypto/bio/bss_dgram.c
+++ b/src/lib/libcrypto/bio/bss_dgram.c
@@ -77,10 +77,20 @@
 #define OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE 0xc0
 #endif
 
-#ifdef OPENSSL_SYS_LINUX
+#if defined(OPENSSL_SYS_LINUX) && !defined(IP_MTU)
 #define IP_MTU      14 /* linux is lame */
 #endif
 
+#if defined(__FreeBSD__) && defined(IN6_IS_ADDR_V4MAPPED)
+/* Standard definition causes type-punning problems. */
+#undef IN6_IS_ADDR_V4MAPPED
+#define s6_addr32 __u6_addr.__u6_addr32
+#define IN6_IS_ADDR_V4MAPPED(a)               \
+        (((a)->s6_addr32[0] == 0) &&          \
+         ((a)->s6_addr32[1] == 0) &&          \
+         ((a)->s6_addr32[2] == htonl(0x0000ffff)))
+#endif
+
 #ifdef WATT32
 #define sock_write SockWrite  /* Watt-32 uses same names */
 #define sock_read  SockRead
@@ -255,7 +265,7 @@ static void dgram_adjust_rcv_timeout(BIO *b)
         {
 #if defined(SO_RCVTIMEO)
         bio_dgram_data *data = (bio_dgram_data *)b->ptr;
-        int sz = sizeof(int);
+        union { size_t s; int i; } sz = {0};
 
         /* Is a timer active? */
         if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0)
@@ -265,8 +275,10 @@ static void dgram_adjust_rcv_timeout(BIO *b)
                 /* Read current socket timeout */
 #ifdef OPENSSL_SYS_WINDOWS
                 int timeout;
+
+                sz.i = sizeof(timeout);
                 if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
-                                           (void*)&timeout, &sz) < 0)
+                                           (void*)&timeout, &sz.i) < 0)
                         { perror("getsockopt"); }
                 else
                         {
@@ -274,9 +286,12 @@ static void dgram_adjust_rcv_timeout(BIO *b)
                         data->socket_timeout.tv_usec = (timeout % 1000) * 1000;
                         }
 #else
+                sz.i = sizeof(data->socket_timeout);
                 if ( getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, 
                                                 &(data->socket_timeout), (void *)&sz) < 0)
                         { perror("getsockopt"); }
+                else if (sizeof(sz.s)!=sizeof(sz.i) && sz.i==0)
+                        OPENSSL_assert(sz.s<=sizeof(data->socket_timeout));
 #endif
 
                 /* Get current time */
@@ -445,11 +460,10 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
         int *ip;
         struct sockaddr *to = NULL;
         bio_dgram_data *data = NULL;
-#if defined(IP_MTU_DISCOVER) || defined(IP_MTU)
-        long sockopt_val = 0;
-        unsigned int sockopt_len = 0;
-#endif
-#ifdef OPENSSL_SYS_LINUX
+#if defined(OPENSSL_SYS_LINUX) && (defined(IP_MTU_DISCOVER) || defined(IP_MTU))
+        int sockopt_val = 0;
+        socklen_t sockopt_len;  /* assume that system supporting IP_MTU is
+                                 * modern enough to define socklen_t */
         socklen_t addr_len;
         union   {
                 struct sockaddr sa;
@@ -531,7 +545,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                 break;
                 /* (Linux)kernel sets DF bit on outgoing IP packets */
         case BIO_CTRL_DGRAM_MTU_DISCOVER:
-#ifdef OPENSSL_SYS_LINUX
+#if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO)
                 addr_len = (socklen_t)sizeof(addr);
                 memset((void *)&addr, 0, sizeof(addr));
                 if (getsockname(b->num, &addr.sa, &addr_len) < 0)
@@ -539,7 +553,6 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                         ret = 0;
                         break;
                         }
-                sockopt_len = sizeof(sockopt_val);
                 switch (addr.sa.sa_family)
                         {
                 case AF_INET:
@@ -548,7 +561,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                                 &sockopt_val, sizeof(sockopt_val))) < 0)
                                 perror("setsockopt");
                         break;
-#if OPENSSL_USE_IPV6 && defined(IPV6_MTU_DISCOVER)
+#if OPENSSL_USE_IPV6 && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO)
                 case AF_INET6:
                         sockopt_val = IPV6_PMTUDISC_DO;
                         if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
@@ -565,7 +578,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                 break;
 #endif
         case BIO_CTRL_DGRAM_QUERY_MTU:
-#ifdef OPENSSL_SYS_LINUX
+#if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU)
                 addr_len = (socklen_t)sizeof(addr);
                 memset((void *)&addr, 0, sizeof(addr));
                 if (getsockname(b->num, &addr.sa, &addr_len) < 0)
@@ -727,12 +740,15 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
 #endif
                 break;
         case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT:
-#ifdef OPENSSL_SYS_WINDOWS
                 {
-                int timeout, sz = sizeof(timeout);
+                union { size_t s; int i; } sz = {0};
+#ifdef OPENSSL_SYS_WINDOWS
+                int timeout;
                 struct timeval *tv = (struct timeval *)ptr;
+
+                sz.i = sizeof(timeout);
                 if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
-                        (void*)&timeout, &sz) < 0)
+                        (void*)&timeout, &sz.i) < 0)
                         { perror("getsockopt"); ret = -1; }
                 else
                         {
@@ -740,12 +756,20 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                         tv->tv_usec = (timeout % 1000) * 1000;
                         ret = sizeof(*tv);
                         }
-                }
 #else
+                sz.i = sizeof(struct timeval);
                 if ( getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, 
-                        ptr, (void *)&ret) < 0)
+                        ptr, (void *)&sz) < 0)
                         { perror("getsockopt"); ret = -1; }
+                else if (sizeof(sz.s)!=sizeof(sz.i) && sz.i==0)
+                        {
+                        OPENSSL_assert(sz.s<=sizeof(struct timeval));
+                        ret = (int)sz.s;
+                        }
+                else
+                        ret = sz.i;
 #endif
+                }
                 break;
 #endif
 #if defined(SO_SNDTIMEO)
@@ -765,12 +789,15 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
 #endif
                 break;
         case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT:
-#ifdef OPENSSL_SYS_WINDOWS
                 {
-                int timeout, sz = sizeof(timeout);
+                union { size_t s; int i; } sz = {0};
+#ifdef OPENSSL_SYS_WINDOWS
+                int timeout;
                 struct timeval *tv = (struct timeval *)ptr;
+
+                sz.i = sizeof(timeout);
                 if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
-                        (void*)&timeout, &sz) < 0)
+                        (void*)&timeout, &sz.i) < 0)
                         { perror("getsockopt"); ret = -1; }
                 else
                         {
@@ -778,12 +805,20 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                         tv->tv_usec = (timeout % 1000) * 1000;
                         ret = sizeof(*tv);
                         }
-                }
 #else
+                sz.i = sizeof(struct timeval);
                 if ( getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, 
-                        ptr, (void *)&ret) < 0)
+                        ptr, (void *)&sz) < 0)
                         { perror("getsockopt"); ret = -1; }
+                else if (sizeof(sz.s)!=sizeof(sz.i) && sz.i==0)
+                        {
+                        OPENSSL_assert(sz.s<=sizeof(struct timeval));
+                        ret = (int)sz.s;
+                        }
+                else
+                        ret = sz.i;
 #endif
+                }
                 break;
 #endif
         case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP:
@@ -871,8 +906,8 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag)
         memset(authchunks, 0, sizeof(sockopt_len));
         ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks, &sockopt_len);
         OPENSSL_assert(ret >= 0);
-        
-        for (p = (unsigned char*) authchunks + sizeof(sctp_assoc_t);
+
+        for (p = (unsigned char*) authchunks->gauth_chunks;
              p < (unsigned char*) authchunks + sockopt_len;
              p += sizeof(uint8_t))
                 {
@@ -955,7 +990,6 @@ static int dgram_sctp_free(BIO *a)
 #ifdef SCTP_AUTHENTICATION_EVENT
 void dgram_sctp_handle_auth_free_key_event(BIO *b, union sctp_notification *snp)
         {
-        unsigned int sockopt_len = 0;
         int ret;
         struct sctp_authkey_event* authkeyevent = &snp->sn_auth_event;
 
@@ -965,9 +999,8 @@ void dgram_sctp_handle_auth_free_key_event(BIO *b, union sctp_notification *snp)
 
                 /* delete key */
                 authkeyid.scact_keynumber = authkeyevent->auth_keynumber;
-                sockopt_len = sizeof(struct sctp_authkeyid);
                 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY,
-                      &authkeyid, sockopt_len);
+                      &authkeyid, sizeof(struct sctp_authkeyid));
                 }
         }
 #endif
@@ -1164,7 +1197,7 @@ static int dgram_sctp_read(BIO *b, char *out, int outl)
                         ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS, authchunks, &optlen);
                         OPENSSL_assert(ii >= 0);
 
-                        for (p = (unsigned char*) authchunks + sizeof(sctp_assoc_t);
+                        for (p = (unsigned char*) authchunks->gauth_chunks;
                                  p < (unsigned char*) authchunks + optlen;
                                  p += sizeof(uint8_t))
                                 {
@@ -1298,7 +1331,7 @@ static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr)
         {
         long ret=1;
         bio_dgram_sctp_data *data = NULL;
-        unsigned int sockopt_len = 0;
+        socklen_t sockopt_len = 0;
         struct sctp_authkeyid authkeyid;
         struct sctp_authkey *authkey;
 
diff --git a/src/lib/libcrypto/bio/bss_log.c b/src/lib/libcrypto/bio/bss_log.c
index b7dce5c1a2..2227b2b52d 100644
--- a/src/lib/libcrypto/bio/bss_log.c
+++ b/src/lib/libcrypto/bio/bss_log.c
@@ -245,7 +245,7 @@ static int MS_CALLBACK slg_puts(BIO *bp, const char *str)
 
 static void xopenlog(BIO* bp, char* name, int level)
 {
-        if (GetVersion() < 0x80000000)
+        if (check_winnt())
                 bp->ptr = RegisterEventSourceA(NULL,name);
         else
                 bp->ptr = NULL;
diff --git a/src/lib/libcrypto/bn/bn.h b/src/lib/libcrypto/bn/bn.h
index f34248ec4f..21a1a3fe35 100644
--- a/src/lib/libcrypto/bn/bn.h
+++ b/src/lib/libcrypto/bn/bn.h
@@ -538,6 +538,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret,
 BIGNUM *BN_mod_sqrt(BIGNUM *ret,
         const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
 
+void    BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
+
 /* Deprecated versions */
 #ifndef OPENSSL_NO_DEPRECATED
 BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,
@@ -774,11 +776,20 @@ int RAND_pseudo_bytes(unsigned char *buf,int num);
 
 #define bn_fix_top(a)           bn_check_top(a)
 
+#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
+#define bn_wcheck_size(bn, words) \
+        do { \
+                const BIGNUM *_bnum2 = (bn); \
+                assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \
+        } while(0)
+
 #else /* !BN_DEBUG */
 
 #define bn_pollute(a)
 #define bn_check_top(a)
 #define bn_fix_top(a)           bn_correct_top(a)
+#define bn_check_size(bn, bits)
+#define bn_wcheck_size(bn, words)
 
 #endif
 
diff --git a/src/lib/libcrypto/bn/bn_div.c b/src/lib/libcrypto/bn/bn_div.c
index 52b3304293..7b2403185e 100644
--- a/src/lib/libcrypto/bn/bn_div.c
+++ b/src/lib/libcrypto/bn/bn_div.c
@@ -141,6 +141,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
     *
     *                                   <appro@fy.chalmers.se>
     */
+#undef bn_div_words
 #  define bn_div_words(n0,n1,d0)                \
         ({  asm volatile (                      \
                 "divl   %4"                     \
@@ -155,6 +156,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
     * Same story here, but it's 128-bit by 64-bit division. Wow!
     *                                   <appro@fy.chalmers.se>
     */
+#  undef bn_div_words
 #  define bn_div_words(n0,n1,d0)                \
         ({  asm volatile (                      \
                 "divq   %4"                     \
diff --git a/src/lib/libcrypto/bn/bn_gcd.c b/src/lib/libcrypto/bn/bn_gcd.c
index 4a352119ba..a808f53178 100644
--- a/src/lib/libcrypto/bn/bn_gcd.c
+++ b/src/lib/libcrypto/bn/bn_gcd.c
@@ -205,6 +205,7 @@ err:
 /* solves ax == 1 (mod n) */
 static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
         const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
+
 BIGNUM *BN_mod_inverse(BIGNUM *in,
         const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
         {
diff --git a/src/lib/libcrypto/bn/bn_lcl.h b/src/lib/libcrypto/bn/bn_lcl.h
index eecfd8cc99..817c773b65 100644
--- a/src/lib/libcrypto/bn/bn_lcl.h
+++ b/src/lib/libcrypto/bn/bn_lcl.h
@@ -282,16 +282,23 @@ extern "C" {
 #  endif
 # elif defined(__mips) && (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG))
 #  if defined(__GNUC__) && __GNUC__>=2
-#   define BN_UMULT_HIGH(a,b)   ({      \
+#   if __GNUC__>=4 && __GNUC_MINOR__>=4 /* "h" constraint is no more since 4.4 */
+#     define BN_UMULT_HIGH(a,b)          (((__uint128_t)(a)*(b))>>64)
+#     define BN_UMULT_LOHI(low,high,a,b) ({     \
+        __uint128_t ret=(__uint128_t)(a)*(b);   \
+        (high)=ret>>64; (low)=ret;       })
+#   else
+#     define BN_UMULT_HIGH(a,b) ({      \
         register BN_ULONG ret;          \
         asm ("dmultu    %1,%2"          \
              : "=h"(ret)                \
              : "r"(a), "r"(b) : "l");   \
         ret;                    })
-#   define BN_UMULT_LOHI(low,high,a,b)  \
+#     define BN_UMULT_LOHI(low,high,a,b)\
         asm ("dmultu    %2,%3"          \
              : "=l"(low),"=h"(high)     \
              : "r"(a), "r"(b));
+#    endif
 #  endif
 # endif         /* cpu */
 #endif          /* OPENSSL_NO_ASM */
diff --git a/src/lib/libcrypto/bn/bn_lib.c b/src/lib/libcrypto/bn/bn_lib.c
index 7a5676de69..5461e6ee7d 100644
--- a/src/lib/libcrypto/bn/bn_lib.c
+++ b/src/lib/libcrypto/bn/bn_lib.c
@@ -824,3 +824,55 @@ int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,
                 }
         return bn_cmp_words(a,b,cl);
         }
+
+/* 
+ * Constant-time conditional swap of a and b.  
+ * a and b are swapped if condition is not 0.  The code assumes that at most one bit of condition is set.
+ * nwords is the number of words to swap.  The code assumes that at least nwords are allocated in both a and b,
+ * and that no more than nwords are used by either a or b.
+ * a and b cannot be the same number
+ */
+void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
+        {
+        BN_ULONG t;
+        int i;
+
+        bn_wcheck_size(a, nwords);
+        bn_wcheck_size(b, nwords);
+
+        assert(a != b);
+        assert((condition & (condition - 1)) == 0);
+        assert(sizeof(BN_ULONG) >= sizeof(int));
+
+        condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1;
+
+        t = (a->top^b->top) & condition;
+        a->top ^= t;
+        b->top ^= t;
+
+#define BN_CONSTTIME_SWAP(ind) \
+        do { \
+                t = (a->d[ind] ^ b->d[ind]) & condition; \
+                a->d[ind] ^= t; \
+                b->d[ind] ^= t; \
+        } while (0)
+
+
+        switch (nwords) {
+        default:
+                for (i = 10; i < nwords; i++) 
+                        BN_CONSTTIME_SWAP(i);
+                /* Fallthrough */
+        case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */
+        case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */
+        case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */
+        case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */
+        case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */
+        case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */
+        case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */
+        case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */
+        case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */
+        case 1: BN_CONSTTIME_SWAP(0);
+        }
+#undef BN_CONSTTIME_SWAP
+}
diff --git a/src/lib/libcrypto/bn/bn_nist.c b/src/lib/libcrypto/bn/bn_nist.c
index 43caee4770..e22968d4a3 100644
--- a/src/lib/libcrypto/bn/bn_nist.c
+++ b/src/lib/libcrypto/bn/bn_nist.c
@@ -286,26 +286,25 @@ const BIGNUM *BN_get0_nist_prime_521(void)
         }
 
 
-static void nist_cp_bn_0(BN_ULONG *buf, BN_ULONG *a, int top, int max)
+static void nist_cp_bn_0(BN_ULONG *dst, const BN_ULONG *src, int top, int max)
         {
         int i;
-        BN_ULONG *_tmp1 = (buf), *_tmp2 = (a);
 
 #ifdef BN_DEBUG
         OPENSSL_assert(top <= max);
 #endif
-        for (i = (top); i != 0; i--)
-                *_tmp1++ = *_tmp2++;
-        for (i = (max) - (top); i != 0; i--)
-                *_tmp1++ = (BN_ULONG) 0;
+        for (i = 0; i < top; i++)
+                dst[i] = src[i];
+        for (; i < max; i++)
+                dst[i] = 0;
         }
 
-static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top)
+static void nist_cp_bn(BN_ULONG *dst, const BN_ULONG *src, int top)
         { 
         int i;
-        BN_ULONG *_tmp1 = (buf), *_tmp2 = (a);
-        for (i = (top); i != 0; i--)
-                *_tmp1++ = *_tmp2++;
+
+        for (i = 0; i < top; i++)
+                dst[i] = src[i];
         }
 
 #if BN_BITS2 == 64
@@ -451,8 +450,9 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
          */
         mask  = 0-(PTR_SIZE_INT)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP);
         mask &= 0-(PTR_SIZE_INT)carry;
+        res   = c_d;
         res   = (BN_ULONG *)
-         (((PTR_SIZE_INT)c_d&~mask) | ((PTR_SIZE_INT)r_d&mask));
+         (((PTR_SIZE_INT)res&~mask) | ((PTR_SIZE_INT)r_d&mask));
         nist_cp_bn(r_d, res, BN_NIST_192_TOP);
         r->top = BN_NIST_192_TOP;
         bn_correct_top(r);
@@ -479,8 +479,11 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         int     top = a->top, i;
         int     carry;
         BN_ULONG *r_d, *a_d = a->d;
-        BN_ULONG buf[BN_NIST_224_TOP],
-                 c_d[BN_NIST_224_TOP],
+        union   {
+                BN_ULONG        bn[BN_NIST_224_TOP];
+                unsigned int    ui[BN_NIST_224_TOP*sizeof(BN_ULONG)/sizeof(unsigned int)];
+                } buf;
+        BN_ULONG c_d[BN_NIST_224_TOP],
                 *res;
         PTR_SIZE_INT mask;
         union { bn_addsub_f f; PTR_SIZE_INT p; } u;
@@ -519,18 +522,18 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         /* copy upper 256 bits of 448 bit number ... */
         nist_cp_bn_0(c_d, a_d + (BN_NIST_224_TOP-1), top - (BN_NIST_224_TOP-1), BN_NIST_224_TOP);
         /* ... and right shift by 32 to obtain upper 224 bits */
-        nist_set_224(buf, c_d, 14, 13, 12, 11, 10, 9, 8);
+        nist_set_224(buf.bn, c_d, 14, 13, 12, 11, 10, 9, 8);
         /* truncate lower part to 224 bits too */
         r_d[BN_NIST_224_TOP-1] &= BN_MASK2l;
 #else
-        nist_cp_bn_0(buf, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, BN_NIST_224_TOP);
+        nist_cp_bn_0(buf.bn, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, BN_NIST_224_TOP);
 #endif
 
 #if defined(NIST_INT64) && BN_BITS2!=64
         {
         NIST_INT64              acc;    /* accumulator */
         unsigned int            *rp=(unsigned int *)r_d;
-        const unsigned int      *bp=(const unsigned int *)buf;
+        const unsigned int      *bp=(const unsigned int *)buf.ui;
 
         acc  = rp[0];   acc -= bp[7-7];
                         acc -= bp[11-7]; rp[0] = (unsigned int)acc; acc >>= 32;
@@ -565,13 +568,13 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         {
         BN_ULONG t_d[BN_NIST_224_TOP];
 
-        nist_set_224(t_d, buf, 10, 9, 8, 7, 0, 0, 0);
+        nist_set_224(t_d, buf.bn, 10, 9, 8, 7, 0, 0, 0);
         carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
-        nist_set_224(t_d, buf, 0, 13, 12, 11, 0, 0, 0);
+        nist_set_224(t_d, buf.bn, 0, 13, 12, 11, 0, 0, 0);
         carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
-        nist_set_224(t_d, buf, 13, 12, 11, 10, 9, 8, 7);
+        nist_set_224(t_d, buf.bn, 13, 12, 11, 10, 9, 8, 7);
         carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
-        nist_set_224(t_d, buf, 0, 0, 0, 0, 13, 12, 11);
+        nist_set_224(t_d, buf.bn, 0, 0, 0, 0, 13, 12, 11);
         carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
 
 #if BN_BITS2==64
@@ -606,7 +609,8 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         /* otherwise it's effectively same as in BN_nist_mod_192... */
         mask  = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_224[0],BN_NIST_224_TOP);
         mask &= 0-(PTR_SIZE_INT)carry;
-        res   = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) |
+        res   = c_d;
+        res   = (BN_ULONG *)(((PTR_SIZE_INT)res&~mask) |
          ((PTR_SIZE_INT)r_d&mask));
         nist_cp_bn(r_d, res, BN_NIST_224_TOP);
         r->top = BN_NIST_224_TOP;
@@ -805,7 +809,8 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 
         mask  = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP);
         mask &= 0-(PTR_SIZE_INT)carry;
-        res   = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) |
+        res   = c_d;
+        res   = (BN_ULONG *)(((PTR_SIZE_INT)res&~mask) |
          ((PTR_SIZE_INT)r_d&mask));
         nist_cp_bn(r_d, res, BN_NIST_256_TOP);
         r->top = BN_NIST_256_TOP;
@@ -1026,7 +1031,8 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 
         mask  = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_384[0],BN_NIST_384_TOP);
         mask &= 0-(PTR_SIZE_INT)carry;
-        res   = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) |
+        res   = c_d;
+        res   = (BN_ULONG *)(((PTR_SIZE_INT)res&~mask) |
          ((PTR_SIZE_INT)r_d&mask));
         nist_cp_bn(r_d, res, BN_NIST_384_TOP);
         r->top = BN_NIST_384_TOP;
@@ -1092,7 +1098,8 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 
         bn_add_words(r_d,r_d,t_d,BN_NIST_521_TOP);
         mask = 0-(PTR_SIZE_INT)bn_sub_words(t_d,r_d,_nist_p_521,BN_NIST_521_TOP);
-        res  = (BN_ULONG *)(((PTR_SIZE_INT)t_d&~mask) |
+        res  = t_d;
+        res  = (BN_ULONG *)(((PTR_SIZE_INT)res&~mask) |
          ((PTR_SIZE_INT)r_d&mask));
         nist_cp_bn(r_d,res,BN_NIST_521_TOP);
         r->top = BN_NIST_521_TOP;
diff --git a/src/lib/libcrypto/buffer/buffer.c b/src/lib/libcrypto/buffer/buffer.c
index d7aa79ad7f..d4a4ce43b3 100644
--- a/src/lib/libcrypto/buffer/buffer.c
+++ b/src/lib/libcrypto/buffer/buffer.c
@@ -179,14 +179,14 @@ int BUF_MEM_grow_clean(BUF_MEM *str, size_t len)
         return(len);
         }
 
-void BUF_reverse(unsigned char *out, unsigned char *in, size_t size)
+void BUF_reverse(unsigned char *out, const unsigned char *in, size_t size)
         {
         size_t i;
         if (in)
                 {
                 out += size - 1;
                 for (i = 0; i < size; i++)
-                        *in++ = *out--;
+                        *out-- = *in++;
                 }
         else
                 {
diff --git a/src/lib/libcrypto/buffer/buffer.h b/src/lib/libcrypto/buffer/buffer.h
index 178e418282..f8da32b485 100644
--- a/src/lib/libcrypto/buffer/buffer.h
+++ b/src/lib/libcrypto/buffer/buffer.h
@@ -88,7 +88,7 @@ int	BUF_MEM_grow_clean(BUF_MEM *str, size_t len);
 char *  BUF_strdup(const char *str);
 char *  BUF_strndup(const char *str, size_t siz);
 void *  BUF_memdup(const void *data, size_t siz);
-void    BUF_reverse(unsigned char *out, unsigned char *in, size_t siz);
+void    BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz);
 
 /* safe string functions */
 size_t BUF_strlcpy(char *dst,const char *src,size_t siz);
diff --git a/src/lib/libcrypto/cryptlib.c b/src/lib/libcrypto/cryptlib.c
index 766ea8cac7..0b77d8b7d0 100644
--- a/src/lib/libcrypto/cryptlib.c
+++ b/src/lib/libcrypto/cryptlib.c
@@ -504,7 +504,7 @@ void CRYPTO_THREADID_current(CRYPTO_THREADID *id)
         CRYPTO_THREADID_set_numeric(id, (unsigned long)find_thread(NULL));
 #else
         /* For everything else, default to using the address of 'errno' */
-        CRYPTO_THREADID_set_pointer(id, &errno);
+        CRYPTO_THREADID_set_pointer(id, (void*)&errno);
 #endif
         }
 
@@ -704,6 +704,7 @@ void OPENSSL_cpuid_setup(void)
     }
     else
         vec = OPENSSL_ia32_cpuid();
+
     /*
      * |(1<<10) sets a reserved bit to signal that variable
      * was initialized already... This is to avoid interference
@@ -888,7 +889,7 @@ void OPENSSL_showfatal (const char *fmta,...)
 
 #if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
     /* this -------------v--- guards NT-specific calls */
-    if (GetVersion() < 0x80000000 && OPENSSL_isservice() > 0)
+    if (check_winnt() && OPENSSL_isservice() > 0)
     {   HANDLE h = RegisterEventSource(0,_T("OPENSSL"));
         const TCHAR *pmsg=buf;
         ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0);
@@ -924,3 +925,16 @@ void OpenSSLDie(const char *file,int line,const char *assertion)
         }
 
 void *OPENSSL_stderr(void)      { return stderr; }
+
+int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len)
+        {
+        size_t i;
+        const unsigned char *a = in_a;
+        const unsigned char *b = in_b;
+        unsigned char x = 0;
+
+        for (i = 0; i < len; i++)
+                x |= a[i] ^ b[i];
+
+        return x;
+        }
diff --git a/src/lib/libcrypto/cryptlib.h b/src/lib/libcrypto/cryptlib.h
index 1761f6b668..d26f9630ea 100644
--- a/src/lib/libcrypto/cryptlib.h
+++ b/src/lib/libcrypto/cryptlib.h
@@ -100,7 +100,7 @@ extern "C" {
 
 void OPENSSL_cpuid_setup(void);
 extern unsigned int OPENSSL_ia32cap_P[];
-void OPENSSL_showfatal(const char *,...);
+void OPENSSL_showfatal(const char *fmta,...);
 void *OPENSSL_stderr(void);
 extern int OPENSSL_NONPIC_relocated;
 
diff --git a/src/lib/libcrypto/crypto-lib.com b/src/lib/libcrypto/crypto-lib.com
deleted file mode 100644
index c280aa03a8..0000000000
--- a/src/lib/libcrypto/crypto-lib.com
+++ /dev/null
@@ -1,1516 +0,0 @@
-$!
-$!  CRYPTO-LIB.COM
-$!  Written By:  Robert Byer
-$!               Vice-President
-$!               A-Com Computing, Inc.
-$!               byer@mail.all-net.net
-$!
-$!  Changes by Richard Levitte <richard@levitte.org>
-$!             Zoltan Arpadffy <arpadffy@polarhome.com>
-$!
-$!  This command files compiles and creates the "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" 
-$!  library for OpenSSL.  The "xxx" denotes the machine architecture, ALPHA,
-$!  IA64 or VAX.
-$!
-$!  It was re-written so it would try to determine what "C" compiler to use 
-$!  or you can specify which "C" compiler to use.
-$!
-$!  Specify the following as P1 to build just that part or ALL to just
-$!  build everything.
-$!
-$!      LIBRARY    To just compile the [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library.
-$!      APPS       To just compile the [.xxx.EXE.CRYPTO]*.EXE
-$!      ALL        To do both LIBRARY and APPS
-$!
-$!  Specify DEBUG or NODEBUG as P2 to compile with or without debugger
-$!  information.
-$!
-$!  Specify which compiler at P3 to try to compile under.
-$!
-$!      VAXC       For VAX C.
-$!      DECC       For DEC C.
-$!      GNUC       For GNU C.
-$!
-$!  If you don't specify a compiler, it will try to determine which
-$!  "C" compiler to use.
-$!
-$!  P4, if defined, sets a TCP/IP library to use, through one of the following
-$!  keywords:
-$!
-$!      UCX        For UCX
-$!      TCPIP      For TCPIP (post UCX)
-$!      SOCKETSHR  For SOCKETSHR+NETLIB
-$!
-$!  P5, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
-$!
-$!  P6, if defined, sets a choice of crypto methods to compile.
-$!  WARNING: this should only be done to recompile some part of an already
-$!  fully compiled library.
-$!
-$!  P7, if defined, specifies the C pointer size.  Ignored on VAX.
-$!      ("64=ARGV" gives more efficient code with HP C V7.3 or newer.)
-$!      Supported values are:
-$!
-$!      ""       Compile with default (/NOPOINTER_SIZE)
-$!      32       Compile with /POINTER_SIZE=32 (SHORT)
-$!      64       Compile with /POINTER_SIZE=64[=ARGV] (LONG[=ARGV]).
-$!               (Automatically select ARGV if compiler supports it.)
-$!      64=      Compile with /POINTER_SIZE=64 (LONG).
-$!      64=ARGV  Compile with /POINTER_SIZE=64=ARGV (LONG=ARGV).
-$!
-$!  P8, if defined, specifies a directory where ZLIB files (zlib.h,
-$!  libz.olb) may be found.  Optionally, a non-default object library
-$!  name may be included ("dev:[dir]libz_64.olb", for example).
-$!
-$!
-$! Announce/identify.
-$!
-$ proc = f$environment( "procedure")
-$ write sys$output "@@@ "+ -
-   f$parse( proc, , , "name")+ f$parse( proc, , , "type")
-$!
-$! Define A TCP/IP Library That We Will Need To Link To.
-$! (That Is, If We Need To Link To One.)
-$!
-$ TCPIP_LIB = ""
-$ ZLIB_LIB = ""
-$!
-$! Check Which Architecture We Are Using.
-$!
-$ IF (F$GETSYI("CPU").LT.128)
-$ THEN
-$!
-$!  The Architecture Is VAX
-$!
-$   ARCH = "VAX"
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$!  The Architecture Is Alpha, IA64 or whatever comes in the future.
-$!
-$   ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
-$   IF (ARCH .EQS. "") THEN ARCH = "UNK"
-$!
-$! End The Architecture Check.
-$!
-$ ENDIF
-$!
-$ ARCHD = ARCH
-$ LIB32 = "32"
-$ OPT_FILE = ""
-$ POINTER_SIZE = ""
-$!
-$! Define The Different Encryption Types.
-$! NOTE: Some might think this list ugly.  However, it's made this way to
-$! reflect the SDIRS variable in [-]Makefile.org as closely as possible,
-$! thereby making it fairly easy to verify that the lists are the same.
-$!
-$ ET_WHIRLPOOL = "WHRLPOOL"
-$ IF ARCH .EQS. "VAX" THEN ET_WHIRLPOOL = ""
-$ ENCRYPT_TYPES = "Basic,"+ -
-                  "OBJECTS,"+ -
-                  "MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ET_WHIRLPOOL+","+ -
-                  "DES,AES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,MODES,"+ -
-                  "BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,"+ -
-                  "BUFFER,BIO,STACK,LHASH,RAND,ERR,"+ -
-                  "EVP,EVP_2,EVP_3,ASN1,ASN1_2,PEM,X509,X509V3,"+ -
-                  "CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5,"+ -
-                  "CMS,PQUEUE,TS,JPAKE,SRP,STORE,CMAC"
-$!
-$! Check To Make Sure We Have Valid Command Line Parameters.
-$!
-$ GOSUB CHECK_OPTIONS
-$!
-$! Define The OBJ and EXE Directories.
-$!
-$ OBJ_DIR := SYS$DISK:[-.'ARCHD'.OBJ.CRYPTO]
-$ EXE_DIR := SYS$DISK:[-.'ARCHD'.EXE.CRYPTO]
-$!
-$! Specify the destination directory in any /MAP option.
-$!
-$ if (LINKMAP .eqs. "MAP")
-$ then
-$   LINKMAP = LINKMAP+ "=''EXE_DIR'"
-$ endif
-$!
-$! Add the location prefix to the linker options file name.
-$!
-$ if (OPT_FILE .nes. "")
-$ then
-$   OPT_FILE = EXE_DIR+ OPT_FILE
-$ endif
-$!
-$! Initialise logical names and such
-$!
-$ GOSUB INITIALISE
-$!
-$! Tell The User What Kind of Machine We Run On.
-$!
-$ WRITE SYS$OUTPUT "Host system architecture: ''ARCHD'"
-$!
-$!
-$! Check To See If The Architecture Specific OBJ Directory Exists.
-$!
-$ IF (F$PARSE(OBJ_DIR).EQS."")
-$ THEN
-$!
-$!  It Dosen't Exist, So Create It.
-$!
-$   CREATE/DIR 'OBJ_DIR'
-$!
-$! End The Architecture Specific OBJ Directory Check.
-$!
-$ ENDIF
-$!
-$! Check To See If The Architecture Specific Directory Exists.
-$!
-$ IF (F$PARSE(EXE_DIR).EQS."")
-$ THEN
-$!
-$!  It Dosen't Exist, So Create It.
-$!
-$   CREATE/DIRECTORY 'EXE_DIR'
-$!
-$! End The Architecture Specific Directory Check.
-$!
-$ ENDIF
-$!
-$! Define The Library Name.
-$!
-$ LIB_NAME := 'EXE_DIR'SSL_LIBCRYPTO'LIB32'.OLB
-$!
-$! Define The CRYPTO-LIB We Are To Use.
-$!
-$ CRYPTO_LIB := 'EXE_DIR'SSL_LIBCRYPTO'LIB32'.OLB
-$!
-$! Check To See If We Already Have A "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" Library...
-$!
-$ IF (F$SEARCH(LIB_NAME).EQS."")
-$ THEN
-$!
-$! Guess Not, Create The Library.
-$!
-$   LIBRARY/CREATE/OBJECT 'LIB_NAME'
-$!
-$! End The Library Check.
-$!
-$ ENDIF
-$!
-$! Build our options file for the application
-$!
-$ GOSUB CHECK_OPT_FILE
-$!
-$! Define The Different Encryption "library" Strings.
-$!
-$ APPS_DES = "DES/DES,CBC3_ENC"
-$ APPS_PKCS7 = "ENC/ENC;DEC/DEC;SIGN/SIGN;VERIFY/VERIFY,EXAMPLE"
-$
-$ LIB_ = "cryptlib,mem,mem_clr,mem_dbg,cversion,ex_data,cpt_err,"+ -
-        "ebcdic,uid,o_time,o_str,o_dir,o_fips.c,o_init,fips_ers"
-$ LIB_MD2 = "md2_dgst,md2_one"
-$ LIB_MD4 = "md4_dgst,md4_one"
-$ LIB_MD5 = "md5_dgst,md5_one"
-$ LIB_SHA = "sha_dgst,sha1dgst,sha_one,sha1_one,sha256,sha512"
-$ LIB_MDC2 = "mdc2dgst,mdc2_one"
-$ LIB_HMAC = "hmac,hm_ameth,hm_pmeth"
-$ LIB_RIPEMD = "rmd_dgst,rmd_one"
-$ LIB_WHRLPOOL = "wp_dgst,wp_block"
-$ LIB_DES = "set_key,ecb_enc,cbc_enc,"+ -
-        "ecb3_enc,cfb64enc,cfb64ede,cfb_enc,ofb64ede,"+ -
-        "enc_read,enc_writ,ofb64enc,"+ -
-        "ofb_enc,str2key,pcbc_enc,qud_cksm,rand_key,"+ -
-        "des_enc,fcrypt_b,"+ -
-        "fcrypt,xcbc_enc,rpc_enc,cbc_cksm,"+ -
-        "ede_cbcm_enc,des_old,des_old2,read2pwd"
-$ LIB_RC2 = "rc2_ecb,rc2_skey,rc2_cbc,rc2cfb64,rc2ofb64"
-$ LIB_RC4 = "rc4_skey,rc4_enc,rc4_utl"
-$ LIB_RC5 = "rc5_skey,rc5_ecb,rc5_enc,rc5cfb64,rc5ofb64"
-$ LIB_IDEA = "i_cbc,i_cfb64,i_ofb64,i_ecb,i_skey"
-$ LIB_BF = "bf_skey,bf_ecb,bf_enc,bf_cfb64,bf_ofb64"
-$ LIB_CAST = "c_skey,c_ecb,c_enc,c_cfb64,c_ofb64"
-$ LIB_CAMELLIA = "camellia,cmll_misc,cmll_ecb,cmll_cbc,cmll_ofb,"+ -
-        "cmll_cfb,cmll_ctr,cmll_utl"
-$ LIB_SEED = "seed,seed_ecb,seed_cbc,seed_cfb,seed_ofb"
-$ LIB_MODES = "cbc128,ctr128,cts128,cfb128,ofb128,gcm128,"+ -
-        "ccm128,xts128"
-$ LIB_BN_ASM = "[.asm]vms.mar,vms-helper"
-$ IF F$TRNLNM("OPENSSL_NO_ASM") .OR. ARCH .NES. "VAX" THEN -
-     LIB_BN_ASM = "bn_asm"
-$ LIB_BN = "bn_add,bn_div,bn_exp,bn_lib,bn_ctx,bn_mul,bn_mod,"+ -
-        "bn_print,bn_rand,bn_shift,bn_word,bn_blind,"+ -
-        "bn_kron,bn_sqrt,bn_gcd,bn_prime,bn_err,bn_sqr,"+LIB_BN_ASM+","+ -
-        "bn_recp,bn_mont,bn_mpi,bn_exp2,bn_gf2m,bn_nist,"+ -
-        "bn_depr,bn_const,bn_x931p"
-$ LIB_EC = "ec_lib,ecp_smpl,ecp_mont,ecp_nist,ec_cvt,ec_mult,"+ -
-        "ec_err,ec_curve,ec_check,ec_print,ec_asn1,ec_key,"+ -
-        "ec2_smpl,ec2_mult,ec_ameth,ec_pmeth,eck_prn,"+ -
-        "ecp_nistp224,ecp_nistp256,ecp_nistp521,ecp_nistputil,"+ -
-        "ecp_oct,ec2_oct,ec_oct"
-$ LIB_RSA = "rsa_eay,rsa_gen,rsa_lib,rsa_sign,rsa_saos,rsa_err,"+ -
-        "rsa_pk1,rsa_ssl,rsa_none,rsa_oaep,rsa_chk,rsa_null,"+ -
-        "rsa_pss,rsa_x931,rsa_asn1,rsa_depr,rsa_ameth,rsa_prn,"+ -
-        "rsa_pmeth,rsa_crpt"
-$ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa_asn1,dsa_vrf,dsa_sign,"+ -
-        "dsa_err,dsa_ossl,dsa_depr,dsa_ameth,dsa_pmeth,dsa_prn"
-$ LIB_ECDSA = "ecs_lib,ecs_asn1,ecs_ossl,ecs_sign,ecs_vrf,ecs_err"
-$ LIB_DH = "dh_asn1,dh_gen,dh_key,dh_lib,dh_check,dh_err,dh_depr,"+ -
-        "dh_ameth,dh_pmeth,dh_prn"
-$ LIB_ECDH = "ech_lib,ech_ossl,ech_key,ech_err"
-$ LIB_DSO = "dso_dl,dso_dlfcn,dso_err,dso_lib,dso_null,"+ -
-        "dso_openssl,dso_win32,dso_vms,dso_beos"
-$ LIB_ENGINE = "eng_err,eng_lib,eng_list,eng_init,eng_ctrl,"+ -
-        "eng_table,eng_pkey,eng_fat,eng_all,"+ -
-        "tb_rsa,tb_dsa,tb_ecdsa,tb_dh,tb_ecdh,tb_rand,tb_store,"+ -
-        "tb_cipher,tb_digest,tb_pkmeth,tb_asnmth,"+ -
-        "eng_openssl,eng_dyn,eng_cnf,eng_cryptodev,"+ -
-        "eng_rsax,eng_rdrand"
-$ LIB_AES = "aes_core,aes_misc,aes_ecb,aes_cbc,aes_cfb,aes_ofb,aes_ctr,"+ -
-        "aes_ige,aes_wrap"
-$ LIB_BUFFER = "buffer,buf_str,buf_err"
-$ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ -
-        "bss_mem,bss_null,bss_fd,"+ -
-        "bss_file,bss_sock,bss_conn,"+ -
-        "bf_null,bf_buff,b_print,b_dump,"+ -
-        "b_sock,bss_acpt,bf_nbio,bss_rtcp,bss_bio,bss_log,"+ -
-        "bss_dgram,"+ -
-        "bf_lbuf"
-$ LIB_STACK = "stack"
-$ LIB_LHASH = "lhash,lh_stats"
-$ LIB_RAND = "md_rand,randfile,rand_lib,rand_err,rand_egd,"+ -
-        "rand_vms"
-$ LIB_ERR = "err,err_all,err_prn"
-$ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err,obj_xref"
-$ LIB_EVP = "encode,digest,evp_enc,evp_key,evp_acnf,"+ -
-        "e_des,e_bf,e_idea,e_des3,e_camellia,"+ -
-        "e_rc4,e_aes,names,e_seed,"+ -
-        "e_xcbc_d,e_rc2,e_cast,e_rc5"
-$ LIB_EVP_2 = "m_null,m_md2,m_md4,m_md5,m_sha,m_sha1,m_wp," + -
-        "m_dss,m_dss1,m_mdc2,m_ripemd,m_ecdsa,"+ -
-        "p_open,p_seal,p_sign,p_verify,p_lib,p_enc,p_dec,"+ -
-        "bio_md,bio_b64,bio_enc,evp_err,e_null,"+ -
-        "c_all,c_allc,c_alld,evp_lib,bio_ok,"+-
-        "evp_pkey,evp_pbe,p5_crpt,p5_crpt2"
-$ LIB_EVP_3 = "e_old,pmeth_lib,pmeth_fn,pmeth_gn,m_sigver,evp_fips,"+ -
-        "e_aes_cbc_hmac_sha1,e_rc4_hmac_md5"
-$ LIB_ASN1 = "a_object,a_bitstr,a_utctm,a_gentm,a_time,a_int,a_octet,"+ -
-        "a_print,a_type,a_set,a_dup,a_d2i_fp,a_i2d_fp,"+ -
-        "a_enum,a_utf8,a_sign,a_digest,a_verify,a_mbstr,a_strex,"+ -
-        "x_algor,x_val,x_pubkey,x_sig,x_req,x_attrib,x_bignum,"+ -
-        "x_long,x_name,x_x509,x_x509a,x_crl,x_info,x_spki,nsseq,"+ -
-        "x_nx509,d2i_pu,d2i_pr,i2d_pu,i2d_pr"
-$ LIB_ASN1_2 = "t_req,t_x509,t_x509a,t_crl,t_pkey,t_spki,t_bitst,"+ -
-        "tasn_new,tasn_fre,tasn_enc,tasn_dec,tasn_utl,tasn_typ,"+ -
-        "tasn_prn,ameth_lib,"+ -
-        "f_int,f_string,n_pkey,"+ -
-        "f_enum,x_pkey,a_bool,x_exten,bio_asn1,bio_ndef,asn_mime,"+ -
-        "asn1_gen,asn1_par,asn1_lib,asn1_err,a_bytes,a_strnid,"+ -
-        "evp_asn1,asn_pack,p5_pbe,p5_pbev2,p8_pkey,asn_moid"
-$ LIB_PEM = "pem_sign,pem_seal,pem_info,pem_lib,pem_all,pem_err,"+ -
-        "pem_x509,pem_xaux,pem_oth,pem_pk8,pem_pkey,pvkfmt"
-$ LIB_X509 = "x509_def,x509_d2,x509_r2x,x509_cmp,"+ -
-        "x509_obj,x509_req,x509spki,x509_vfy,"+ -
-        "x509_set,x509cset,x509rset,x509_err,"+ -
-        "x509name,x509_v3,x509_ext,x509_att,"+ -
-        "x509type,x509_lu,x_all,x509_txt,"+ -
-        "x509_trs,by_file,by_dir,x509_vpm"
-$ LIB_X509V3 = "v3_bcons,v3_bitst,v3_conf,v3_extku,v3_ia5,v3_lib,"+ -
-        "v3_prn,v3_utl,v3err,v3_genn,v3_alt,v3_skey,v3_akey,v3_pku,"+ -
-        "v3_int,v3_enum,v3_sxnet,v3_cpols,v3_crld,v3_purp,v3_info,"+ -
-        "v3_ocsp,v3_akeya,v3_pmaps,v3_pcons,v3_ncons,v3_pcia,v3_pci,"+ -
-        "pcy_cache,pcy_node,pcy_data,pcy_map,pcy_tree,pcy_lib,"+ -
-        "v3_asid,v3_addr"
-$ LIB_CONF = "conf_err,conf_lib,conf_api,conf_def,conf_mod,conf_mall,conf_sap"
-$ LIB_TXT_DB = "txt_db"
-$ LIB_PKCS7 = "pk7_asn1,pk7_lib,pkcs7err,pk7_doit,pk7_smime,pk7_attr,"+ -
-        "pk7_mime,bio_pk7"
-$ LIB_PKCS12 = "p12_add,p12_asn,p12_attr,p12_crpt,p12_crt,p12_decr,"+ -
-        "p12_init,p12_key,p12_kiss,p12_mutl,"+ -
-        "p12_utl,p12_npas,pk12err,p12_p8d,p12_p8e"
-$ LIB_COMP = "comp_lib,comp_err,"+ -
-        "c_rle,c_zlib"
-$ LIB_OCSP = "ocsp_asn,ocsp_ext,ocsp_ht,ocsp_lib,ocsp_cl,"+ -
-        "ocsp_srv,ocsp_prn,ocsp_vfy,ocsp_err"
-$ LIB_UI_COMPAT = ",ui_compat"
-$ LIB_UI = "ui_err,ui_lib,ui_openssl,ui_util"+LIB_UI_COMPAT
-$ LIB_KRB5 = "krb5_asn"
-$ LIB_CMS = "cms_lib,cms_asn1,cms_att,cms_io,cms_smime,cms_err,"+ -
-        "cms_sd,cms_dd,cms_cd,cms_env,cms_enc,cms_ess,"+ -
-        "cms_pwri"
-$ LIB_PQUEUE = "pqueue"
-$ LIB_TS = "ts_err,ts_req_utils,ts_req_print,ts_rsp_utils,ts_rsp_print,"+ -
-        "ts_rsp_sign,ts_rsp_verify,ts_verify_ctx,ts_lib,ts_conf,"+ -
-        "ts_asn1"
-$ LIB_JPAKE = "jpake,jpake_err"
-$ LIB_SRP = "srp_lib,srp_vfy"
-$ LIB_STORE = "str_err,str_lib,str_meth,str_mem"
-$ LIB_CMAC = "cmac,cm_ameth.c,cm_pmeth"
-$!
-$! Setup exceptional compilations
-$!
-$ CC3_SHOWN = 0
-$ CC4_SHOWN = 0
-$ CC5_SHOWN = 0
-$ CC6_SHOWN = 0
-$!
-$! The following lists must have leading and trailing commas, and no
-$! embedded spaces.  (They are scanned for ",name,".)
-$!
-$ ! Add definitions for no threads on OpenVMS 7.1 and higher.
-$ COMPILEWITH_CC3 = ",bss_rtcp,"
-$ ! Disable the DOLLARID warning.  Not needed with /STANDARD=RELAXED.
-$ COMPILEWITH_CC4 = "" !!! ",a_utctm,bss_log,o_time,o_dir,"
-$ ! Disable disjoint optimization on VAX with DECC.
-$ COMPILEWITH_CC5 = ",md2_dgst,md4_dgst,md5_dgst,mdc2dgst," + -
-                    "seed,sha_dgst,sha1dgst,rmd_dgst,bf_enc,"
-$ ! Disable the MIXLINKAGE warning.
-$ COMPILEWITH_CC6 = "" !!! ",enc_read,set_key,"
-$!
-$! Figure Out What Other Modules We Are To Build.
-$!
-$ BUILD_SET:
-$!
-$! Define A Module Counter.
-$!
-$ MODULE_COUNTER = 0
-$!
-$! Top Of The Loop.
-$!
-$ MODULE_NEXT:
-$!
-$! Extract The Module Name From The Encryption List.
-$!
-$ MODULE_NAME = F$ELEMENT(MODULE_COUNTER,",",ENCRYPT_TYPES)
-$ IF MODULE_NAME.EQS."Basic" THEN MODULE_NAME = ""
-$ MODULE_NAME1 = MODULE_NAME
-$!
-$! Check To See If We Are At The End Of The Module List.
-$!
-$ IF (MODULE_NAME.EQS.",") 
-$ THEN 
-$!
-$!  We Are At The End Of The Module List, Go To MODULE_DONE.
-$!
-$   GOTO MODULE_DONE
-$!
-$! End The Module List Check.
-$!
-$ ENDIF
-$!
-$! Increment The Moudle Counter.
-$!
-$ MODULE_COUNTER = MODULE_COUNTER + 1
-$!
-$! Create The Library and Apps Module Names.
-$!
-$ LIB_MODULE = "LIB_" + MODULE_NAME
-$ APPS_MODULE = "APPS_" + MODULE_NAME
-$ IF (F$EXTRACT(0,5,MODULE_NAME).EQS."ASN1_")
-$ THEN
-$   MODULE_NAME = "ASN1"
-$ ENDIF
-$ IF (F$EXTRACT(0,4,MODULE_NAME).EQS."EVP_")
-$ THEN
-$   MODULE_NAME = "EVP"
-$ ENDIF
-$!
-$! Set state (can be LIB and APPS)
-$!
-$ STATE = "LIB"
-$ IF BUILDALL .EQS. "APPS" THEN STATE = "APPS"
-$!
-$! Check if the library module name actually is defined
-$!
-$ IF F$TYPE('LIB_MODULE') .EQS. ""
-$ THEN
-$   WRITE SYS$ERROR ""
-$   WRITE SYS$ERROR "The module ",MODULE_NAME1," does not exist.  Continuing..."
-$   WRITE SYS$ERROR ""
-$   GOTO MODULE_NEXT
-$ ENDIF
-$!
-$! Top Of The Module Loop.
-$!
-$ MODULE_AGAIN:
-$!
-$! Tell The User What Module We Are Building.
-$!
-$ IF (MODULE_NAME1.NES."") 
-$ THEN
-$   IF STATE .EQS. "LIB"
-$   THEN
-$     WRITE SYS$OUTPUT "Compiling The ",MODULE_NAME1," Library Files. (",BUILDALL,",",STATE,")"
-$   ELSE IF F$TYPE('APPS_MODULE') .NES. ""
-$     THEN
-$       WRITE SYS$OUTPUT "Compiling The ",MODULE_NAME1," Applications. (",BUILDALL,",",STATE,")"
-$     ENDIF
-$   ENDIF
-$ ENDIF
-$!
-$!  Define A File Counter And Set It To "0".
-$!
-$ FILE_COUNTER = 0
-$ APPLICATION = ""
-$ APPLICATION_COUNTER = 0
-$!
-$! Top Of The File Loop.
-$!
-$ NEXT_FILE:
-$!
-$! Look in the LIB_MODULE is we're in state LIB
-$!
-$ IF STATE .EQS. "LIB"
-$ THEN
-$!
-$!   O.K, Extract The File Name From The File List.
-$!
-$   FILE_NAME = F$ELEMENT(FILE_COUNTER,",",'LIB_MODULE')
-$!
-$!   else
-$!
-$ ELSE
-$   FILE_NAME = ","
-$!
-$   IF F$TYPE('APPS_MODULE') .NES. ""
-$   THEN
-$!
-$!     Extract The File Name From The File List.
-$!     This part is a bit more complicated.
-$!
-$     IF APPLICATION .EQS. ""
-$     THEN
-$       APPLICATION = F$ELEMENT(APPLICATION_COUNTER,";",'APPS_MODULE')
-$       APPLICATION_COUNTER = APPLICATION_COUNTER + 1
-$       APPLICATION_OBJECTS = F$ELEMENT(1,"/",APPLICATION)
-$       APPLICATION = F$ELEMENT(0,"/",APPLICATION)
-$       FILE_COUNTER = 0
-$     ENDIF
-$
-$!     WRITE SYS$OUTPUT "DEBUG: SHOW SYMBOL APPLICATION*"
-$!     SHOW SYMBOL APPLICATION*
-$!
-$     IF APPLICATION .NES. ";"
-$     THEN
-$       FILE_NAME = F$ELEMENT(FILE_COUNTER,",",APPLICATION_OBJECTS)
-$       IF FILE_NAME .EQS. ","
-$       THEN
-$         APPLICATION = ""
-$         GOTO NEXT_FILE
-$       ENDIF
-$     ENDIF
-$   ENDIF
-$ ENDIF
-$!
-$! Check To See If We Are At The End Of The File List.
-$!
-$ IF (FILE_NAME.EQS.",") 
-$ THEN 
-$!
-$!  We Are At The End Of The File List, Change State Or Goto FILE_DONE.
-$!
-$   IF STATE .EQS. "LIB" .AND. BUILDALL .NES. "LIBRARY"
-$   THEN
-$     STATE = "APPS"
-$     GOTO MODULE_AGAIN
-$   ELSE
-$     GOTO FILE_DONE
-$   ENDIF
-$!
-$! End The File List Check.
-$!
-$ ENDIF
-$!
-$! Increment The Counter.
-$!
-$ FILE_COUNTER = FILE_COUNTER + 1
-$!
-$! Create The Source File Name.
-$!
-$ TMP_FILE_NAME = F$ELEMENT(1,"]",FILE_NAME)
-$ IF TMP_FILE_NAME .EQS. "]" THEN TMP_FILE_NAME = FILE_NAME
-$ IF F$ELEMENT(0,".",TMP_FILE_NAME) .EQS. TMP_FILE_NAME THEN -
-        FILE_NAME = FILE_NAME + ".c"
-$ IF (MODULE_NAME.NES."")
-$ THEN
-$   SOURCE_FILE = "SYS$DISK:[." + MODULE_NAME+ "]" + FILE_NAME
-$ ELSE
-$   SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME
-$ ENDIF
-$ SOURCE_FILE = SOURCE_FILE - "]["
-$!
-$! Create The Object File Name.
-$!
-$ OBJECT_FILE = OBJ_DIR + F$PARSE(FILE_NAME,,,"NAME","SYNTAX_ONLY") + ".OBJ"
-$ ON WARNING THEN GOTO NEXT_FILE
-$!
-$! Check To See If The File We Want To Compile Is Actually There.
-$!
-$ IF (F$SEARCH(SOURCE_FILE).EQS."")
-$ THEN
-$!
-$!  Tell The User That The File Doesn't Exist.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Doesn't Exist."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Exit The Build.
-$!
-$   GOTO EXIT
-$!
-$! End The File Exist Check.
-$!
-$ ENDIF
-$!
-$! Tell The User We Are Compiling The File.
-$!
-$ IF (MODULE_NAME.EQS."")
-$ THEN
-$   WRITE SYS$OUTPUT "Compiling The ",FILE_NAME," File.  (",BUILDALL,",",STATE,")"
-$ ENDIF
-$ IF (MODULE_NAME.NES."")
-$ THEN 
-$   WRITE SYS$OUTPUT "        ",FILE_NAME,""
-$ ENDIF
-$!
-$! Compile The File.
-$!
-$ ON ERROR THEN GOTO NEXT_FILE
-$ FILE_NAME0 = ","+ F$ELEMENT(0,".",FILE_NAME)+ ","
-$ IF FILE_NAME - ".mar" .NES. FILE_NAME
-$ THEN
-$   MACRO/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
-$ ELSE
-$   IF COMPILEWITH_CC3 - FILE_NAME0 .NES. COMPILEWITH_CC3
-$   THEN
-$     write sys$output "        \Using special rule (3)"
-$     if (.not. CC3_SHOWN)
-$     then
-$       CC3_SHOWN = 1
-$       x = "    "+ CC3
-$       write /symbol sys$output x
-$     endif
-$     CC3/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
-$   ELSE
-$     IF COMPILEWITH_CC4 - FILE_NAME0 .NES. COMPILEWITH_CC4
-$     THEN
-$       write /symbol sys$output "        \Using special rule (4)"
-$       if (.not. CC4_SHOWN)
-$       then
-$         CC4_SHOWN = 1
-$         x = "    "+ CC4
-$         write /symbol sys$output x
-$       endif
-$       CC4/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
-$     ELSE
-$       IF CC5_DIFFERENT .AND. -
-         (COMPILEWITH_CC5 - FILE_NAME0 .NES. COMPILEWITH_CC5)
-$       THEN
-$         write sys$output "        \Using special rule (5)"
-$         if (.not. CC5_SHOWN)
-$         then
-$           CC5_SHOWN = 1
-$           x = "    "+ CC5
-$           write /symbol sys$output x
-$         endif
-$         CC5/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
-$       ELSE
-$         IF COMPILEWITH_CC6 - FILE_NAME0 .NES. COMPILEWITH_CC6
-$         THEN
-$           write sys$output "        \Using special rule (6)"
-$           if (.not. CC6_SHOWN)
-$           then
-$             CC6_SHOWN = 1
-$             x = "    "+ CC6
-$             write /symbol sys$output x
-$           endif
-$           CC6/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
-$         ELSE
-$           CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
-$         ENDIF
-$       ENDIF
-$     ENDIF
-$   ENDIF
-$ ENDIF
-$ IF STATE .EQS. "LIB"
-$ THEN 
-$!
-$!   Add It To The Library.
-$!
-$   LIBRARY/REPLACE 'LIB_NAME' 'OBJECT_FILE'
-$!
-$!   Time To Clean Up The Object File.
-$!
-$   DELETE 'OBJECT_FILE';*
-$ ENDIF
-$!
-$! Go Back And Do It Again.
-$!
-$ GOTO NEXT_FILE
-$!
-$! All Done With This Library Part.
-$!
-$ FILE_DONE:
-$!
-$! Time To Build Some Applications
-$!
-$ IF F$TYPE('APPS_MODULE') .NES. "" .AND. BUILDALL .NES. "LIBRARY"
-$ THEN
-$   APPLICATION_COUNTER = 0
-$ NEXT_APPLICATION:
-$   APPLICATION = F$ELEMENT(APPLICATION_COUNTER,";",'APPS_MODULE')
-$   IF APPLICATION .EQS. ";" THEN GOTO APPLICATION_DONE
-$
-$   APPLICATION_COUNTER = APPLICATION_COUNTER + 1
-$   APPLICATION_OBJECTS = F$ELEMENT(1,"/",APPLICATION)
-$   APPLICATION = F$ELEMENT(0,"/",APPLICATION)
-$
-$!   WRITE SYS$OUTPUT "DEBUG: SHOW SYMBOL APPLICATION*"
-$!   SHOW SYMBOL APPLICATION*
-$!
-$! Tell the user what happens
-$!
-$   WRITE SYS$OUTPUT "        ",APPLICATION,".exe"
-$!
-$! Link The Program.
-$!
-$   ON ERROR THEN GOTO NEXT_APPLICATION
-$!
-$!  Link With A TCP/IP Library.
-$!
-$   LINK /'DEBUGGER' /'LINKMAP' /'TRACEBACK' -
-     /EXE='EXE_DIR''APPLICATION'.EXE -
-     'OBJ_DIR''APPLICATION_OBJECTS', -
-     'CRYPTO_LIB'/LIBRARY -
-     'TCPIP_LIB' -
-     'ZLIB_LIB' -
-     ,'OPT_FILE' /OPTIONS
-$!
-$   GOTO NEXT_APPLICATION
-$  APPLICATION_DONE:
-$ ENDIF
-$!
-$! Go Back And Get The Next Module.
-$!
-$ GOTO MODULE_NEXT
-$!
-$! All Done With This Module.
-$!
-$ MODULE_DONE:
-$!
-$! Tell The User That We Are All Done.
-$!
-$ WRITE SYS$OUTPUT "All Done..."
-$ EXIT:
-$ GOSUB CLEANUP
-$ EXIT
-$!
-$! Check For The Link Option FIle.
-$!
-$ CHECK_OPT_FILE:
-$!
-$! Check To See If We Need To Make A VAX C Option File.
-$!
-$ IF (COMPILER.EQS."VAXC")
-$ THEN
-$!
-$!  Check To See If We Already Have A VAX C Linker Option File.
-$!
-$   IF (F$SEARCH(OPT_FILE).EQS."")
-$   THEN
-$!
-$!    We Need A VAX C Linker Option File.
-$!
-$     CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File To Link Against 
-! The Sharable VAX C Runtime Library.
-!
-SYS$SHARE:VAXCRTL.EXE/SHARE
-$EOD
-$!
-$!  End The Option File Check.
-$!
-$   ENDIF
-$!
-$! End The VAXC Check.
-$!
-$ ENDIF
-$!
-$! Check To See If We Need A GNU C Option File.
-$!
-$ IF (COMPILER.EQS."GNUC")
-$ THEN
-$!
-$!  Check To See If We Already Have A GNU C Linker Option File.
-$!
-$   IF (F$SEARCH(OPT_FILE).EQS."")
-$   THEN
-$!
-$!    We Need A GNU C Linker Option File.
-$!
-$     CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File To Link Against 
-! The Sharable C Runtime Library.
-!
-GNU_CC:[000000]GCCLIB/LIBRARY
-SYS$SHARE:VAXCRTL/SHARE
-$EOD
-$!
-$!  End The Option File Check.
-$!
-$   ENDIF
-$!
-$! End The GNU C Check.
-$!
-$ ENDIF
-$!
-$! Check To See If We Need A DEC C Option File.
-$!
-$ IF (COMPILER.EQS."DECC")
-$ THEN
-$!
-$!  Check To See If We Already Have A DEC C Linker Option File.
-$!
-$   IF (F$SEARCH(OPT_FILE).EQS."")
-$   THEN
-$!
-$!    Figure Out If We Need A non-VAX Or A VAX Linker Option File.
-$!
-$     IF ARCH .EQS. "VAX"
-$     THEN
-$!
-$!      We Need A DEC C Linker Option File For VAX.
-$!
-$       CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File To Link Against 
-! The Sharable DEC C Runtime Library.
-!
-SYS$SHARE:DECC$SHR.EXE/SHARE
-$EOD
-$!
-$!    Else...
-$!
-$     ELSE
-$!
-$!      Create The non-VAX Linker Option File.
-$!
-$       CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File For non-VAX To Link Against 
-! The Sharable C Runtime Library.
-!
-SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
-SYS$SHARE:CMA$OPEN_RTL/SHARE
-$EOD
-$!
-$!    End The DEC C Option File Check.
-$!
-$     ENDIF
-$!
-$!  End The Option File Search.
-$!
-$   ENDIF
-$!
-$! End The DEC C Check.
-$!
-$ ENDIF
-$!
-$!  Tell The User What Linker Option File We Are Using.
-$!
-$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"."
-$!
-$! Time To RETURN.
-$!
-$ RETURN
-$!
-$! Check The User's Options.
-$!
-$ CHECK_OPTIONS:
-$!
-$! Check To See If P1 Is Blank.
-$!
-$ IF (P1.EQS."ALL")
-$ THEN
-$!
-$!   P1 Is Blank, So Build Everything.
-$!
-$    BUILDALL = "TRUE"
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$!  Else, Check To See If P1 Has A Valid Argument.
-$!
-$   IF (P1.EQS."LIBRARY").OR.(P1.EQS."APPS")
-$   THEN
-$!
-$!    A Valid Argument.
-$!
-$     BUILDALL = P1
-$!
-$!  Else...
-$!
-$   ELSE
-$!
-$!    Tell The User We Don't Know What They Want.
-$!
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "The Option ",P1," Is Invalid.  The Valid Options Are:"
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "    ALL      :  Just Build Everything."
-$     WRITE SYS$OUTPUT "    LIBRARY  :  To Compile Just The [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library."
-$     WRITE SYS$OUTPUT "    APPS     :  To Compile Just The [.xxx.EXE.CRYPTO]*.EXE Programs."
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT " Where 'xxx' Stands For:"
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "    ALPHA[64]:  Alpha Architecture."
-$     WRITE SYS$OUTPUT "    IA64[64] :  IA64 Architecture."
-$     WRITE SYS$OUTPUT "    VAX      :  VAX Architecture."
-$     WRITE SYS$OUTPUT ""
-$!
-$!    Time To EXIT.
-$!
-$     EXIT
-$!
-$!  End The Valid Argument Check.
-$!
-$   ENDIF
-$!
-$! End The P1 Check.
-$!
-$ ENDIF
-$!
-$! Check To See If P2 Is Blank.
-$!
-$ IF (P2.EQS."NODEBUG")
-$ THEN
-$!
-$!  P2 Is NODEBUG, So Compile Without The Debugger Information.
-$!
-$   DEBUGGER = "NODEBUG"
-$   LINKMAP = "NOMAP"
-$   TRACEBACK = "NOTRACEBACK" 
-$   GCC_OPTIMIZE = "OPTIMIZE"
-$   CC_OPTIMIZE = "OPTIMIZE"
-$   MACRO_OPTIMIZE = "OPTIMIZE"
-$   WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
-$   WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
-$ ELSE
-$!
-$!  Check To See If We Are To Compile With Debugger Information.
-$!
-$   IF (P2.EQS."DEBUG")
-$   THEN
-$!
-$!    Compile With Debugger Information.
-$!
-$     DEBUGGER = "DEBUG"
-$     LINKMAP = "MAP"
-$     TRACEBACK = "TRACEBACK"
-$     GCC_OPTIMIZE = "NOOPTIMIZE"
-$     CC_OPTIMIZE = "NOOPTIMIZE"
-$     MACRO_OPTIMIZE = "NOOPTIMIZE"
-$     WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile."
-$     WRITE SYS$OUTPUT "Compiling Without Compiler Optimization."
-$   ELSE 
-$!
-$!    They Entered An Invalid Option.
-$!
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "The Option ",P2," Is Invalid.  The Valid Options Are:"
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "     DEBUG   :  Compile With The Debugger Information."
-$     WRITE SYS$OUTPUT "     NODEBUG :  Compile Without The Debugger Information."
-$     WRITE SYS$OUTPUT ""
-$!
-$!    Time To EXIT.
-$!
-$     EXIT
-$!
-$!  End The Valid Argument Check.
-$!
-$   ENDIF
-$!
-$! End The P2 Check.
-$!
-$ ENDIF
-$!
-$! Special Threads For OpenVMS v7.1 Or Later
-$!
-$! Written By:  Richard Levitte
-$!              richard@levitte.org
-$!
-$!
-$! Check To See If We Have A Option For P5.
-$!
-$ IF (P5.EQS."")
-$ THEN
-$!
-$!  Get The Version Of VMS We Are Using.
-$!
-$   ISSEVEN :=
-$   TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION")))
-$   TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP))
-$!
-$!  Check To See If The VMS Version Is v7.1 Or Later.
-$!
-$   IF (TMP.GE.71)
-$   THEN
-$!
-$!    We Have OpenVMS v7.1 Or Later, So Use The Special Threads.
-$!
-$     ISSEVEN := ,PTHREAD_USE_D4
-$!
-$!  End The VMS Version Check.
-$!
-$   ENDIF
-$!
-$! End The P5 Check.
-$!
-$ ENDIF
-$!
-$! Check P7 (POINTER_SIZE).
-$!
-$ IF (P7 .NES. "") .AND. (ARCH .NES. "VAX")
-$ THEN
-$!
-$   IF (P7 .EQS. "32")
-$   THEN
-$     POINTER_SIZE = " /POINTER_SIZE=32"
-$   ELSE
-$     POINTER_SIZE = F$EDIT( P7, "COLLAPSE, UPCASE")
-$     IF ((POINTER_SIZE .EQS. "64") .OR. -
-       (POINTER_SIZE .EQS. "64=") .OR. -
-       (POINTER_SIZE .EQS. "64=ARGV"))
-$     THEN
-$       ARCHD = ARCH+ "_64"
-$       LIB32 = ""
-$       POINTER_SIZE = " /POINTER_SIZE=64"
-$     ELSE
-$!
-$!      Tell The User Entered An Invalid Option.
-$!
-$       WRITE SYS$OUTPUT ""
-$       WRITE SYS$OUTPUT "The Option ", P7, -
-         " Is Invalid.  The Valid Options Are:"
-$       WRITE SYS$OUTPUT ""
-$       WRITE SYS$OUTPUT -
-         "    """"       :  Compile with default (short) pointers."
-$       WRITE SYS$OUTPUT -
-         "    32       :  Compile with 32-bit (short) pointers."
-$       WRITE SYS$OUTPUT -
-         "    64       :  Compile with 64-bit (long) pointers (auto ARGV)."
-$       WRITE SYS$OUTPUT -
-         "    64=      :  Compile with 64-bit (long) pointers (no ARGV)."
-$       WRITE SYS$OUTPUT -
-         "    64=ARGV  :  Compile with 64-bit (long) pointers (ARGV)."
-$       WRITE SYS$OUTPUT ""
-$! 
-$!      Time To EXIT.
-$!
-$       EXIT
-$!
-$     ENDIF
-$!
-$   ENDIF
-$!
-$! End The P7 (POINTER_SIZE) Check.
-$!
-$ ENDIF
-$!
-$! Set basic C compiler /INCLUDE directories.
-$!
-$ CC_INCLUDES = "SYS$DISK:[.''ARCHD'],SYS$DISK:[],SYS$DISK:[-],"+ -
-   "SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.MODES],SYS$DISK:[.ASN1],SYS$DISK:[.EVP]"
-$!
-$! Check To See If P3 Is Blank.
-$!
-$ IF (P3.EQS."")
-$ THEN
-$!
-$!  O.K., The User Didn't Specify A Compiler, Let's Try To
-$!  Find Out Which One To Use.
-$!
-$!  Check To See If We Have GNU C.
-$!
-$   IF (F$TRNLNM("GNU_CC").NES."")
-$   THEN
-$!
-$!    Looks Like GNUC, Set To Use GNUC.
-$!
-$     P3 = "GNUC"
-$!
-$!  Else...
-$!
-$   ELSE
-$!
-$!    Check To See If We Have VAXC Or DECC.
-$!
-$     IF (ARCH.NES."VAX").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
-$     THEN 
-$!
-$!      Looks Like DECC, Set To Use DECC.
-$!
-$       P3 = "DECC"
-$!
-$!    Else...
-$!
-$     ELSE
-$!
-$!      Looks Like VAXC, Set To Use VAXC.
-$!
-$       P3 = "VAXC"
-$!
-$!    End The VAXC Compiler Check.
-$!
-$     ENDIF
-$!
-$!  End The DECC & VAXC Compiler Check.
-$!
-$   ENDIF
-$!
-$!  End The Compiler Check.
-$!
-$ ENDIF
-$!
-$! Check To See If We Have A Option For P4.
-$!
-$ IF (P4.EQS."")
-$ THEN
-$!
-$!  Find out what socket library we have available
-$!
-$   IF F$PARSE("SOCKETSHR:") .NES. ""
-$   THEN
-$!
-$!    We have SOCKETSHR, and it is my opinion that it's the best to use.
-$!
-$     P4 = "SOCKETSHR"
-$!
-$!    Tell the user
-$!
-$     WRITE SYS$OUTPUT "Using SOCKETSHR for TCP/IP"
-$!
-$!    Else, let's look for something else
-$!
-$   ELSE
-$!
-$!    Like UCX (the reason to do this before Multinet is that the UCX
-$!    emulation is easier to use...)
-$!
-$     IF F$TRNLNM("UCX$IPC_SHR") .NES. "" -
-         .OR. F$PARSE("SYS$SHARE:UCX$IPC_SHR.EXE") .NES. "" -
-         .OR. F$PARSE("SYS$LIBRARY:UCX$IPC.OLB") .NES. ""
-$     THEN
-$!
-$!      Last resort: a UCX or UCX-compatible library
-$!
-$       P4 = "UCX"
-$!
-$!      Tell the user
-$!
-$       WRITE SYS$OUTPUT "Using UCX or an emulation thereof for TCP/IP"
-$!
-$!      That was all...
-$!
-$     ENDIF
-$   ENDIF
-$ ENDIF
-$!
-$! Set Up Initial CC Definitions, Possibly With User Ones
-$!
-$ CCDEFS = "TCPIP_TYPE_''P4',DSO_VMS"
-$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
-$ CCEXTRAFLAGS = ""
-$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = "" !!! "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
-$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
-        CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
-$!
-$! Check To See If We Have A ZLIB Option.
-$!
-$ ZLIB = P8
-$ IF (ZLIB .NES. "")
-$ THEN
-$!
-$!  Check for expected ZLIB files.
-$!
-$   err = 0
-$   file1 = f$parse( "zlib.h", ZLIB, , , "SYNTAX_ONLY")
-$   if (f$search( file1) .eqs. "")
-$   then
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid."
-$     WRITE SYS$OUTPUT "    Can't find header: ''file1'"
-$     err = 1
-$   endif
-$   file1 = f$parse( "A.;", ZLIB)- "A.;"
-$!
-$   file2 = f$parse( ZLIB, "libz.olb", , , "SYNTAX_ONLY")
-$   if (f$search( file2) .eqs. "")
-$   then
-$     if (err .eq. 0)
-$     then
-$       WRITE SYS$OUTPUT ""
-$       WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid."
-$     endif
-$     WRITE SYS$OUTPUT "    Can't find library: ''file2'"
-$     WRITE SYS$OUTPUT ""
-$     err = err+ 2
-$   endif
-$   if (err .eq. 1)
-$   then
-$     WRITE SYS$OUTPUT ""
-$   endif
-$!
-$   if (err .ne. 0)
-$   then
-$     EXIT
-$   endif
-$!
-$   CCDEFS = """ZLIB=1"", "+ CCDEFS
-$   CC_INCLUDES = CC_INCLUDES+ ", "+ file1
-$   ZLIB_LIB = ", ''file2' /library"
-$!
-$!  Print info
-$!
-$   WRITE SYS$OUTPUT "ZLIB library spec: ", file2
-$!
-$! End The ZLIB Check.
-$!
-$ ENDIF
-$!
-$!  Check To See If The User Entered A Valid Parameter.
-$!
-$ IF (P3.EQS."VAXC").OR.(P3.EQS."DECC").OR.(P3.EQS."GNUC")
-$ THEN
-$!
-$!    Check To See If The User Wanted DECC.
-$!
-$   IF (P3.EQS."DECC")
-$   THEN
-$!
-$!    Looks Like DECC, Set To Use DECC.
-$!
-$     COMPILER = "DECC"
-$!
-$!    Tell The User We Are Using DECC.
-$!
-$     WRITE SYS$OUTPUT "Using DECC 'C' Compiler."
-$!
-$!    Use DECC...
-$!
-$     CC = "CC"
-$     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
-         THEN CC = "CC/DECC"
-$     CC = CC + " /''CC_OPTIMIZE' /''DEBUGGER' /STANDARD=RELAXED"+ -
-       "''POINTER_SIZE' /NOLIST /PREFIX=ALL" + -
-       " /INCLUDE=(''CC_INCLUDES')"+ -
-       CCEXTRAFLAGS
-$!
-$!    Define The Linker Options File Name.
-$!
-$     OPT_FILE = "VAX_DECC_OPTIONS.OPT"
-$!
-$!  End DECC Check.
-$!
-$   ENDIF
-$!
-$!  Check To See If We Are To Use VAXC.
-$!
-$   IF (P3.EQS."VAXC")
-$   THEN
-$!
-$!    Looks Like VAXC, Set To Use VAXC.
-$!
-$     COMPILER = "VAXC"
-$!
-$!    Tell The User We Are Using VAX C.
-$!
-$     WRITE SYS$OUTPUT "Using VAXC 'C' Compiler."
-$!
-$!    Compile Using VAXC.
-$!
-$     CC = "CC"
-$     IF ARCH.NES."VAX"
-$     THEN
-$       WRITE SYS$OUTPUT "There is no VAX C on ''ARCH'!"
-$       EXIT
-$     ENDIF
-$     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
-$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-       "/INCLUDE=(''CC_INCLUDES')"+ -
-           CCEXTRAFLAGS
-$     CCDEFS = """VAXC""," + CCDEFS
-$!
-$!    Define <sys> As SYS$COMMON:[SYSLIB]
-$!
-$     DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
-$!
-$!    Define The Linker Options File Name.
-$!
-$     OPT_FILE = "VAX_VAXC_OPTIONS.OPT"
-$!
-$!  End VAXC Check
-$!
-$   ENDIF
-$!
-$!  Check To See If We Are To Use GNU C.
-$!
-$   IF (P3.EQS."GNUC")
-$   THEN
-$!
-$!    Looks Like GNUC, Set To Use GNUC.
-$!
-$     COMPILER = "GNUC"
-$!
-$!    Tell The User We Are Using GNUC.
-$!
-$     WRITE SYS$OUTPUT "Using GNU 'C' Compiler."
-$!
-$!    Use GNU C...
-$!
-$     CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-       "/INCLUDE=(''CC_INCLUDES')"+ -
-           CCEXTRAFLAGS
-$!
-$!    Define The Linker Options File Name.
-$!
-$     OPT_FILE = "VAX_GNUC_OPTIONS.OPT"
-$!
-$!  End The GNU C Check.
-$!
-$   ENDIF
-$!
-$!  Set up default defines
-$!
-$   CCDEFS = """FLAT_INC=1""," + CCDEFS
-$!
-$!  Finish up the definition of CC.
-$!
-$   IF COMPILER .EQS. "DECC"
-$   THEN
-$     IF CCDISABLEWARNINGS .EQS. ""
-$     THEN
-$       CC4DISABLEWARNINGS = "DOLLARID"
-$       CC6DISABLEWARNINGS = "MIXLINKAGE"
-$     ELSE
-$       CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID"
-$       CC6DISABLEWARNINGS = CCDISABLEWARNINGS + ",MIXLINKAGE"
-$       CCDISABLEWARNINGS = " /WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
-$     ENDIF
-$     CC4DISABLEWARNINGS = " /WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
-$     CC6DISABLEWARNINGS = " /WARNING=(DISABLE=(" + CC6DISABLEWARNINGS + "))"
-$   ELSE
-$     CCDISABLEWARNINGS = ""
-$     CC4DISABLEWARNINGS = ""
-$     CC6DISABLEWARNINGS = ""
-$   ENDIF
-$   CC3 = CC + " /DEFINE=(" + CCDEFS + ISSEVEN + ")" + CCDISABLEWARNINGS
-$   CC = CC + " /DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
-$   IF ARCH .EQS. "VAX" .AND. COMPILER .EQS. "DECC" .AND. P2 .NES. "DEBUG"
-$   THEN
-$     CC5 = CC + " /OPTIMIZE=NODISJOINT"
-$     CC5_DIFFERENT = 1
-$   ELSE
-$     CC5 = CC
-$     CC5_DIFFERENT = 0
-$   ENDIF
-$   CC4 = CC - CCDISABLEWARNINGS + CC4DISABLEWARNINGS
-$   CC6 = CC - CCDISABLEWARNINGS + CC6DISABLEWARNINGS
-$!
-$!  Show user the result
-$!
-$   WRITE/SYMBOL SYS$OUTPUT "Main C Compiling Command: ",CC
-$!
-$!  Else The User Entered An Invalid Argument.
-$!
-$ ELSE
-$!
-$!  Tell The User We Don't Know What They Want.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The Option ",P3," Is Invalid.  The Valid Options Are:"
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "    VAXC  :  To Compile With VAX C."
-$   WRITE SYS$OUTPUT "    DECC  :  To Compile With DEC C."
-$   WRITE SYS$OUTPUT "    GNUC  :  To Compile With GNU C."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Time To EXIT.
-$!
-$   EXIT
-$!
-$! End The Valid Argument Check.
-$!
-$ ENDIF
-$!
-$! Build a MACRO command for the architecture at hand
-$!
-$ IF ARCH .EQS. "VAX" THEN MACRO = "MACRO/''DEBUGGER'"
-$ IF ARCH .NES. "VAX" THEN MACRO = "MACRO/MIGRATION/''DEBUGGER'/''MACRO_OPTIMIZE'"
-$!
-$!  Show user the result
-$!
-$   WRITE/SYMBOL SYS$OUTPUT "Main MACRO Compiling Command: ",MACRO
-$!
-$! Time to check the contents, and to make sure we get the correct library.
-$!
-$ IF P4.EQS."SOCKETSHR" .OR. P4.EQS."MULTINET" .OR. P4.EQS."UCX" -
-     .OR. P4.EQS."TCPIP" .OR. P4.EQS."NONE"
-$ THEN
-$!
-$!  Check to see if SOCKETSHR was chosen
-$!
-$   IF P4.EQS."SOCKETSHR"
-$   THEN
-$!
-$!    Set the library to use SOCKETSHR
-$!
-$     TCPIP_LIB = ",SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT /OPTIONS"
-$!
-$!    Done with SOCKETSHR
-$!
-$   ENDIF
-$!
-$!  Check to see if MULTINET was chosen
-$!
-$   IF P4.EQS."MULTINET"
-$   THEN
-$!
-$!    Set the library to use UCX emulation.
-$!
-$     P4 = "UCX"
-$!
-$!    Done with MULTINET
-$!
-$   ENDIF
-$!
-$!  Check to see if UCX was chosen
-$!
-$   IF P4.EQS."UCX"
-$   THEN
-$!
-$!    Set the library to use UCX.
-$!
-$     TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT /OPTIONS"
-$     IF F$TRNLNM("UCX$IPC_SHR") .NES. ""
-$     THEN
-$       TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT /OPTIONS"
-$     ELSE
-$       IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN -
-          TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT /OPTIONS"
-$     ENDIF
-$!
-$!    Done with UCX
-$!
-$   ENDIF
-$!
-$!  Check to see if TCPIP was chosen
-$!
-$   IF P4.EQS."TCPIP"
-$   THEN
-$!
-$!    Set the library to use TCPIP (post UCX).
-$!
-$     TCPIP_LIB = ",SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT /OPTIONS"
-$!
-$!    Done with TCPIP
-$!
-$   ENDIF
-$!
-$!  Check to see if NONE was chosen
-$!
-$   IF P4.EQS."NONE"
-$   THEN
-$!
-$!    Do not use a TCPIP library.
-$!
-$     TCPIP_LIB = ""
-$!
-$!    Done with TCPIP
-$!
-$   ENDIF
-$!
-$!  Print info
-$!
-$   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB- ","
-$!
-$!  Else The User Entered An Invalid Argument.
-$!
-$ ELSE
-$!
-$!  Tell The User We Don't Know What They Want.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The Option ",P4," Is Invalid.  The Valid Options Are:"
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "    SOCKETSHR  :  To link with SOCKETSHR TCP/IP library."
-$   WRITE SYS$OUTPUT "    UCX        :  To link with UCX TCP/IP library."
-$   WRITE SYS$OUTPUT "    TCPIP      :  To link with TCPIP (post UCX) TCP/IP library."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Time To EXIT.
-$!
-$   EXIT
-$!
-$!  Done with TCP/IP libraries
-$!
-$ ENDIF
-$!
-$! Check if the user wanted to compile just a subset of all the encryption
-$! methods.
-$!
-$ IF P6 .NES. ""
-$ THEN
-$   ENCRYPT_TYPES = P6
-$ ENDIF
-$!
-$!  Time To RETURN...
-$!
-$ RETURN
-$!
-$ INITIALISE:
-$!
-$! Save old value of the logical name OPENSSL
-$!
-$ __SAVE_OPENSSL = F$TRNLNM("OPENSSL","LNM$PROCESS_TABLE")
-$!
-$! Save directory information
-$!
-$ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A.;"
-$ __HERE = F$EDIT(__HERE,"UPCASE")
-$ __TOP = __HERE - "CRYPTO]"
-$ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
-$!
-$! Set up the logical name OPENSSL to point at the include directory
-$!
-$ DEFINE OPENSSL/NOLOG '__INCLUDE'
-$!
-$! Done
-$!
-$ RETURN
-$!
-$ CLEANUP:
-$!
-$! Restore the logical name OPENSSL if it had a value
-$!
-$ IF __SAVE_OPENSSL .EQS. ""
-$ THEN
-$   DEASSIGN OPENSSL
-$ ELSE
-$   DEFINE/NOLOG OPENSSL '__SAVE_OPENSSL'
-$ ENDIF
-$!
-$! Done
-$!
-$ RETURN
diff --git a/src/lib/libcrypto/crypto.h b/src/lib/libcrypto/crypto.h
index 6aeda0a9ac..f92fc5182d 100644
--- a/src/lib/libcrypto/crypto.h
+++ b/src/lib/libcrypto/crypto.h
@@ -488,10 +488,10 @@ void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int),
                                     long (**go)(void));
 
 void *CRYPTO_malloc_locked(int num, const char *file, int line);
-void CRYPTO_free_locked(void *);
+void CRYPTO_free_locked(void *ptr);
 void *CRYPTO_malloc(int num, const char *file, int line);
 char *CRYPTO_strdup(const char *str, const char *file, int line);
-void CRYPTO_free(void *);
+void CRYPTO_free(void *ptr);
 void *CRYPTO_realloc(void *addr,int num, const char *file, int line);
 void *CRYPTO_realloc_clean(void *addr,int old_num,int num,const char *file,
                            int line);
@@ -574,6 +574,13 @@ void OPENSSL_init(void);
 #define fips_cipher_abort(alg) while(0)
 #endif
 
+/* CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It
+ * takes an amount of time dependent on |len|, but independent of the contents
+ * of |a| and |b|. Unlike memcmp, it cannot be used to put elements into a
+ * defined order as the return value when a != b is undefined, other than to be
+ * non-zero. */
+int CRYPTO_memcmp(const void *a, const void *b, size_t len);
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
diff --git a/src/lib/libcrypto/des/des-lib.com b/src/lib/libcrypto/des/des-lib.com
deleted file mode 100644
index 348f1c0470..0000000000
--- a/src/lib/libcrypto/des/des-lib.com
+++ /dev/null
@@ -1,1005 +0,0 @@
-$!
-$!  DES-LIB.COM
-$!  Written By:  Robert Byer
-$!               Vice-President
-$!               A-Com Computing, Inc.
-$!               byer@mail.all-net.net
-$!
-$!  Changes by Richard Levitte <richard@levitte.org>
-$!
-$!  This command files compiles and creates the 
-$!  "[.xxx.EXE.CRYPTO.DES]LIBDES.OLB" library.  The "xxx" denotes the machine 
-$!  architecture of ALPHA, IA64 or VAX.
-$!
-$!  It was re-written to try to determine which "C" compiler to try to use
-$!  or the user can specify a compiler in P3.
-$!
-$!  Specify one of the following to build just that part, specify "ALL" to
-$!  just build everything.
-$!
-$!         ALL       To Just Build "Everything".
-$!         LIBRARY   To Just Build The [.xxx.EXE.CRYPTO.DES]LIBDES.OLB Library.
-$!         DESTEST   To Just Build The [.xxx.EXE.CRYPTO.DES]DESTEST.EXE Program.
-$!         SPEED     To Just Build The [.xxx.EXE.CRYPTO.DES]SPEED.EXE Program.
-$!         RPW       To Just Build The [.xxx.EXE.CRYPTO.DES]RPW.EXE Program.
-$!         DES       To Just Build The [.xxx.EXE.CRYPTO.DES]DES.EXE Program.
-$!         DES_OPTS  To Just Build The [.xxx.EXE.CRYPTO.DES]DES_OPTS.EXE Program.
-$!
-$!  Specify either DEBUG or NODEBUG as P2 to compile with or without
-$!  debugging information.
-$!
-$!  Specify which compiler at P3 to try to compile under.
-$!
-$!         VAXC  For VAX C.
-$!         DECC  For DEC C.
-$!         GNUC  For GNU C.
-$!
-$!  If you don't speficy a compiler, it will try to determine which
-$!  "C" compiler to try to use.
-$!
-$!  P4, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
-$!
-$!
-$! Make sure we know what architecture we run on.
-$!
-$!
-$! Check Which Architecture We Are Using.
-$!
-$ IF (F$GETSYI("CPU").LT.128)
-$ THEN
-$!
-$!  The Architecture Is VAX
-$!
-$   ARCH := VAX
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$!  The Architecture Is Alpha, IA64 or whatever comes in the future.
-$!
-$   ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
-$   IF (ARCH .EQS. "") THEN ARCH = "UNK"
-$!
-$! End The Architecture Check.
-$!
-$ ENDIF
-$!
-$! Define The OBJ Directory Name.
-$!
-$ OBJ_DIR := SYS$DISK:[--.'ARCH'.OBJ.CRYPTO.DES]
-$!
-$! Define The EXE Directory Name.
-$!
-$ EXE_DIR :== SYS$DISK:[--.'ARCH'.EXE.CRYPTO.DES]
-$!
-$! Check To Make Sure We Have Valid Command Line Parameters.
-$!
-$ GOSUB CHECK_OPTIONS
-$!
-$! Tell The User What Kind of Machine We Run On.
-$!
-$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine."
-$!
-$! Check To See If The Architecture Specific OBJ Directory Exists.
-$!
-$ IF (F$PARSE(OBJ_DIR).EQS."")
-$ THEN
-$!
-$!  It Dosen't Exist, So Create It.
-$!
-$   CREATE/DIR 'OBJ_DIR'
-$!
-$! End The Architecture Specific OBJ Directory Check.
-$!
-$ ENDIF
-$!
-$! Check To See If The Architecture Specific Directory Exists.
-$!
-$ IF (F$PARSE(EXE_DIR).EQS."")
-$ THEN
-$!
-$!  It Dosen't Exist, So Create It.
-$!
-$   CREATE/DIR 'EXE_DIR'
-$!
-$! End The Architecture Specific Directory Check.
-$!
-$ ENDIF
-$!
-$! Define The Library Name.
-$!
-$ LIB_NAME := 'EXE_DIR'LIBDES.OLB
-$!
-$! Check To See What We Are To Do.
-$!
-$ IF (BUILDALL.EQS."TRUE")
-$ THEN
-$!
-$!  Since Nothing Special Was Specified, Do Everything.
-$!
-$   GOSUB LIBRARY
-$   GOSUB DESTEST
-$   GOSUB SPEED
-$   GOSUB RPW
-$   GOSUB DES
-$   GOSUB DES_OPTS
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$!    Build Just What The User Wants Us To Build.
-$!
-$     GOSUB 'BUILDALL'
-$!
-$! End The BUILDALL Check.
-$!
-$ ENDIF
-$!
-$! Time To EXIT.
-$!
-$ EXIT
-$ LIBRARY:
-$!
-$! Tell The User That We Are Compiling.
-$!
-$ WRITE SYS$OUTPUT "Compiling The ",LIB_NAME," Files."
-$!
-$! Check To See If We Already Have A "[.xxx.EXE.CRYPTO.DES]LIBDES.OLB" Library...
-$!
-$ IF (F$SEARCH(LIB_NAME).EQS."")
-$ THEN
-$!
-$! Guess Not, Create The Library.
-$!
-$   LIBRARY/CREATE/OBJECT 'LIB_NAME'
-$!
-$! End The Library Exist Check.
-$!
-$ ENDIF
-$!
-$! Define The DES Library Files.
-$!
-$ LIB_DES = "set_key,ecb_enc,cbc_enc,"+ -
-                "ecb3_enc,cfb64enc,cfb64ede,cfb_enc,ofb64ede,"+ -
-                "enc_read,enc_writ,ofb64enc,"+ -
-                "ofb_enc,str2key,pcbc_enc,qud_cksm,rand_key,"+ -
-                "des_enc,fcrypt_b,read2pwd,"+ -
-                "fcrypt,xcbc_enc,read_pwd,rpc_enc,cbc_cksm,supp"
-$!
-$!  Define A File Counter And Set It To "0".
-$!
-$ FILE_COUNTER = 0
-$!
-$! Top Of The File Loop.
-$!
-$ NEXT_FILE:
-$!
-$! O.K, Extract The File Name From The File List.
-$!
-$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",LIB_DES)
-$!
-$! Check To See If We Are At The End Of The File List.
-$!
-$ IF (FILE_NAME.EQS.",") THEN GOTO FILE_DONE
-$!
-$! Increment The Counter.
-$!
-$ FILE_COUNTER = FILE_COUNTER + 1
-$!
-$! Create The Source File Name.
-$!
-$ SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME + ".C"
-$!
-$!  Tell The User We Are Compiling The Source File.
-$!
-$ WRITE SYS$OUTPUT "    ",FILE_NAME,".C"
-$!
-$! Create The Object File Name.
-$!
-$ OBJECT_FILE = OBJ_DIR + FILE_NAME + "." + ARCH + "OBJ"
-$ ON WARNING THEN GOTO NEXT_FILE
-$!
-$! Check To See If The File We Want To Compile Actually Exists.
-$!
-$ IF (F$SEARCH(SOURCE_FILE).EQS."")
-$ THEN
-$!
-$!  Tell The User That The File Dosen't Exist.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Dosen't Exist."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Exit The Build.
-$!
-$   EXIT
-$!
-$! End The File Exists Check.
-$!
-$ ENDIF
-$!
-$! Compile The File.
-$!
-$ ON ERROR THEN GOTO NEXT_FILE
-$ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
-$!
-$! Add It To The Library.
-$!
-$ LIBRARY/REPLACE/OBJECT 'LIB_NAME' 'OBJECT_FILE'
-$!
-$! Time To Clean Up The Object File.
-$!
-$ DELETE 'OBJECT_FILE';*
-$!
-$! Go Back And Do It Again.
-$!
-$ GOTO NEXT_FILE
-$!
-$! All Done With This Library Part.
-$!
-$ FILE_DONE:
-$!
-$! Tell The User That We Are All Done.
-$!
-$ WRITE SYS$OUTPUT "Library ",LIB_NAME," Built."
-$!
-$! All Done, Time To Return.
-$!
-$ RETURN
-$!
-$!  Compile The DESTEST Program.
-$!
-$ DESTEST:
-$!
-$! Check To See If We Have The Proper Libraries.
-$!
-$ GOSUB LIB_CHECK
-$!
-$! Check To See If We Have A Linker Option File.
-$!
-$ GOSUB CHECK_OPT_FILE
-$!
-$! Check To See If The File We Want To Compile Actually Exists.
-$!
-$ IF (F$SEARCH("SYS$DISK:[]DESTEST.C").EQS."")
-$ THEN
-$!
-$!  Tell The User That The File Dosen't Exist.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The File DESTEST.C Dosen't Exist."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Exit The Build.
-$!
-$   EXIT
-$!
-$! End The DESTEST.C File Check.
-$!
-$ ENDIF
-$!
-$! Tell The User What We Are Building.
-$!
-$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"DESTEST.EXE"
-$!
-$! Compile The DESTEST Program.
-$!
-$ CC/OBJECT='OBJ_DIR'DESTEST.OBJ SYS$DISK:[]DESTEST.C
-$!
-$! Link The DESTEST Program.
-$!
-$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'DESTEST.EXE -
-      'OBJ_DIR'DESTEST.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION
-$!
-$! All Done, Time To Return.
-$!
-$ RETURN
-$!
-$!  Compile The SPEED Program.
-$!
-$ SPEED:
-$!
-$! Check To See If We Have The Proper Libraries.
-$!
-$ GOSUB LIB_CHECK
-$!
-$! Check To See If We Have A Linker Option File.
-$!
-$ GOSUB CHECK_OPT_FILE
-$!
-$! Check To See If The File We Want To Compile Actually Exists.
-$!
-$ IF (F$SEARCH("SYS$DISK:[]SPEED.C").EQS."")
-$ THEN
-$!
-$!  Tell The User That The File Dosen't Exist.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The File SPEED.C Dosen't Exist."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Exit The Build.
-$!
-$   EXIT
-$!
-$! End The SPEED.C File Check.
-$!
-$ ENDIF
-$!
-$! Tell The User What We Are Building.
-$!
-$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"SPEED.EXE"
-$!
-$! Compile The SPEED Program.
-$!
-$ CC/OBJECT='OBJ_DIR'SPEED.OBJ SYS$DISK:[]SPEED.C
-$!
-$! Link The SPEED Program.
-$!
-$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'SPEED.EXE -
-      'OBJ_DIR'SPEED.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION
-$!
-$! All Done, Time To Return.
-$!
-$ RETURN
-$!
-$!  Compile The RPW Program.
-$!
-$ RPW:
-$!
-$! Check To See If We Have The Proper Libraries.
-$!
-$ GOSUB LIB_CHECK
-$!
-$! Check To See If We Have A Linker Option File.
-$!
-$ GOSUB CHECK_OPT_FILE
-$!
-$! Check To See If The File We Want To Compile Actually Exists.
-$!
-$ IF (F$SEARCH("SYS$DISK:[]RPW.C").EQS."")
-$ THEN
-$!
-$!  Tell The User That The File Dosen't Exist.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The File RPW.C Dosen't Exist."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Exit The Build.
-$!
-$   EXIT
-$!
-$! End The RPW.C File Check.
-$!
-$ ENDIF
-$!
-$! Tell The User What We Are Building.
-$!
-$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"RPW.EXE"
-$!
-$! Compile The RPW Program.
-$!
-$ CC/OBJECT='OBJ_DIR'RPW.OBJ SYS$DISK:[]RPW.C
-$!
-$! Link The RPW Program.
-$!
-$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'RPW.EXE -
-      'OBJ_DIR'RPW.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION
-$!
-$! All Done, Time To Return.
-$!
-$ RETURN
-$!
-$!  Compile The DES Program.
-$!
-$ DES:
-$!
-$! Check To See If We Have The Proper Libraries.
-$!
-$ GOSUB LIB_CHECK
-$!
-$! Check To See If We Have A Linker Option File.
-$!
-$ GOSUB CHECK_OPT_FILE
-$!
-$! Check To See If The File We Want To Compile Actually Exists.
-$!
-$ IF (F$SEARCH("SYS$DISK:[]DES.C").EQS."")
-$ THEN
-$!
-$!  Tell The User That The File Dosen't Exist.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The File DES.C Dosen't Exist."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Exit The Build.
-$!
-$   EXIT
-$!
-$! End The DES.C File Check.
-$!
-$ ENDIF
-$!
-$! Tell The User What We Are Building.
-$!
-$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"DES.EXE"
-$!
-$! Compile The DES Program.
-$!
-$ CC/OBJECT='OBJ_DIR'DES.OBJ SYS$DISK:[]DES.C
-$ CC/OBJECT='OBJ_DIR'DES.OBJ SYS$DISK:[]CBC3_ENC.C
-$!
-$! Link The DES Program.
-$!
-$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'DES.EXE -
-      'OBJ_DIR'DES.OBJ,'OBJ_DIR'CBC3_ENC.OBJ,-
-      'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION
-$!
-$! All Done, Time To Return.
-$!
-$ RETURN
-$!
-$!  Compile The DES_OPTS Program.
-$!
-$ DES_OPTS:
-$!
-$! Check To See If We Have The Proper Libraries.
-$!
-$ GOSUB LIB_CHECK
-$!
-$! Check To See If We Have A Linker Option File.
-$!
-$ GOSUB CHECK_OPT_FILE
-$!
-$! Check To See If The File We Want To Compile Actually Exists.
-$!
-$ IF (F$SEARCH("SYS$DISK:[]DES_OPTS.C").EQS."")
-$ THEN
-$!
-$!  Tell The User That The File Dosen't Exist.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The File DES_OPTS.C Dosen't Exist."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Exit The Build.
-$!
-$   EXIT
-$!
-$! End The DES_OPTS.C File Check.
-$!
-$ ENDIF
-$!
-$! Tell The User What We Are Building.
-$!
-$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"DES_OPTS.EXE"
-$!
-$! Compile The DES_OPTS Program.
-$!
-$ CC/OBJECT='OBJ_DIR'DES_OPTS.OBJ SYS$DISK:[]DES_OPTS.C
-$!
-$! Link The DES_OPTS Program.
-$!
-$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'DES_OPTS.EXE -
-      'OBJ_DIR'DES_OPTS.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION
-$!
-$! All Done, Time To Return.
-$!
-$ RETURN
-$ EXIT
-$!
-$! Check For The Link Option FIle.
-$!
-$ CHECK_OPT_FILE:
-$!
-$! Check To See If We Need To Make A VAX C Option File.
-$!
-$ IF (COMPILER.EQS."VAXC")
-$ THEN
-$!
-$!  Check To See If We Already Have A VAX C Linker Option File.
-$!
-$   IF (F$SEARCH(OPT_FILE).EQS."")
-$   THEN
-$!
-$!    We Need A VAX C Linker Option File.
-$!
-$     CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File To Link Agianst 
-! The Sharable VAX C Runtime Library.
-!
-SYS$SHARE:VAXCRTL.EXE/SHARE
-$EOD
-$!
-$!  End The Option File Check.
-$!
-$   ENDIF
-$!
-$! End The VAXC Check.
-$!
-$ ENDIF
-$!
-$! Check To See If We Need A GNU C Option File.
-$!
-$ IF (COMPILER.EQS."GNUC")
-$ THEN
-$!
-$!  Check To See If We Already Have A GNU C Linker Option File.
-$!
-$   IF (F$SEARCH(OPT_FILE).EQS."")
-$   THEN
-$!
-$!    We Need A GNU C Linker Option File.
-$!
-$     CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File To Link Agianst 
-! The Sharable C Runtime Library.
-!
-GNU_CC:[000000]GCCLIB/LIBRARY
-SYS$SHARE:VAXCRTL/SHARE
-$EOD
-$!
-$!  End The Option File Check.
-$!
-$   ENDIF
-$!
-$! End The GNU C Check.
-$!
-$ ENDIF
-$!
-$! Check To See If We Need A DEC C Option File.
-$!
-$ IF (COMPILER.EQS."DECC")
-$ THEN
-$!
-$!  Check To See If We Already Have A DEC C Linker Option File.
-$!
-$   IF (F$SEARCH(OPT_FILE).EQS."")
-$   THEN
-$!
-$!    Figure Out If We Need An non-VAX Or A VAX Linker Option File.
-$!
-$     IF (F$GETSYI("CPU").LT.128)
-$     THEN
-$!
-$!      We Need A DEC C Linker Option File For VAX.
-$!
-$       CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File To Link Agianst 
-! The Sharable DEC C Runtime Library.
-!
-SYS$SHARE:DECC$SHR.EXE/SHARE
-$EOD
-$!
-$!    Else...
-$!
-$     ELSE
-$!
-$!      Create The non-VAX Linker Option File.
-$!
-$       CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File For non-VAX To Link Agianst 
-! The Sharable C Runtime Library.
-!
-SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
-SYS$SHARE:CMA$OPEN_RTL/SHARE
-$EOD
-$!
-$!    End The DEC C Option File Check.
-$!
-$     ENDIF
-$!
-$!  End The Option File Search.
-$!
-$   ENDIF
-$!
-$! End The DEC C Check.
-$!
-$ ENDIF
-$!
-$!  Tell The User What Linker Option File We Are Using.
-$!
-$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"."     
-$!
-$! Time To RETURN.
-$!
-$ RETURN
-$!
-$! Library Check.
-$!
-$ LIB_CHECK:
-$!
-$!  Look For The Library LIBDES.OLB.
-$!
-$ IF (F$SEARCH(LIB_NAME).EQS."")
-$ THEN
-$!
-$!    Tell The User We Can't Find The [.xxx.CRYPTO.DES]LIBDES.OLB Library.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "Can't Find The Library ",LIB_NAME,"."
-$   WRITE SYS$OUTPUT "We Can't Link Without It."
-$   WRITE SYS$OUTPUT ""
-$!
-$!    Since We Can't Link Without It, Exit.
-$!
-$   EXIT
-$ ENDIF
-$!
-$! Time To Return.
-$!
-$ RETURN
-$!
-$! Check The User's Options.
-$!
-$ CHECK_OPTIONS:
-$!
-$! Check To See If We Are To "Just Build Everything".
-$!
-$ IF (P1.EQS."ALL")
-$ THEN
-$!
-$!   P1 Is "ALL", So Build Everything.
-$!
-$    BUILDALL = "TRUE"
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$!  Else, Check To See If P1 Has A Valid Argument.
-$!
-$   IF (P1.EQS."LIBRARY").OR.(P1.EQS."DESTEST").OR.(P1.EQS."SPEED") -
-       .OR.(P1.EQS."RPW").OR.(P1.EQS."DES").OR.(P1.EQS."DES_OPTS")
-$   THEN
-$!
-$!    A Valid Argument.
-$!
-$     BUILDALL = P1
-$!
-$!  Else...
-$!
-$   ELSE
-$!
-$!    Tell The User We Don't Know What They Want.
-$!
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "The Option ",P1," Is Invalid.  The Valid Options Are:"
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "    ALL      :  Just Build Everything."
-$     WRITE SYS$OUTPUT "    LIBRARY  :  To Compile Just The [.xxx.EXE.CRYPTO.DES]LIBDES.OLB Library."
-$     WRITE SYS$OUTPUT "    DESTEST  :  To Compile Just The [.xxx.EXE.CRYPTO.DES]DESTEST.EXE Program."
-$     WRITE SYS$OUTPUT "    SPEED    :  To Compile Just The [.xxx.EXE.CRYPTO.DES]SPEED.EXE Program."
-$     WRITE SYS$OUTPUT "    RPW      :  To Compile Just The [.xxx.EXE.CRYPTO.DES]RPW.EXE Program."
-$     WRITE SYS$OUTPUT "    DES      :  To Compile Just The [.xxx.EXE.CRYPTO.DES]DES.EXE Program."
-$     WRITE SYS$OUTPUT "    DES_OPTS :  To Compile Just The [.xxx.EXE.CRYTPO.DES]DES_OPTS.EXE Program."
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT " Where 'xxx' Stands For: "
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "    ALPHA    :  Alpha Architecture."
-$     WRITE SYS$OUTPUT "    IA64     :  IA64 Architecture."
-$     WRITE SYS$OUTPUT "    VAX      :  VAX Architecture."
-$     WRITE SYS$OUTPUT ""
-$!
-$!    Time To EXIT.
-$!
-$     EXIT
-$!
-$!  End The Valid Argument Check.
-$!
-$   ENDIF
-$!
-$! End The P1 Check.
-$!
-$ ENDIF
-$!
-$! Check To See If We Are To Compile Without Debugger Information.
-$!
-$ IF (P2.EQS."NODEBUG")
-$ THEN
-$!
-$!   P2 Is Blank, So Compile Without Debugger Information.
-$!
-$    DEBUGGER  = "NODEBUG"
-$    TRACEBACK = "NOTRACEBACK" 
-$    GCC_OPTIMIZE = "OPTIMIZE"
-$    CC_OPTIMIZE = "OPTIMIZE"
-$    WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
-$    WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$!  Check To See If We Are To Compile With Debugger Information.
-$!
-$   IF (P2.EQS."DEBUG")
-$   THEN
-$!
-$!    Compile With Debugger Information.
-$!
-$     DEBUGGER  = "DEBUG"
-$     TRACEBACK = "TRACEBACK"
-$     GCC_OPTIMIZE = "NOOPTIMIZE"
-$     CC_OPTIMIZE = "NOOPTIMIZE"
-$     WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile."
-$     WRITE SYS$OUTPUT "Compiling Without Compiler Optimization."
-$!
-$!  Else...
-$!
-$   ELSE
-$!
-$!    Tell The User Entered An Invalid Option..
-$!
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "The Option ",P2," Is Invalid.  The Valid Options Are:"
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "    DEBUG    :  Compile With The Debugger Information."
-$     WRITE SYS$OUTPUT "    NODEBUG  :  Compile Without The Debugger Information."
-$     WRITE SYS$OUTPUT ""
-$!
-$!    Time To EXIT.
-$!
-$     EXIT
-$!
-$!  End The Valid Argument Check.
-$!
-$   ENDIF
-$!
-$! End The P2 Check.
-$!
-$ ENDIF
-$!
-$! Special Threads For OpenVMS v7.1 Or Later.
-$!
-$! Written By:  Richard Levitte
-$!              richard@levitte.org
-$!
-$!
-$! Check To See If We Have A Option For P4.
-$!
-$ IF (P4.EQS."")
-$ THEN
-$!
-$!  Get The Version Of VMS We Are Using.
-$!
-$   ISSEVEN := ""
-$   TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION")))
-$   TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP))
-$!
-$!  Check To See If The VMS Version Is v7.1 Or Later.
-$!
-$   IF (TMP.GE.71)
-$   THEN
-$!
-$!    We Have OpenVMS v7.1 Or Later, So Use The Special Threads.
-$!
-$     ISSEVEN := ,PTHREAD_USE_D4
-$!
-$!  End The VMS Version Check.
-$!
-$   ENDIF
-$!
-$! End The P4 Check.
-$!
-$ ENDIF
-$!
-$! Check To See If P3 Is Blank.
-$!
-$ IF (P3.EQS."")
-$ THEN
-$!
-$!  O.K., The User Didn't Specify A Compiler, Let's Try To
-$!  Find Out Which One To Use.
-$!
-$!  Check To See If We Have GNU C.
-$!
-$   IF (F$TRNLNM("GNU_CC").NES."")
-$   THEN
-$!
-$!    Looks Like GNUC, Set To Use GNUC.
-$!
-$     P3 = "GNUC"
-$!
-$!  Else...
-$!
-$   ELSE
-$!
-$!    Check To See If We Have VAXC Or DECC.
-$!
-$     IF (ARCH.NES."VAX").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
-$     THEN 
-$!
-$!      Looks Like DECC, Set To Use DECC.
-$!
-$       P3 = "DECC"
-$!
-$!    Else...
-$!
-$     ELSE
-$!
-$!      Looks Like VAXC, Set To Use VAXC.
-$!
-$       P3 = "VAXC"
-$!
-$!    End The VAXC Compiler Check.
-$!
-$     ENDIF
-$!
-$!  End The DECC & VAXC Compiler Check.
-$!
-$   ENDIF
-$!
-$!  End The Compiler Check.
-$!
-$ ENDIF
-$!
-$! Set Up Initial CC Definitions, Possibly With User Ones
-$!
-$ CCDEFS = ""
-$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = USER_CCDEFS
-$ CCEXTRAFLAGS = ""
-$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = ""
-$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
-        CCDISABLEWARNINGS = USER_CCDISABLEWARNINGS
-$!
-$!  Check To See If The User Entered A Valid Paramter.
-$!
-$ IF (P3.EQS."VAXC").OR.(P3.EQS."DECC").OR.(P3.EQS."GNUC")
-$ THEN
-$!
-$!    Check To See If The User Wanted DECC.
-$!
-$   IF (P3.EQS."DECC")
-$   THEN
-$!
-$!    Looks Like DECC, Set To Use DECC.
-$!
-$     COMPILER = "DECC"
-$!
-$!    Tell The User We Are Using DECC.
-$!
-$     WRITE SYS$OUTPUT "Using DECC 'C' Compiler."
-$!
-$!    Use DECC...
-$!
-$     CC = "CC"
-$     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
-         THEN CC = "CC/DECC"
-$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
-           "/NOLIST/PREFIX=ALL" + CCEXTRAFLAGS
-$!
-$!    Define The Linker Options File Name.
-$!
-$     OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT"
-$!
-$!  End DECC Check.
-$!
-$   ENDIF
-$!
-$!  Check To See If We Are To Use VAXC.
-$!
-$   IF (P3.EQS."VAXC")
-$   THEN
-$!
-$!    Looks Like VAXC, Set To Use VAXC.
-$!
-$     COMPILER = "VAXC"
-$!
-$!    Tell The User We Are Using VAX C.
-$!
-$     WRITE SYS$OUTPUT "Using VAXC 'C' Compiler."
-$!
-$!    Compile Using VAXC.
-$!
-$     CC = "CC"
-$     IF ARCH.NES."VAX"
-$     THEN
-$       WRITE SYS$OUTPUT "There is no VAX C on ''ARCH'!"
-$       EXIT
-$     ENDIF
-$     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
-$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + CCEXTRAFLAGS
-$     CCDEFS = """VAXC""," + CCDEFS
-$!
-$!    Define <sys> As SYS$COMMON:[SYSLIB]
-$!
-$     DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
-$!
-$!    Define The Linker Options File Name.
-$!
-$     OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT"
-$!
-$!  End VAXC Check
-$!
-$   ENDIF
-$!
-$!  Check To See If We Are To Use GNU C.
-$!
-$   IF (P3.EQS."GNUC")
-$   THEN
-$!
-$!    Looks Like GNUC, Set To Use GNUC.
-$!
-$     COMPILER = "GNUC"
-$!
-$!    Tell The User We Are Using GNUC.
-$!
-$     WRITE SYS$OUTPUT "Using GNU 'C' Compiler."
-$!
-$!    Use GNU C...
-$!
-$     CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + CCEXTRAFLAGS
-$!
-$!    Define The Linker Options File Name.
-$!
-$     OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT"
-$!
-$!  End The GNU C Check.
-$!
-$   ENDIF
-$!
-$!  Set up default defines
-$!
-$   CCDEFS = """FLAT_INC=1""," + CCDEFS
-$!
-$!  Finish up the definition of CC.
-$!
-$   IF COMPILER .EQS. "DECC"
-$   THEN
-$     IF CCDISABLEWARNINGS .EQS. ""
-$     THEN
-$       CC4DISABLEWARNINGS = "DOLLARID"
-$     ELSE
-$       CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID"
-$       CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
-$     ENDIF
-$     CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
-$   ELSE
-$     CCDISABLEWARNINGS = ""
-$     CC4DISABLEWARNINGS = ""
-$   ENDIF
-$   CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
-$!
-$!  Show user the result
-$!
-$   WRITE SYS$OUTPUT "Main Compiling Command: ",CC
-$!
-$!  Else The User Entered An Invalid Argument.
-$!
-$ ELSE
-$!
-$!  Tell The User We Don't Know What They Want.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The Option ",P3," Is Invalid.  The Valid Options Are:"
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "    VAXC  :  To Compile With VAX C."
-$   WRITE SYS$OUTPUT "    DECC  :  To Compile With DEC C."
-$   WRITE SYS$OUTPUT "    GNUC  :  To Compile With GNU C."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Time To EXIT.
-$!
-$   EXIT
-$!
-$! End The P3 Check.
-$!
-$ ENDIF
-$!
-$!  Time To RETURN...
-$!
-$ RETURN
diff --git a/src/lib/libcrypto/des/des.h b/src/lib/libcrypto/des/des.h
index 23c8cfc901..1eaedcbd24 100644
--- a/src/lib/libcrypto/des/des.h
+++ b/src/lib/libcrypto/des/des.h
@@ -56,8 +56,8 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef HEADER_DES_H
-#define HEADER_DES_H
+#ifndef HEADER_NEW_DES_H
+#define HEADER_NEW_DES_H
 
 #include <openssl/e_os2.h>      /* OPENSSL_EXTERN, OPENSSL_NO_DES,
                                    DES_LONG (via openssl/opensslconf.h */
@@ -71,8 +71,6 @@
 # define OPENSSL_EXTERN OPENSSL_EXPORT
 #endif
 
-#define des_SPtrans DES_SPtrans
-
 #ifdef  __cplusplus
 extern "C" {
 #endif
diff --git a/src/lib/libcrypto/des/des_old.h b/src/lib/libcrypto/des/des_old.h
index 8665ba4e7e..2b2c372354 100644
--- a/src/lib/libcrypto/des/des_old.h
+++ b/src/lib/libcrypto/des/des_old.h
@@ -88,8 +88,8 @@
  *
  */
 
-#ifndef HEADER_DES_OLD_H
-#define HEADER_DES_OLD_H
+#ifndef HEADER_DES_H
+#define HEADER_DES_H
 
 #include <openssl/e_os2.h>      /* OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG */
 
@@ -97,7 +97,7 @@
 #error DES is disabled.
 #endif
 
-#ifndef HEADER_DES_H
+#ifndef HEADER_NEW_DES_H
 #error You must include des.h, not des_old.h directly.
 #endif
 
diff --git a/src/lib/libcrypto/des/set_key.c b/src/lib/libcrypto/des/set_key.c
index d3e69ca8b5..da4d62e112 100644
--- a/src/lib/libcrypto/des/set_key.c
+++ b/src/lib/libcrypto/des/set_key.c
@@ -63,9 +63,8 @@
  * 1.1 added norm_expand_bits
  * 1.0 First working version
  */
-#include "des_locl.h"
-
 #include <openssl/crypto.h>
+#include "des_locl.h"
 
 OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key,0)   /* defaults to false */
 
diff --git a/src/lib/libcrypto/des/str2key.c b/src/lib/libcrypto/des/str2key.c
index 9c2054bda6..1077f99d1b 100644
--- a/src/lib/libcrypto/des/str2key.c
+++ b/src/lib/libcrypto/des/str2key.c
@@ -56,8 +56,8 @@
  * [including the GNU Public Licence.]
  */
 
-#include "des_locl.h"
 #include <openssl/crypto.h>
+#include "des_locl.h"
 
 void DES_string_to_key(const char *str, DES_cblock *key)
         {
diff --git a/src/lib/libcrypto/doc/ERR_get_error.pod b/src/lib/libcrypto/doc/ERR_get_error.pod
index 34443045fc..828ecf529b 100644
--- a/src/lib/libcrypto/doc/ERR_get_error.pod
+++ b/src/lib/libcrypto/doc/ERR_get_error.pod
@@ -52,8 +52,11 @@ ERR_get_error_line_data(), ERR_peek_error_line_data() and
 ERR_get_last_error_line_data() store additional data and flags
 associated with the error code in *B<data>
 and *B<flags>, unless these are B<NULL>. *B<data> contains a string
-if *B<flags>&B<ERR_TXT_STRING>. If it has been allocated by OPENSSL_malloc(),
-*B<flags>&B<ERR_TXT_MALLOCED> is true.
+if *B<flags>&B<ERR_TXT_STRING> is true. 
+
+An application B<MUST NOT> free the *B<data> pointer (or any other pointers
+returned by these functions) with OPENSSL_free() as freeing is handled
+automatically by the error library.
 
 =head1 RETURN VALUES
 
diff --git a/src/lib/libcrypto/doc/EVP_BytesToKey.pod b/src/lib/libcrypto/doc/EVP_BytesToKey.pod
index d375c46e03..0ea7d55c0f 100644
--- a/src/lib/libcrypto/doc/EVP_BytesToKey.pod
+++ b/src/lib/libcrypto/doc/EVP_BytesToKey.pod
@@ -17,7 +17,7 @@ EVP_BytesToKey - password based encryption routine
 
 EVP_BytesToKey() derives a key and IV from various parameters. B<type> is
 the cipher to derive the key and IV for. B<md> is the message digest to use.
-The B<salt> paramter is used as a salt in the derivation: it should point to
+The B<salt> parameter is used as a salt in the derivation: it should point to
 an 8 byte buffer or NULL if no salt is used. B<data> is a buffer containing
 B<datal> bytes which is used to derive the keying data. B<count> is the
 iteration count to use. The derived key and IV will be written to B<key>
diff --git a/src/lib/libcrypto/doc/EVP_DigestInit.pod b/src/lib/libcrypto/doc/EVP_DigestInit.pod
index 1aa15acb61..367691cc7a 100644
--- a/src/lib/libcrypto/doc/EVP_DigestInit.pod
+++ b/src/lib/libcrypto/doc/EVP_DigestInit.pod
@@ -252,9 +252,9 @@ digest name passed on the command line.
 
 =head1 SEE ALSO
 
-L<evp(3)|evp(3)>, L<HMAC(3)|HMAC(3)>, L<MD2(3)|MD2(3)>,
-L<MD5(3)|MD5(3)>, L<MDC2(3)|MDC2(3)>, L<RIPEMD160(3)|RIPEMD160(3)>,
-L<SHA1(3)|SHA1(3)>
+L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
+L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
 
 =head1 HISTORY
 
diff --git a/src/lib/libcrypto/doc/EVP_EncryptInit.pod b/src/lib/libcrypto/doc/EVP_EncryptInit.pod
index 8271d3dfc4..1c4bf184a1 100644
--- a/src/lib/libcrypto/doc/EVP_EncryptInit.pod
+++ b/src/lib/libcrypto/doc/EVP_EncryptInit.pod
@@ -152,7 +152,7 @@ does not remain in memory.
 
 EVP_EncryptInit(), EVP_DecryptInit() and EVP_CipherInit() behave in a
 similar way to EVP_EncryptInit_ex(), EVP_DecryptInit_ex and
-EVP_CipherInit_ex() except the B<ctx> paramter does not need to be
+EVP_CipherInit_ex() except the B<ctx> parameter does not need to be
 initialized and they always use the default cipher implementation.
 
 EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() behave in a
diff --git a/src/lib/libcrypto/doc/EVP_SignInit.pod b/src/lib/libcrypto/doc/EVP_SignInit.pod
index 781d43e401..620a623ab6 100644
--- a/src/lib/libcrypto/doc/EVP_SignInit.pod
+++ b/src/lib/libcrypto/doc/EVP_SignInit.pod
@@ -89,10 +89,10 @@ The previous two bugs are fixed in the newer EVP_SignDigest*() function.
 =head1 SEE ALSO
 
 L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>,
-L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
-L<evp(3)|evp(3)>, L<HMAC(3)|HMAC(3)>, L<MD2(3)|MD2(3)>,
-L<MD5(3)|MD5(3)>, L<MDC2(3)|MDC2(3)>, L<RIPEMD(3)|RIPEMD(3)>,
-L<SHA1(3)|SHA1(3)>, L<digest(1)|digest(1)>
+L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
+L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
+L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
 
 =head1 HISTORY
 
diff --git a/src/lib/libcrypto/doc/dsa.pod b/src/lib/libcrypto/doc/dsa.pod
index ae2e5d81f9..da07d2b930 100644
--- a/src/lib/libcrypto/doc/dsa.pod
+++ b/src/lib/libcrypto/doc/dsa.pod
@@ -101,7 +101,8 @@ Standard, DSS), ANSI X9.30
 =head1 SEE ALSO
 
 L<bn(3)|bn(3)>, L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
-L<rsa(3)|rsa(3)>, L<SHA1(3)|SHA1(3)>, L<DSA_new(3)|DSA_new(3)>,
+L<rsa(3)|rsa(3)>, L<sha(3)|sha(3)>, L<engine(3)|engine(3)>,
+L<DSA_new(3)|DSA_new(3)>,
 L<DSA_size(3)|DSA_size(3)>,
 L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>,
 L<DSA_dup_DH(3)|DSA_dup_DH(3)>,
diff --git a/src/lib/libcrypto/dso/dso_dlfcn.c b/src/lib/libcrypto/dso/dso_dlfcn.c
index e21b9f6dbc..5f351b318d 100644
--- a/src/lib/libcrypto/dso/dso_dlfcn.c
+++ b/src/lib/libcrypto/dso/dso_dlfcn.c
@@ -86,7 +86,7 @@ DSO_METHOD *DSO_METHOD_dlfcn(void)
 # if defined(_AIX) || defined(__CYGWIN__) || \
      defined(__SCO_VERSION__) || defined(_SCO_ELF) || \
      (defined(__osf__) && !defined(RTLD_NEXT))     || \
-     (defined(__OpenBSD__) && (!defined(__ELF__) || !defined(RTLD_SELF))) || \
+     (defined(__OpenBSD__) && !defined(RTLD_SELF)) || \
         defined(__ANDROID__)
 #  undef HAVE_DLINFO
 # endif
diff --git a/src/lib/libcrypto/ec/ec.h b/src/lib/libcrypto/ec/ec.h
index 9d01325af3..dfe8710d33 100644
--- a/src/lib/libcrypto/ec/ec.h
+++ b/src/lib/libcrypto/ec/ec.h
@@ -274,10 +274,10 @@ int EC_GROUP_get_curve_name(const EC_GROUP *group);
 void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag);
 int EC_GROUP_get_asn1_flag(const EC_GROUP *group);
 
-void EC_GROUP_set_point_conversion_form(EC_GROUP *, point_conversion_form_t);
+void EC_GROUP_set_point_conversion_form(EC_GROUP *group, point_conversion_form_t form);
 point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *);
 
-unsigned char *EC_GROUP_get0_seed(const EC_GROUP *);
+unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x);
 size_t EC_GROUP_get_seed_len(const EC_GROUP *);
 size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len);
 
@@ -626,8 +626,8 @@ int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *c
  */
 int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);
 
-int EC_POINT_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
-int EC_POINTs_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
+int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx);
+int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx);
 
 /** Computes r = generator * n sum_{i=0}^num p[i] * m[i]
  *  \param  group  underlying EC_GROUP object
@@ -800,16 +800,24 @@ const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key);
 int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub);
 
 unsigned EC_KEY_get_enc_flags(const EC_KEY *key);
-void EC_KEY_set_enc_flags(EC_KEY *, unsigned int);
-point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *);
-void EC_KEY_set_conv_form(EC_KEY *, point_conversion_form_t);
+void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags);
+point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key);
+void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform);
 /* functions to set/get method specific data  */
-void *EC_KEY_get_key_method_data(EC_KEY *, 
+void *EC_KEY_get_key_method_data(EC_KEY *key, 
         void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
-void EC_KEY_insert_key_method_data(EC_KEY *, void *data,
+/** Sets the key method data of an EC_KEY object, if none has yet been set.
+ *  \param  key              EC_KEY object
+ *  \param  data             opaque data to install.
+ *  \param  dup_func         a function that duplicates |data|.
+ *  \param  free_func        a function that frees |data|.
+ *  \param  clear_free_func  a function that wipes and frees |data|.
+ *  \return the previously set data pointer, or NULL if |data| was inserted.
+ */
+void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data,
         void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
 /* wrapper functions for the underlying EC_GROUP object */
-void EC_KEY_set_asn1_flag(EC_KEY *, int);
+void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag);
 
 /** Creates a table of pre-computed multiples of the generator to 
  *  accelerate further EC_KEY operations.
diff --git a/src/lib/libcrypto/ec/ec_lib.c b/src/lib/libcrypto/ec/ec_lib.c
index 25247b5803..de9a0cc2b3 100644
--- a/src/lib/libcrypto/ec/ec_lib.c
+++ b/src/lib/libcrypto/ec/ec_lib.c
@@ -480,10 +480,10 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx)
         if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) !=
             EC_METHOD_get_field_type(EC_GROUP_method_of(b)))
                 return 1;
-        /* compare the curve name (if present) */
+        /* compare the curve name (if present in both) */
         if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) &&
-            EC_GROUP_get_curve_name(a) == EC_GROUP_get_curve_name(b))
-                return 0;
+            EC_GROUP_get_curve_name(a) != EC_GROUP_get_curve_name(b))
+                return 1;
 
         if (!ctx)
                 ctx_new = ctx = BN_CTX_new();
@@ -993,12 +993,12 @@ int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN
         if (group->meth->point_cmp == 0)
                 {
                 ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return 0;
+                return -1;
                 }
         if ((group->meth != a->meth) || (a->meth != b->meth))
                 {
                 ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS);
-                return 0;
+                return -1;
                 }
         return group->meth->point_cmp(group, a, b, ctx);
         }
diff --git a/src/lib/libcrypto/ec/ecp_mont.c b/src/lib/libcrypto/ec/ecp_mont.c
index 079e47431b..f04f132c7a 100644
--- a/src/lib/libcrypto/ec/ecp_mont.c
+++ b/src/lib/libcrypto/ec/ecp_mont.c
@@ -114,7 +114,6 @@ const EC_METHOD *EC_GFp_mont_method(void)
                 ec_GFp_mont_field_decode,
                 ec_GFp_mont_field_set_to_one };
 
-
         return &ret;
 #endif
         }
diff --git a/src/lib/libcrypto/ec/ectest.c b/src/lib/libcrypto/ec/ectest.c
index f107782de0..102eaa9b23 100644
--- a/src/lib/libcrypto/ec/ectest.c
+++ b/src/lib/libcrypto/ec/ectest.c
@@ -236,7 +236,7 @@ static void group_order_tests(EC_GROUP *group)
         }
 
 static void prime_field_tests(void)
-        {       
+        {
         BN_CTX *ctx = NULL;
         BIGNUM *p, *a, *b;
         EC_GROUP *group;
diff --git a/src/lib/libcrypto/ecdh/Makefile b/src/lib/libcrypto/ecdh/Makefile
index 65d8904ee8..ba05fea05c 100644
--- a/src/lib/libcrypto/ecdh/Makefile
+++ b/src/lib/libcrypto/ecdh/Makefile
@@ -84,17 +84,12 @@ ech_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 ech_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 ech_err.o: ech_err.c
 ech_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-ech_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-ech_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-ech_key.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-ech_key.o: ../../include/openssl/engine.h ../../include/openssl/evp.h
-ech_key.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-ech_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-ech_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-ech_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-ech_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-ech_key.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-ech_key.o: ../../include/openssl/x509_vfy.h ech_key.c ech_locl.h
+ech_key.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ech_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+ech_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ech_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+ech_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ech_key.o: ech_key.c ech_locl.h
 ech_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 ech_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 ech_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
diff --git a/src/lib/libcrypto/engine/eng_all.c b/src/lib/libcrypto/engine/eng_all.c
index 0ae5d672b1..6093376df4 100644
--- a/src/lib/libcrypto/engine/eng_all.c
+++ b/src/lib/libcrypto/engine/eng_all.c
@@ -73,7 +73,6 @@ void ENGINE_load_builtin_engines(void)
 #if !defined(OPENSSL_NO_HW) && (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV))
         ENGINE_load_cryptodev();
 #endif
-
 #ifndef OPENSSL_NO_RSAX
         ENGINE_load_rsax();
 #endif
diff --git a/src/lib/libcrypto/engine/eng_list.c b/src/lib/libcrypto/engine/eng_list.c
index 27846edb1e..95c858960b 100644
--- a/src/lib/libcrypto/engine/eng_list.c
+++ b/src/lib/libcrypto/engine/eng_list.c
@@ -408,6 +408,7 @@ ENGINE *ENGINE_by_id(const char *id)
                                 !ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) ||
                                 !ENGINE_ctrl_cmd_string(iterator, "DIR_ADD",
                                         load_dir, 0) ||
+                                !ENGINE_ctrl_cmd_string(iterator, "LIST_ADD", "1", 0) ||
                                 !ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0))
                                 goto notfound;
                 return iterator;
diff --git a/src/lib/libcrypto/err/err_all.c b/src/lib/libcrypto/err/err_all.c
index bd8946d8ba..8eb547d98d 100644
--- a/src/lib/libcrypto/err/err_all.c
+++ b/src/lib/libcrypto/err/err_all.c
@@ -64,7 +64,9 @@
 #endif
 #include <openssl/buffer.h>
 #include <openssl/bio.h>
+#ifndef OPENSSL_NO_COMP
 #include <openssl/comp.h>
+#endif
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
@@ -95,6 +97,9 @@
 #include <openssl/ui.h>
 #include <openssl/ocsp.h>
 #include <openssl/err.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
 #include <openssl/ts.h>
 #ifndef OPENSSL_NO_CMS
 #include <openssl/cms.h>
@@ -102,11 +107,6 @@
 #ifndef OPENSSL_NO_JPAKE
 #include <openssl/jpake.h>
 #endif
-#include <openssl/comp.h>
-
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 
 void ERR_load_crypto_strings(void)
         {
@@ -130,7 +130,9 @@ void ERR_load_crypto_strings(void)
         ERR_load_ASN1_strings();
         ERR_load_CONF_strings();
         ERR_load_CRYPTO_strings();
+#ifndef OPENSSL_NO_COMP
         ERR_load_COMP_strings();
+#endif
 #ifndef OPENSSL_NO_EC
         ERR_load_EC_strings();
 #endif
@@ -153,15 +155,14 @@ void ERR_load_crypto_strings(void)
 #endif
         ERR_load_OCSP_strings();
         ERR_load_UI_strings();
+#ifdef OPENSSL_FIPS
+        ERR_load_FIPS_strings();
+#endif
 #ifndef OPENSSL_NO_CMS
         ERR_load_CMS_strings();
 #endif
 #ifndef OPENSSL_NO_JPAKE
         ERR_load_JPAKE_strings();
 #endif
-        ERR_load_COMP_strings();
-#endif
-#ifdef OPENSSL_FIPS
-        ERR_load_FIPS_strings();
 #endif
         }
diff --git a/src/lib/libcrypto/evp/Makefile b/src/lib/libcrypto/evp/Makefile
index 0fe1b96bff..0447b442bc 100644
--- a/src/lib/libcrypto/evp/Makefile
+++ b/src/lib/libcrypto/evp/Makefile
@@ -67,7 +67,7 @@ files:
 links:
         @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
         @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
-        cp $(TESTDATA) ../../test
+        @[ -f $(TESTDATA) ] && cp $(TESTDATA) ../../test && echo "$(TESTDATA) -> ../../test/$(TESTDATA)"
         @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
@@ -356,6 +356,20 @@ evp_acnf.o: ../../include/openssl/opensslconf.h
 evp_acnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 evp_acnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 evp_acnf.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_acnf.c
+evp_cnf.o: ../../e_os.h ../../include/openssl/asn1.h
+evp_cnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+evp_cnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+evp_cnf.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+evp_cnf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+evp_cnf.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+evp_cnf.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+evp_cnf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_cnf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+evp_cnf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+evp_cnf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+evp_cnf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+evp_cnf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+evp_cnf.o: ../../include/openssl/x509v3.h ../cryptlib.h evp_cnf.c
 evp_enc.o: ../../e_os.h ../../include/openssl/asn1.h
 evp_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 evp_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
@@ -437,28 +451,22 @@ evp_pkey.o: ../asn1/asn1_locl.h ../cryptlib.h evp_pkey.c
 m_dss.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 m_dss.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 m_dss.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-m_dss.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-m_dss.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-m_dss.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-m_dss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_dss.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-m_dss.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_dss.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_dss.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+m_dss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_dss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 m_dss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 m_dss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_dss.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 m_dss.o: ../cryptlib.h m_dss.c
 m_dss1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 m_dss1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 m_dss1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-m_dss1.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-m_dss1.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-m_dss1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-m_dss1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_dss1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-m_dss1.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_dss1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_dss1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+m_dss1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_dss1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 m_dss1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 m_dss1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_dss1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 m_dss1.o: ../cryptlib.h m_dss1.c
 m_ecdsa.o: ../../e_os.h ../../include/openssl/asn1.h
 m_ecdsa.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
@@ -563,16 +571,13 @@ m_sha.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 m_sha.o: ../cryptlib.h evp_locl.h m_sha.c
 m_sha1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 m_sha1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-m_sha1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-m_sha1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-m_sha1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_sha1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-m_sha1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-m_sha1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-m_sha1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+m_sha1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_sha1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+m_sha1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_sha1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_sha1.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
 m_sha1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 m_sha1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_sha1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 m_sha1.o: ../cryptlib.h m_sha1.c
 m_sigver.o: ../../e_os.h ../../include/openssl/asn1.h
 m_sigver.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
diff --git a/src/lib/libcrypto/evp/bio_b64.c b/src/lib/libcrypto/evp/bio_b64.c
index 72a2a67277..ac6d441aad 100644
--- a/src/lib/libcrypto/evp/bio_b64.c
+++ b/src/lib/libcrypto/evp/bio_b64.c
@@ -264,7 +264,7 @@ static int b64_read(BIO *b, char *out, int outl)
                                 }
 
                         /* we fell off the end without starting */
-                        if (j == i)
+                        if ((j == i) && (num == 0))
                                 {
                                 /* Is this is one long chunk?, if so, keep on
                                  * reading until a new line. */
diff --git a/src/lib/libcrypto/evp/digest.c b/src/lib/libcrypto/evp/digest.c
index 467e6b5ae9..d14e8e48d5 100644
--- a/src/lib/libcrypto/evp/digest.c
+++ b/src/lib/libcrypto/evp/digest.c
@@ -267,6 +267,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
         return FIPS_digestfinal(ctx, md, size);
 #else
         int ret;
+
         OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
         ret=ctx->digest->final(ctx,md);
         if (size != NULL)
@@ -365,8 +366,11 @@ int EVP_Digest(const void *data, size_t count,
 
 void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
         {
-        EVP_MD_CTX_cleanup(ctx);
-        OPENSSL_free(ctx);
+        if (ctx)
+                {
+                EVP_MD_CTX_cleanup(ctx);
+                OPENSSL_free(ctx);
+                }
         }
 
 /* This call frees resources associated with the context */
diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
index 1e4af0cb75..c7869b69ef 100644
--- a/src/lib/libcrypto/evp/e_aes.c
+++ b/src/lib/libcrypto/evp/e_aes.c
@@ -842,7 +842,10 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                         gctx->ctr = NULL;
                         break;
                         }
+                else
 #endif
+                (void)0;        /* terminate potentially open 'else' */
+
                 AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks);
                 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f)AES_encrypt);
 #ifdef AES_CTR_ASM
@@ -969,8 +972,6 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 
         if (!gctx->iv_set)
                 return -1;
-        if (!ctx->encrypt && gctx->taglen < 0)
-                return -1;
         if (in)
                 {
                 if (out == NULL)
@@ -1012,6 +1013,8 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                 {
                 if (!ctx->encrypt)
                         {
+                        if (gctx->taglen < 0)
+                                return -1;
                         if (CRYPTO_gcm128_finish(&gctx->gcm,
                                         ctx->buf, gctx->taglen) != 0)
                                 return -1;
@@ -1083,14 +1086,17 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                         xctx->xts.block1 = (block128_f)vpaes_decrypt;
                         }
 
-                vpaes_set_encrypt_key(key + ctx->key_len/2,
+                    vpaes_set_encrypt_key(key + ctx->key_len/2,
                                                 ctx->key_len * 4, &xctx->ks2);
-                xctx->xts.block2 = (block128_f)vpaes_encrypt;
+                    xctx->xts.block2 = (block128_f)vpaes_encrypt;
 
-                xctx->xts.key1 = &xctx->ks1;
-                break;
-                }
+                    xctx->xts.key1 = &xctx->ks1;
+                    break;
+                    }
+                else
 #endif
+                (void)0;        /* terminate potentially open 'else' */
+
                 if (enc)
                         {
                         AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1);
@@ -1217,6 +1223,7 @@ static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                         vpaes_set_encrypt_key(key, ctx->key_len*8, &cctx->ks);
                         CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
                                         &cctx->ks, (block128_f)vpaes_encrypt);
+                        cctx->str = NULL;
                         cctx->key_set = 1;
                         break;
                         }
diff --git a/src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c b/src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c
index 483e04b605..fb2c884a78 100644
--- a/src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c
@@ -328,10 +328,11 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 
                                 if (res!=SHA_CBLOCK) continue;
 
-                                mask = 0-((inp_len+8-j)>>(sizeof(j)*8-1));
+                                /* j is not incremented yet */
+                                mask = 0-((inp_len+7-j)>>(sizeof(j)*8-1));
                                 data->u[SHA_LBLOCK-1] |= bitlen&mask;
                                 sha1_block_data_order(&key->md,data,1);
-                                mask &= 0-((j-inp_len-73)>>(sizeof(j)*8-1));
+                                mask &= 0-((j-inp_len-72)>>(sizeof(j)*8-1));
                                 pmac->u[0] |= key->md.h0 & mask;
                                 pmac->u[1] |= key->md.h1 & mask;
                                 pmac->u[2] |= key->md.h2 & mask;
diff --git a/src/lib/libcrypto/evp/e_des3.c b/src/lib/libcrypto/evp/e_des3.c
index 1e69972662..8d7b7de292 100644
--- a/src/lib/libcrypto/evp/e_des3.c
+++ b/src/lib/libcrypto/evp/e_des3.c
@@ -101,7 +101,7 @@ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                               const unsigned char *in, size_t inl)
 {
-        if (inl>=EVP_MAXCHUNK)
+        while (inl>=EVP_MAXCHUNK)
                 {
                 DES_ede3_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK,
                                &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
@@ -132,7 +132,7 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         printf("\n");
         }
 #endif    /* KSSL_DEBUG */
-        if (inl>=EVP_MAXCHUNK)
+        while (inl>=EVP_MAXCHUNK)
                 {
                 DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK,
                              &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
@@ -151,7 +151,7 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                               const unsigned char *in, size_t inl)
 {
-        if (inl>=EVP_MAXCHUNK)
+        while (inl>=EVP_MAXCHUNK)
                 {
                 DES_ede3_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, 
                                &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h
index 3b1fa87576..faeb3c24e6 100644
--- a/src/lib/libcrypto/evp/evp.h
+++ b/src/lib/libcrypto/evp/evp.h
@@ -788,8 +788,8 @@ const EVP_CIPHER *EVP_aes_128_cfb128(void);
 # define EVP_aes_128_cfb EVP_aes_128_cfb128
 const EVP_CIPHER *EVP_aes_128_ofb(void);
 const EVP_CIPHER *EVP_aes_128_ctr(void);
-const EVP_CIPHER *EVP_aes_128_gcm(void);
 const EVP_CIPHER *EVP_aes_128_ccm(void);
+const EVP_CIPHER *EVP_aes_128_gcm(void);
 const EVP_CIPHER *EVP_aes_128_xts(void);
 const EVP_CIPHER *EVP_aes_192_ecb(void);
 const EVP_CIPHER *EVP_aes_192_cbc(void);
@@ -799,8 +799,8 @@ const EVP_CIPHER *EVP_aes_192_cfb128(void);
 # define EVP_aes_192_cfb EVP_aes_192_cfb128
 const EVP_CIPHER *EVP_aes_192_ofb(void);
 const EVP_CIPHER *EVP_aes_192_ctr(void);
-const EVP_CIPHER *EVP_aes_192_gcm(void);
 const EVP_CIPHER *EVP_aes_192_ccm(void);
+const EVP_CIPHER *EVP_aes_192_gcm(void);
 const EVP_CIPHER *EVP_aes_256_ecb(void);
 const EVP_CIPHER *EVP_aes_256_cbc(void);
 const EVP_CIPHER *EVP_aes_256_cfb1(void);
@@ -809,8 +809,8 @@ const EVP_CIPHER *EVP_aes_256_cfb128(void);
 # define EVP_aes_256_cfb EVP_aes_256_cfb128
 const EVP_CIPHER *EVP_aes_256_ofb(void);
 const EVP_CIPHER *EVP_aes_256_ctr(void);
-const EVP_CIPHER *EVP_aes_256_gcm(void);
 const EVP_CIPHER *EVP_aes_256_ccm(void);
+const EVP_CIPHER *EVP_aes_256_gcm(void);
 const EVP_CIPHER *EVP_aes_256_xts(void);
 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
 const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void);
@@ -1242,6 +1242,8 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
         int (*ctrl_str)(EVP_PKEY_CTX *ctx,
                                         const char *type, const char *value));
 
+void EVP_add_alg_module(void);
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
@@ -1256,6 +1258,7 @@ void ERR_load_EVP_strings(void);
 #define EVP_F_AES_INIT_KEY                               133
 #define EVP_F_AES_XTS                                    172
 #define EVP_F_AES_XTS_CIPHER                             175
+#define EVP_F_ALG_MODULE_INIT                            177
 #define EVP_F_CAMELLIA_INIT_KEY                          159
 #define EVP_F_CMAC_INIT                                  173
 #define EVP_F_D2I_PKEY                                   100
@@ -1349,15 +1352,19 @@ void ERR_load_EVP_strings(void);
 #define EVP_R_DIFFERENT_PARAMETERS                       153
 #define EVP_R_DISABLED_FOR_FIPS                          163
 #define EVP_R_ENCODE_ERROR                               115
+#define EVP_R_ERROR_LOADING_SECTION                      165
+#define EVP_R_ERROR_SETTING_FIPS_MODE                    166
 #define EVP_R_EVP_PBE_CIPHERINIT_ERROR                   119
 #define EVP_R_EXPECTING_AN_RSA_KEY                       127
 #define EVP_R_EXPECTING_A_DH_KEY                         128
 #define EVP_R_EXPECTING_A_DSA_KEY                        129
 #define EVP_R_EXPECTING_A_ECDSA_KEY                      141
 #define EVP_R_EXPECTING_A_EC_KEY                         142
+#define EVP_R_FIPS_MODE_NOT_SUPPORTED                    167
 #define EVP_R_INITIALIZATION_ERROR                       134
 #define EVP_R_INPUT_NOT_INITIALIZED                      111
 #define EVP_R_INVALID_DIGEST                             152
+#define EVP_R_INVALID_FIPS_MODE                          168
 #define EVP_R_INVALID_KEY_LENGTH                         130
 #define EVP_R_INVALID_OPERATION                          148
 #define EVP_R_IV_TOO_LARGE                               102
@@ -1382,6 +1389,7 @@ void ERR_load_EVP_strings(void);
 #define EVP_R_TOO_LARGE                                  164
 #define EVP_R_UNKNOWN_CIPHER                             160
 #define EVP_R_UNKNOWN_DIGEST                             161
+#define EVP_R_UNKNOWN_OPTION                             169
 #define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
 #define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS                135
 #define EVP_R_UNSUPPORTED_ALGORITHM                      156
diff --git a/src/lib/libcrypto/evp/evp_err.c b/src/lib/libcrypto/evp/evp_err.c
index db0f76d59b..08eab9882f 100644
--- a/src/lib/libcrypto/evp/evp_err.c
+++ b/src/lib/libcrypto/evp/evp_err.c
@@ -75,6 +75,7 @@ static ERR_STRING_DATA EVP_str_functs[]=
 {ERR_FUNC(EVP_F_AES_INIT_KEY),  "AES_INIT_KEY"},
 {ERR_FUNC(EVP_F_AES_XTS),       "AES_XTS"},
 {ERR_FUNC(EVP_F_AES_XTS_CIPHER),        "AES_XTS_CIPHER"},
+{ERR_FUNC(EVP_F_ALG_MODULE_INIT),       "ALG_MODULE_INIT"},
 {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY),     "CAMELLIA_INIT_KEY"},
 {ERR_FUNC(EVP_F_CMAC_INIT),     "CMAC_INIT"},
 {ERR_FUNC(EVP_F_D2I_PKEY),      "D2I_PKEY"},
@@ -171,15 +172,19 @@ static ERR_STRING_DATA EVP_str_reasons[]=
 {ERR_REASON(EVP_R_DIFFERENT_PARAMETERS)  ,"different parameters"},
 {ERR_REASON(EVP_R_DISABLED_FOR_FIPS)     ,"disabled for fips"},
 {ERR_REASON(EVP_R_ENCODE_ERROR)          ,"encode error"},
+{ERR_REASON(EVP_R_ERROR_LOADING_SECTION) ,"error loading section"},
+{ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE),"error setting fips mode"},
 {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"},
 {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY)  ,"expecting an rsa key"},
 {ERR_REASON(EVP_R_EXPECTING_A_DH_KEY)    ,"expecting a dh key"},
 {ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY)   ,"expecting a dsa key"},
 {ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY) ,"expecting a ecdsa key"},
 {ERR_REASON(EVP_R_EXPECTING_A_EC_KEY)    ,"expecting a ec key"},
+{ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED),"fips mode not supported"},
 {ERR_REASON(EVP_R_INITIALIZATION_ERROR)  ,"initialization error"},
 {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"},
 {ERR_REASON(EVP_R_INVALID_DIGEST)        ,"invalid digest"},
+{ERR_REASON(EVP_R_INVALID_FIPS_MODE)     ,"invalid fips mode"},
 {ERR_REASON(EVP_R_INVALID_KEY_LENGTH)    ,"invalid key length"},
 {ERR_REASON(EVP_R_INVALID_OPERATION)     ,"invalid operation"},
 {ERR_REASON(EVP_R_IV_TOO_LARGE)          ,"iv too large"},
@@ -204,6 +209,7 @@ static ERR_STRING_DATA EVP_str_reasons[]=
 {ERR_REASON(EVP_R_TOO_LARGE)             ,"too large"},
 {ERR_REASON(EVP_R_UNKNOWN_CIPHER)        ,"unknown cipher"},
 {ERR_REASON(EVP_R_UNKNOWN_DIGEST)        ,"unknown digest"},
+{ERR_REASON(EVP_R_UNKNOWN_OPTION)        ,"unknown option"},
 {ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"},
 {ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS),"unsuported number of rounds"},
 {ERR_REASON(EVP_R_UNSUPPORTED_ALGORITHM) ,"unsupported algorithm"},
diff --git a/src/lib/libcrypto/evp/m_dss.c b/src/lib/libcrypto/evp/m_dss.c
index 4ad63ada6f..6fb7e9a861 100644
--- a/src/lib/libcrypto/evp/m_dss.c
+++ b/src/lib/libcrypto/evp/m_dss.c
@@ -60,7 +60,7 @@
 #include "cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/objects.h>
-#include <openssl/x509.h>
+#include <openssl/sha.h>
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
diff --git a/src/lib/libcrypto/evp/m_dss1.c b/src/lib/libcrypto/evp/m_dss1.c
index f80170efeb..2df362a670 100644
--- a/src/lib/libcrypto/evp/m_dss1.c
+++ b/src/lib/libcrypto/evp/m_dss1.c
@@ -63,7 +63,7 @@
 
 #include <openssl/evp.h>
 #include <openssl/objects.h>
-#include <openssl/x509.h>
+#include <openssl/sha.h>
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
diff --git a/src/lib/libcrypto/evp/m_sha1.c b/src/lib/libcrypto/evp/m_sha1.c
index 3cb11f1ebb..bd0c01ad3c 100644
--- a/src/lib/libcrypto/evp/m_sha1.c
+++ b/src/lib/libcrypto/evp/m_sha1.c
@@ -65,7 +65,7 @@
 
 #include <openssl/evp.h>
 #include <openssl/objects.h>
-#include <openssl/x509.h>
+#include <openssl/sha.h>
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
diff --git a/src/lib/libcrypto/evp/p5_crpt2.c b/src/lib/libcrypto/evp/p5_crpt2.c
index 975d004df4..fe3c6c8813 100644
--- a/src/lib/libcrypto/evp/p5_crpt2.c
+++ b/src/lib/libcrypto/evp/p5_crpt2.c
@@ -85,19 +85,24 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
         unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4];
         int cplen, j, k, tkeylen, mdlen;
         unsigned long i = 1;
-        HMAC_CTX hctx;
+        HMAC_CTX hctx_tpl, hctx;
 
         mdlen = EVP_MD_size(digest);
         if (mdlen < 0)
                 return 0;
 
-        HMAC_CTX_init(&hctx);
+        HMAC_CTX_init(&hctx_tpl);
         p = out;
         tkeylen = keylen;
         if(!pass)
                 passlen = 0;
         else if(passlen == -1)
                 passlen = strlen(pass);
+        if (!HMAC_Init_ex(&hctx_tpl, pass, passlen, digest, NULL))
+                {
+                HMAC_CTX_cleanup(&hctx_tpl);
+                return 0;
+                }
         while(tkeylen)
                 {
                 if(tkeylen > mdlen)
@@ -111,19 +116,36 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
                 itmp[1] = (unsigned char)((i >> 16) & 0xff);
                 itmp[2] = (unsigned char)((i >> 8) & 0xff);
                 itmp[3] = (unsigned char)(i & 0xff);
-                if (!HMAC_Init_ex(&hctx, pass, passlen, digest, NULL)
-                        || !HMAC_Update(&hctx, salt, saltlen)
-                        || !HMAC_Update(&hctx, itmp, 4)
-                        || !HMAC_Final(&hctx, digtmp, NULL))
+                if (!HMAC_CTX_copy(&hctx, &hctx_tpl))
                         {
+                        HMAC_CTX_cleanup(&hctx_tpl);
+                        return 0;
+                        }
+                if (!HMAC_Update(&hctx, salt, saltlen)
+                    || !HMAC_Update(&hctx, itmp, 4)
+                    || !HMAC_Final(&hctx, digtmp, NULL))
+                        {
+                        HMAC_CTX_cleanup(&hctx_tpl);
                         HMAC_CTX_cleanup(&hctx);
                         return 0;
                         }
+                HMAC_CTX_cleanup(&hctx);
                 memcpy(p, digtmp, cplen);
                 for(j = 1; j < iter; j++)
                         {
-                        HMAC(digest, pass, passlen,
-                                 digtmp, mdlen, digtmp, NULL);
+                        if (!HMAC_CTX_copy(&hctx, &hctx_tpl))
+                                {
+                                HMAC_CTX_cleanup(&hctx_tpl);
+                                return 0;
+                                }
+                        if (!HMAC_Update(&hctx, digtmp, mdlen)
+                            || !HMAC_Final(&hctx, digtmp, NULL))
+                                {
+                                HMAC_CTX_cleanup(&hctx_tpl);
+                                HMAC_CTX_cleanup(&hctx);
+                                return 0;
+                                }
+                        HMAC_CTX_cleanup(&hctx);
                         for(k = 0; k < cplen; k++)
                                 p[k] ^= digtmp[k];
                         }
@@ -131,7 +153,7 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
                 i++;
                 p+= cplen;
                 }
-        HMAC_CTX_cleanup(&hctx);
+        HMAC_CTX_cleanup(&hctx_tpl);
 #ifdef DEBUG_PKCS5V2
         fprintf(stderr, "Password:\n");
         h__dump (pass, passlen);
diff --git a/src/lib/libcrypto/evp/p_sign.c b/src/lib/libcrypto/evp/p_sign.c
index dfa48c157c..8afb664306 100644
--- a/src/lib/libcrypto/evp/p_sign.c
+++ b/src/lib/libcrypto/evp/p_sign.c
@@ -80,7 +80,7 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
         {
         unsigned char m[EVP_MAX_MD_SIZE];
         unsigned int m_len;
-        int i=0,ok=0,v;
+        int i = 0,ok = 0,v;
         EVP_MD_CTX tmp_ctx;
         EVP_PKEY_CTX *pkctx = NULL;
 
diff --git a/src/lib/libcrypto/evp/p_verify.c b/src/lib/libcrypto/evp/p_verify.c
index 5f5c409f45..c66d63ccf8 100644
--- a/src/lib/libcrypto/evp/p_verify.c
+++ b/src/lib/libcrypto/evp/p_verify.c
@@ -67,7 +67,7 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
         {
         unsigned char m[EVP_MAX_MD_SIZE];
         unsigned int m_len;
-        int i=-1,ok=0,v;
+        int i = 0,ok = 0,v;
         EVP_MD_CTX tmp_ctx;
         EVP_PKEY_CTX *pkctx = NULL;
 
diff --git a/src/lib/libcrypto/install-crypto.com b/src/lib/libcrypto/install-crypto.com
deleted file mode 100755
index 85b3d583cf..0000000000
--- a/src/lib/libcrypto/install-crypto.com
+++ /dev/null
@@ -1,196 +0,0 @@
-$! INSTALL.COM -- Installs the files in a given directory tree
-$!
-$! Author: Richard Levitte <richard@levitte.org>
-$! Time of creation: 22-MAY-1998 10:13
-$!
-$! Changes by Zoltan Arpadffy <zoli@polarhome.com>
-$!
-$! P1  root of the directory tree
-$! P2  "64" for 64-bit pointers.
-$!
-$!
-$! Announce/identify.
-$!
-$ proc = f$environment( "procedure")
-$ write sys$output "@@@ "+ -
-   f$parse( proc, , , "name")+ f$parse( proc, , , "type")
-$!
-$ on error then goto tidy
-$ on control_c then goto tidy
-$!
-$ if (p1 .eqs. "")
-$ then
-$   write sys$output "First argument missing."
-$   write sys$output -
-     "It should be the directory where you want things installed."
-$     exit
-$ endif
-$!
-$ if (f$getsyi( "cpu") .lt. 128)
-$ then
-$   arch = "VAX"
-$ else
-$   arch = f$edit( f$getsyi( "arch_name"), "upcase")
-$   if (arch .eqs. "") then arch = "UNK"
-$ endif
-$!
-$ archd = arch
-$ lib32 = "32"
-$ shr = "_SHR32"
-$!
-$ if (p2 .nes. "")
-$ then
-$   if (p2 .eqs. "64")
-$   then
-$     archd = arch+ "_64"
-$     lib32 = ""
-$     shr = "_SHR"
-$   else
-$     if (p2 .nes. "32")
-$     then
-$       write sys$output "Second argument invalid."
-$       write sys$output "It should be "32", "64", or nothing."
-$       exit
-$     endif
-$   endif
-$ endif
-$!
-$ root = f$parse( p1, "[]A.;0", , , "syntax_only, no_conceal") - "A.;0"
-$ root_dev = f$parse( root, , , "device", "syntax_only")
-$ root_dir = f$parse( root, , , "directory", "syntax_only") - -
-   "[000000." - "][" - "[" - "]"
-$ root = root_dev + "[" + root_dir
-$!
-$ define /nolog wrk_sslroot 'root'.] /trans=conc
-$ define /nolog wrk_sslinclude wrk_sslroot:[include]
-$ define /nolog wrk_sslxlib wrk_sslroot:['arch'_lib]
-$!
-$ if f$parse("wrk_sslroot:[000000]") .eqs. "" then -
-   create /directory /log wrk_sslroot:[000000]
-$ if f$parse("wrk_sslinclude:") .eqs. "" then -
-   create /directory /log wrk_sslinclude:
-$ if f$parse("wrk_sslxlib:") .eqs. "" then -
-   create /directory /log wrk_sslxlib:
-$!
-$ sdirs := , -
-   'archd', -
-   objects, -
-   md2, md4, md5, sha, mdc2, hmac, ripemd, whrlpool, -
-   des, aes, rc2, rc4, rc5, idea, bf, cast, camellia, seed, -
-   bn, ec, rsa, dsa, ecdsa, dh, ecdh, dso, engine, -
-   buffer, bio, stack, lhash, rand, err, -
-   evp, asn1, pem, x509, x509v3, conf, txt_db, pkcs7, pkcs12, comp, ocsp, -
-   ui, krb5, -
-   store, cms, pqueue, ts, jpake
-$!
-$ exheader_ := crypto.h, opensslv.h, ebcdic.h, symhacks.h, ossl_typ.h
-$ exheader_'archd' := opensslconf.h
-$ exheader_objects := objects.h, obj_mac.h
-$ exheader_md2 := md2.h
-$ exheader_md4 := md4.h
-$ exheader_md5 := md5.h
-$ exheader_sha := sha.h
-$ exheader_mdc2 := mdc2.h
-$ exheader_hmac := hmac.h
-$ exheader_ripemd := ripemd.h
-$ exheader_whrlpool := whrlpool.h
-$ exheader_des := des.h, des_old.h
-$ exheader_aes := aes.h
-$ exheader_rc2 := rc2.h
-$ exheader_rc4 := rc4.h
-$ exheader_rc5 := rc5.h
-$ exheader_idea := idea.h
-$ exheader_bf := blowfish.h
-$ exheader_cast := cast.h
-$ exheader_camellia := camellia.h
-$ exheader_seed := seed.h
-$ exheader_modes := modes.h
-$ exheader_bn := bn.h
-$ exheader_ec := ec.h
-$ exheader_rsa := rsa.h
-$ exheader_dsa := dsa.h
-$ exheader_ecdsa := ecdsa.h
-$ exheader_dh := dh.h
-$ exheader_ecdh := ecdh.h
-$ exheader_dso := dso.h
-$ exheader_engine := engine.h
-$ exheader_buffer := buffer.h
-$ exheader_bio := bio.h
-$ exheader_stack := stack.h, safestack.h
-$ exheader_lhash := lhash.h
-$ exheader_rand := rand.h
-$ exheader_err := err.h
-$ exheader_evp := evp.h
-$ exheader_asn1 := asn1.h, asn1_mac.h, asn1t.h
-$ exheader_pem := pem.h, pem2.h
-$ exheader_x509 := x509.h, x509_vfy.h
-$ exheader_x509v3 := x509v3.h
-$ exheader_conf := conf.h, conf_api.h
-$ exheader_txt_db := txt_db.h
-$ exheader_pkcs7 := pkcs7.h
-$ exheader_pkcs12 := pkcs12.h
-$ exheader_comp := comp.h
-$ exheader_ocsp := ocsp.h
-$ exheader_ui := ui.h, ui_compat.h
-$ exheader_krb5 := krb5_asn.h
-$! exheader_store := store.h, str_compat.h
-$ exheader_store := store.h
-$ exheader_cms := cms.h
-$ exheader_pqueue := pqueue.h
-$ exheader_ts := ts.h
-$ exheader_jpake := jpake.h
-$ libs := ssl_libcrypto
-$!
-$ exe_dir := [-.'archd'.exe.crypto]
-$!
-$! Header files.
-$!
-$ i = 0
-$ loop_sdirs: 
-$   d = f$edit( f$element( i, ",", sdirs), "trim")
-$   i = i + 1
-$   if d .eqs. "," then goto loop_sdirs_end
-$   tmp = exheader_'d'
-$   if (d .nes. "") then d = "."+ d
-$   copy /protection = w:re ['d']'tmp' wrk_sslinclude: /log
-$ goto loop_sdirs
-$ loop_sdirs_end:
-$!
-$! Object libraries, shareable images.
-$!
-$ i = 0
-$ loop_lib: 
-$   e = f$edit( f$element( i, ",", libs), "trim")
-$   i = i + 1
-$   if e .eqs. "," then goto loop_lib_end
-$   set noon
-$   file = exe_dir+ e+ lib32+ ".olb"
-$   if f$search( file) .nes. ""
-$   then
-$     copy /protection = w:re 'file' wrk_sslxlib: /log
-$   endif
-$!
-$   file = exe_dir+ e+ shr+ ".exe"
-$   if f$search( file) .nes. ""
-$   then
-$     copy /protection = w:re 'file' wrk_sslxlib: /log
-$   endif
-$   set on
-$ goto loop_lib
-$ loop_lib_end:
-$!
-$ tidy:
-$!
-$ call deass wrk_sslroot
-$ call deass wrk_sslinclude
-$ call deass wrk_sslxlib
-$!
-$ exit
-$!
-$ deass: subroutine
-$ if (f$trnlnm( p1, "LNM$PROCESS") .nes. "")
-$ then
-$   deassign /process 'p1'
-$ endif
-$ endsubroutine
-$!
diff --git a/src/lib/libcrypto/install.com b/src/lib/libcrypto/install.com
deleted file mode 100644
index ad3e4d48c7..0000000000
--- a/src/lib/libcrypto/install.com
+++ /dev/null
@@ -1,155 +0,0 @@
-$! INSTALL.COM -- Installs the files in a given directory tree
-$!
-$! Author: Richard Levitte <richard@levitte.org>
-$! Time of creation: 22-MAY-1998 10:13
-$!
-$! Changes by Zoltan Arpadffy <zoli@polarhome.com>
-$!
-$! P1   root of the directory tree
-$!
-$       IF P1 .EQS. ""
-$       THEN
-$           WRITE SYS$OUTPUT "First argument missing."
-$           WRITE SYS$OUTPUT -
-                  "It should be the directory where you want things installed."
-$           EXIT
-$       ENDIF
-$
-$       IF (F$GETSYI("CPU").LT.128)
-$       THEN
-$           ARCH := VAX
-$       ELSE
-$           ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
-$           IF (ARCH .EQS. "") THEN ARCH = "UNK"
-$       ENDIF
-$
-$       ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
-$       ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
-$       ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
-                   - "[000000." - "][" - "[" - "]"
-$       ROOT = ROOT_DEV + "[" + ROOT_DIR
-$
-$       DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
-$       DEFINE/NOLOG WRK_SSLLIB WRK_SSLROOT:['ARCH'_LIB]
-$       DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE]
-$
-$       IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
-           CREATE/DIR/LOG WRK_SSLROOT:[000000]
-$       IF F$PARSE("WRK_SSLLIB:") .EQS. "" THEN -
-           CREATE/DIR/LOG WRK_SSLLIB:
-$       IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN -
-           CREATE/DIR/LOG WRK_SSLINCLUDE:
-$
-$       SDIRS := ,-
-                 _'ARCH',-
-                 OBJECTS,-
-                 MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,WHRLPOOL,-
-                 DES,AES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,-
-                 BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,-
-                 BUFFER,BIO,STACK,LHASH,RAND,ERR,-
-                 EVP,ASN1,PEM,X509,X509V3,CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,-
-                 UI,KRB5,-
-                 STORE,CMS,PQUEUE,TS,JPAKE
-$       EXHEADER_ := crypto.h,opensslv.h,ebcdic.h,symhacks.h,ossl_typ.h
-$       EXHEADER__'ARCH' := opensslconf.h
-$       EXHEADER_OBJECTS := objects.h,obj_mac.h
-$       EXHEADER_MD2 := md2.h
-$       EXHEADER_MD4 := md4.h
-$       EXHEADER_MD5 := md5.h
-$       EXHEADER_SHA := sha.h
-$       EXHEADER_MDC2 := mdc2.h
-$       EXHEADER_HMAC := hmac.h
-$       EXHEADER_RIPEMD := ripemd.h
-$       EXHEADER_WHRLPOOL := whrlpool.h
-$       EXHEADER_DES := des.h,des_old.h
-$       EXHEADER_AES := aes.h
-$       EXHEADER_RC2 := rc2.h
-$       EXHEADER_RC4 := rc4.h
-$       EXHEADER_RC5 := rc5.h
-$       EXHEADER_IDEA := idea.h
-$       EXHEADER_BF := blowfish.h
-$       EXHEADER_CAST := cast.h
-$       EXHEADER_CAMELLIA := camellia.h
-$       EXHEADER_SEED := seed.h
-$       EXHEADER_MODES := modes.h
-$       EXHEADER_BN := bn.h
-$       EXHEADER_EC := ec.h
-$       EXHEADER_RSA := rsa.h
-$       EXHEADER_DSA := dsa.h
-$       EXHEADER_ECDSA := ecdsa.h
-$       EXHEADER_DH := dh.h
-$       EXHEADER_ECDH := ecdh.h
-$       EXHEADER_DSO := dso.h
-$       EXHEADER_ENGINE := engine.h
-$       EXHEADER_BUFFER := buffer.h
-$       EXHEADER_BIO := bio.h
-$       EXHEADER_STACK := stack.h,safestack.h
-$       EXHEADER_LHASH := lhash.h
-$       EXHEADER_RAND := rand.h
-$       EXHEADER_ERR := err.h
-$       EXHEADER_EVP := evp.h
-$       EXHEADER_ASN1 := asn1.h,asn1_mac.h,asn1t.h
-$       EXHEADER_PEM := pem.h,pem2.h
-$       EXHEADER_X509 := x509.h,x509_vfy.h
-$       EXHEADER_X509V3 := x509v3.h
-$       EXHEADER_CONF := conf.h,conf_api.h
-$       EXHEADER_TXT_DB := txt_db.h
-$       EXHEADER_PKCS7 := pkcs7.h
-$       EXHEADER_PKCS12 := pkcs12.h
-$       EXHEADER_COMP := comp.h
-$       EXHEADER_OCSP := ocsp.h
-$       EXHEADER_UI := ui.h,ui_compat.h
-$       EXHEADER_KRB5 := krb5_asn.h
-$!      EXHEADER_STORE := store.h,str_compat.h
-$       EXHEADER_STORE := store.h
-$       EXHEADER_CMS := cms.h
-$       EXHEADER_PQUEUE := pqueue.h
-$       EXHEADER_TS := ts.h
-$       EXHEADER_JPAKE := jpake.h
-$       LIBS := LIBCRYPTO
-$
-$       EXE_DIR := [-.'ARCH'.EXE.CRYPTO]
-$
-$       I = 0
-$ LOOP_SDIRS: 
-$       D = F$EDIT(F$ELEMENT(I, ",", SDIRS),"TRIM")
-$       I = I + 1
-$       IF D .EQS. "," THEN GOTO LOOP_SDIRS_END
-$       tmp = EXHEADER_'D'
-$       IF D .EQS. ""
-$       THEN
-$         COPY 'tmp' WRK_SSLINCLUDE: /LOG
-$       ELSE
-$         IF D .EQS. "_''ARCH'"
-$         THEN
-$           COPY [-.'ARCH'.CRYPTO]'tmp' WRK_SSLINCLUDE: /LOG
-$         ELSE
-$           COPY [.'D']'tmp' WRK_SSLINCLUDE: /LOG
-$         ENDIF
-$       ENDIF
-$       SET FILE/PROT=WORLD:RE WRK_SSLINCLUDE:'tmp'
-$       GOTO LOOP_SDIRS
-$ LOOP_SDIRS_END:
-$
-$       I = 0
-$ LOOP_LIB: 
-$       E = F$EDIT(F$ELEMENT(I, ",", LIBS),"TRIM")
-$       I = I + 1
-$       IF E .EQS. "," THEN GOTO LOOP_LIB_END
-$       SET NOON
-$       IF F$SEARCH(EXE_DIR+E+".OLB") .NES. ""
-$       THEN
-$         COPY 'EXE_DIR''E'.OLB WRK_SSLLIB:'E'.OLB/log
-$         SET FILE/PROT=W:RE WRK_SSLLIB:'E'.OLB
-$       ENDIF
-$       ! Preparing for the time when we have shareable images
-$       IF F$SEARCH(EXE_DIR+E+".EXE") .NES. ""
-$       THEN
-$         COPY 'EXE_DIR''E'.EXE WRK_SSLLIB:'E'.EXE/log
-$         SET FILE/PROT=W:RE WRK_SSLLIB:'E'.EXE
-$       ENDIF
-$       SET ON
-$       GOTO LOOP_LIB
-$ LOOP_LIB_END:
-$
-$       EXIT
diff --git a/src/lib/libcrypto/md4/md4_dgst.c b/src/lib/libcrypto/md4/md4_dgst.c
index 82c2cb2d98..b5b165b052 100644
--- a/src/lib/libcrypto/md4/md4_dgst.c
+++ b/src/lib/libcrypto/md4/md4_dgst.c
@@ -106,22 +106,23 @@ void md4_block_data_order (MD4_CTX *c, const void *data_, size_t num)
 
         for (;num--;)
                 {
-        HOST_c2l(data,l); X( 0)=l;              HOST_c2l(data,l); X( 1)=l;
+        (void)HOST_c2l(data,l); X( 0)=l;
+        (void)HOST_c2l(data,l); X( 1)=l;
         /* Round 0 */
-        R0(A,B,C,D,X( 0), 3,0); HOST_c2l(data,l); X( 2)=l;
-        R0(D,A,B,C,X( 1), 7,0); HOST_c2l(data,l); X( 3)=l;
-        R0(C,D,A,B,X( 2),11,0); HOST_c2l(data,l); X( 4)=l;
-        R0(B,C,D,A,X( 3),19,0); HOST_c2l(data,l); X( 5)=l;
-        R0(A,B,C,D,X( 4), 3,0); HOST_c2l(data,l); X( 6)=l;
-        R0(D,A,B,C,X( 5), 7,0); HOST_c2l(data,l); X( 7)=l;
-        R0(C,D,A,B,X( 6),11,0); HOST_c2l(data,l); X( 8)=l;
-        R0(B,C,D,A,X( 7),19,0); HOST_c2l(data,l); X( 9)=l;
-        R0(A,B,C,D,X( 8), 3,0); HOST_c2l(data,l); X(10)=l;
-        R0(D,A,B,C,X( 9), 7,0); HOST_c2l(data,l); X(11)=l;
-        R0(C,D,A,B,X(10),11,0); HOST_c2l(data,l); X(12)=l;
-        R0(B,C,D,A,X(11),19,0); HOST_c2l(data,l); X(13)=l;
-        R0(A,B,C,D,X(12), 3,0); HOST_c2l(data,l); X(14)=l;
-        R0(D,A,B,C,X(13), 7,0); HOST_c2l(data,l); X(15)=l;
+        R0(A,B,C,D,X( 0), 3,0); (void)HOST_c2l(data,l); X( 2)=l;
+        R0(D,A,B,C,X( 1), 7,0); (void)HOST_c2l(data,l); X( 3)=l;
+        R0(C,D,A,B,X( 2),11,0); (void)HOST_c2l(data,l); X( 4)=l;
+        R0(B,C,D,A,X( 3),19,0); (void)HOST_c2l(data,l); X( 5)=l;
+        R0(A,B,C,D,X( 4), 3,0); (void)HOST_c2l(data,l); X( 6)=l;
+        R0(D,A,B,C,X( 5), 7,0); (void)HOST_c2l(data,l); X( 7)=l;
+        R0(C,D,A,B,X( 6),11,0); (void)HOST_c2l(data,l); X( 8)=l;
+        R0(B,C,D,A,X( 7),19,0); (void)HOST_c2l(data,l); X( 9)=l;
+        R0(A,B,C,D,X( 8), 3,0); (void)HOST_c2l(data,l); X(10)=l;
+        R0(D,A,B,C,X( 9), 7,0); (void)HOST_c2l(data,l); X(11)=l;
+        R0(C,D,A,B,X(10),11,0); (void)HOST_c2l(data,l); X(12)=l;
+        R0(B,C,D,A,X(11),19,0); (void)HOST_c2l(data,l); X(13)=l;
+        R0(A,B,C,D,X(12), 3,0); (void)HOST_c2l(data,l); X(14)=l;
+        R0(D,A,B,C,X(13), 7,0); (void)HOST_c2l(data,l); X(15)=l;
         R0(C,D,A,B,X(14),11,0);
         R0(B,C,D,A,X(15),19,0);
         /* Round 1 */
diff --git a/src/lib/libcrypto/md4/md4_locl.h b/src/lib/libcrypto/md4/md4_locl.h
index c8085b0ead..99c3e5004c 100644
--- a/src/lib/libcrypto/md4/md4_locl.h
+++ b/src/lib/libcrypto/md4/md4_locl.h
@@ -77,10 +77,10 @@ void md4_block_data_order (MD4_CTX *c, const void *p,size_t num);
 #define HASH_FINAL              MD4_Final
 #define HASH_MAKE_STRING(c,s)   do {    \
         unsigned long ll;               \
-        ll=(c)->A; HOST_l2c(ll,(s));    \
-        ll=(c)->B; HOST_l2c(ll,(s));    \
-        ll=(c)->C; HOST_l2c(ll,(s));    \
-        ll=(c)->D; HOST_l2c(ll,(s));    \
+        ll=(c)->A; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->B; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->C; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->D; (void)HOST_l2c(ll,(s));      \
         } while (0)
 #define HASH_BLOCK_DATA_ORDER   md4_block_data_order
 
diff --git a/src/lib/libcrypto/md5/md5_locl.h b/src/lib/libcrypto/md5/md5_locl.h
index 968d577995..74d63d1f9c 100644
--- a/src/lib/libcrypto/md5/md5_locl.h
+++ b/src/lib/libcrypto/md5/md5_locl.h
@@ -86,10 +86,10 @@ void md5_block_data_order (MD5_CTX *c, const void *p,size_t num);
 #define HASH_FINAL              MD5_Final
 #define HASH_MAKE_STRING(c,s)   do {    \
         unsigned long ll;               \
-        ll=(c)->A; HOST_l2c(ll,(s));    \
-        ll=(c)->B; HOST_l2c(ll,(s));    \
-        ll=(c)->C; HOST_l2c(ll,(s));    \
-        ll=(c)->D; HOST_l2c(ll,(s));    \
+        ll=(c)->A; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->B; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->C; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->D; (void)HOST_l2c(ll,(s));      \
         } while (0)
 #define HASH_BLOCK_DATA_ORDER   md5_block_data_order
 
diff --git a/src/lib/libcrypto/mdc2/mdc2dgst.c b/src/lib/libcrypto/mdc2/mdc2dgst.c
index b74bb1a759..d66ed6a1c6 100644
--- a/src/lib/libcrypto/mdc2/mdc2dgst.c
+++ b/src/lib/libcrypto/mdc2/mdc2dgst.c
@@ -59,9 +59,9 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <openssl/crypto.h>
 #include <openssl/des.h>
 #include <openssl/mdc2.h>
-#include <openssl/crypto.h>
 
 #undef c2l
 #define c2l(c,l)        (l =((DES_LONG)(*((c)++)))    , \
diff --git a/src/lib/libcrypto/mem.c b/src/lib/libcrypto/mem.c
index 24ccf729ca..55e829dc92 100644
--- a/src/lib/libcrypto/mem.c
+++ b/src/lib/libcrypto/mem.c
@@ -121,10 +121,10 @@ static void (*set_debug_options_func)(long) = NULL;
 static long (*get_debug_options_func)(void) = NULL;
 #endif
 
-
 int CRYPTO_set_mem_functions(void *(*m)(size_t), void *(*r)(void *, size_t),
         void (*f)(void *))
         {
+        /* Dummy call just to ensure OPENSSL_init() gets linked in */
         OPENSSL_init();
         if (!allow_customize)
                 return 0;
diff --git a/src/lib/libcrypto/modes/Makefile b/src/lib/libcrypto/modes/Makefile
index 3d8bafd571..c825b12f25 100644
--- a/src/lib/libcrypto/modes/Makefile
+++ b/src/lib/libcrypto/modes/Makefile
@@ -53,10 +53,7 @@ ghash-x86_64.s:	asm/ghash-x86_64.pl
 ghash-sparcv9.s:        asm/ghash-sparcv9.pl
         $(PERL) asm/ghash-sparcv9.pl $@ $(CFLAGS)
 ghash-alpha.s:  asm/ghash-alpha.pl
-        (preproc=/tmp/$$$$.$@; trap "rm $$preproc" INT; \
-        $(PERL) asm/ghash-alpha.pl > $$preproc && \
-        $(CC) -E $$preproc > $@ && rm $$preproc)
-
+        $(PERL) $< | $(CC) -E - | tee $@ > /dev/null
 ghash-parisc.s: asm/ghash-parisc.pl
         $(PERL) asm/ghash-parisc.pl $(PERLASM_SCHEME) $@
 
diff --git a/src/lib/libcrypto/objects/o_names.c b/src/lib/libcrypto/objects/o_names.c
index 84380a96a9..4a548c2ed4 100644
--- a/src/lib/libcrypto/objects/o_names.c
+++ b/src/lib/libcrypto/objects/o_names.c
@@ -73,7 +73,7 @@ int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),
                 name_funcs_stack=sk_NAME_FUNCS_new_null();
                 MemCheck_on();
                 }
-        if ((name_funcs_stack == NULL))
+        if (name_funcs_stack == NULL)
                 {
                 /* ERROR */
                 return(0);
diff --git a/src/lib/libcrypto/ocsp/ocsp_vfy.c b/src/lib/libcrypto/ocsp/ocsp_vfy.c
index 91a45c9133..276718304d 100644
--- a/src/lib/libcrypto/ocsp/ocsp_vfy.c
+++ b/src/lib/libcrypto/ocsp/ocsp_vfy.c
@@ -111,6 +111,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
                         init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs);
                 if(!init_res)
                         {
+                        ret = -1;
                         OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB);
                         goto end;
                         }
diff --git a/src/lib/libcrypto/opensslv.h b/src/lib/libcrypto/opensslv.h
index 71be3590af..ebe7180723 100644
--- a/src/lib/libcrypto/opensslv.h
+++ b/src/lib/libcrypto/opensslv.h
@@ -25,11 +25,11 @@
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-#define OPENSSL_VERSION_NUMBER  0x1000103fL
+#define OPENSSL_VERSION_NUMBER  0x1000107fL
 #ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.1c-fips 10 May 2012"
+#define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.1g-fips 7 Apr 2014"
 #else
-#define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.1c 10 May 2012"
+#define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.1g 7 Apr 2014"
 #endif
 #define OPENSSL_VERSION_PTEXT   " part of " OPENSSL_VERSION_TEXT
 
diff --git a/src/lib/libcrypto/pem/pem_all.c b/src/lib/libcrypto/pem/pem_all.c
index 3e7a6093ad..eac0460e3e 100644
--- a/src/lib/libcrypto/pem/pem_all.c
+++ b/src/lib/libcrypto/pem/pem_all.c
@@ -193,7 +193,61 @@ RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb,
 
 #endif
 
+#ifdef OPENSSL_FIPS
+
+int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+        if (FIPS_mode())
+                {
+                EVP_PKEY *k;
+                int ret;
+                k = EVP_PKEY_new();
+                if (!k)
+                        return 0;
+                EVP_PKEY_set1_RSA(k, x);
+
+                ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
+                EVP_PKEY_free(k);
+                return ret;
+                }
+        else
+                return PEM_ASN1_write_bio((i2d_of_void *)i2d_RSAPrivateKey,
+                                        PEM_STRING_RSA,bp,x,enc,kstr,klen,cb,u);
+}
+
+#ifndef OPENSSL_NO_FP_API
+int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+        if (FIPS_mode())
+                {
+                EVP_PKEY *k;
+                int ret;
+                k = EVP_PKEY_new();
+                if (!k)
+                        return 0;
+
+                EVP_PKEY_set1_RSA(k, x);
+
+                ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
+                EVP_PKEY_free(k);
+                return ret;
+                }
+        else
+                return PEM_ASN1_write((i2d_of_void *)i2d_RSAPrivateKey,
+                                        PEM_STRING_RSA,fp,x,enc,kstr,klen,cb,u);
+}
+#endif
+
+#else
+
 IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)
+
+#endif
+
 IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)
 IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)
 
@@ -223,7 +277,59 @@ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb,
         return pkey_get_dsa(pktmp, dsa);        /* will free pktmp */
 }
 
+#ifdef OPENSSL_FIPS
+
+int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+        if (FIPS_mode())
+                {
+                EVP_PKEY *k;
+                int ret;
+                k = EVP_PKEY_new();
+                if (!k)
+                        return 0;
+                EVP_PKEY_set1_DSA(k, x);
+
+                ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
+                EVP_PKEY_free(k);
+                return ret;
+                }
+        else
+                return PEM_ASN1_write_bio((i2d_of_void *)i2d_DSAPrivateKey,
+                                        PEM_STRING_DSA,bp,x,enc,kstr,klen,cb,u);
+}
+
+#ifndef OPENSSL_NO_FP_API
+int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+        if (FIPS_mode())
+                {
+                EVP_PKEY *k;
+                int ret;
+                k = EVP_PKEY_new();
+                if (!k)
+                        return 0;
+                EVP_PKEY_set1_DSA(k, x);
+                ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
+                EVP_PKEY_free(k);
+                return ret;
+                }
+        else
+                return PEM_ASN1_write((i2d_of_void *)i2d_DSAPrivateKey,
+                                        PEM_STRING_DSA,fp,x,enc,kstr,klen,cb,u);
+}
+#endif
+
+#else
+
 IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)
+
+#endif
+
 IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)
 
 #ifndef OPENSSL_NO_FP_API
@@ -269,8 +375,63 @@ EC_KEY *PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb,
 
 IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, ECPKParameters)
 
+
+
+#ifdef OPENSSL_FIPS
+
+int PEM_write_bio_ECPrivateKey(BIO *bp, EC_KEY *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+        if (FIPS_mode())
+                {
+                EVP_PKEY *k;
+                int ret;
+                k = EVP_PKEY_new();
+                if (!k)
+                        return 0;
+                EVP_PKEY_set1_EC_KEY(k, x);
+
+                ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
+                EVP_PKEY_free(k);
+                return ret;
+                }
+        else
+                return PEM_ASN1_write_bio((i2d_of_void *)i2d_ECPrivateKey,
+                                                PEM_STRING_ECPRIVATEKEY,
+                                                bp,x,enc,kstr,klen,cb,u);
+}
+
+#ifndef OPENSSL_NO_FP_API
+int PEM_write_ECPrivateKey(FILE *fp, EC_KEY *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+        if (FIPS_mode())
+                {
+                EVP_PKEY *k;
+                int ret;
+                k = EVP_PKEY_new();
+                if (!k)
+                        return 0;
+                EVP_PKEY_set1_EC_KEY(k, x);
+                ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
+                EVP_PKEY_free(k);
+                return ret;
+                }
+        else
+                return PEM_ASN1_write((i2d_of_void *)i2d_ECPrivateKey,
+                                                PEM_STRING_ECPRIVATEKEY,
+                                                fp,x,enc,kstr,klen,cb,u);
+}
+#endif
+
+#else
+
 IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ECPrivateKey)
 
+#endif
+
 IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY)
 
 #ifndef OPENSSL_NO_FP_API
diff --git a/src/lib/libcrypto/pem/pem_info.c b/src/lib/libcrypto/pem/pem_info.c
index 1b2be527ed..cc7f24a9c1 100644
--- a/src/lib/libcrypto/pem/pem_info.c
+++ b/src/lib/libcrypto/pem/pem_info.c
@@ -167,6 +167,7 @@ start:
 #ifndef OPENSSL_NO_RSA
                         if (strcmp(name,PEM_STRING_RSA) == 0)
                         {
+                        d2i=(D2I_OF(void))d2i_RSAPrivateKey;
                         if (xi->x_pkey != NULL) 
                                 {
                                 if (!sk_X509_INFO_push(ret,xi)) goto err;
diff --git a/src/lib/libcrypto/pem/pem_lib.c b/src/lib/libcrypto/pem/pem_lib.c
index cfc89a9921..5a421fc4b6 100644
--- a/src/lib/libcrypto/pem/pem_lib.c
+++ b/src/lib/libcrypto/pem/pem_lib.c
@@ -394,7 +394,8 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
                         goto err;
                 /* The 'iv' is used as the iv and as a salt.  It is
                  * NOT taken from the BytesToKey function */
-                EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);
+                if (!EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL))
+                        goto err;
 
                 if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE);
 
@@ -406,12 +407,15 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
                 /* k=strlen(buf); */
 
                 EVP_CIPHER_CTX_init(&ctx);
-                EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv);
-                EVP_EncryptUpdate(&ctx,data,&j,data,i);
-                EVP_EncryptFinal_ex(&ctx,&(data[j]),&i);
+                ret = 1;
+                if (!EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv)
+                        || !EVP_EncryptUpdate(&ctx,data,&j,data,i)
+                        || !EVP_EncryptFinal_ex(&ctx,&(data[j]),&i))
+                        ret = 0;
                 EVP_CIPHER_CTX_cleanup(&ctx);
+                if (ret == 0)
+                        goto err;
                 i+=j;
-                ret=1;
                 }
         else
                 {
@@ -459,14 +463,17 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
         ebcdic2ascii(buf, buf, klen);
 #endif
 
-        EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]),
-                (unsigned char *)buf,klen,1,key,NULL);
+        if (!EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]),
+                (unsigned char *)buf,klen,1,key,NULL))
+                return 0;
 
         j=(int)len;
         EVP_CIPHER_CTX_init(&ctx);
-        EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0]));
-        EVP_DecryptUpdate(&ctx,data,&i,data,j);
-        o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);
+        o = EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0]));
+        if (o)
+                o = EVP_DecryptUpdate(&ctx,data,&i,data,j);
+        if (o)
+                o = EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);
         EVP_CIPHER_CTX_cleanup(&ctx);
         OPENSSL_cleanse((char *)buf,sizeof(buf));
         OPENSSL_cleanse((char *)key,sizeof(key));
diff --git a/src/lib/libcrypto/pem/pem_seal.c b/src/lib/libcrypto/pem/pem_seal.c
index 59690b56ae..b6b4e13498 100644
--- a/src/lib/libcrypto/pem/pem_seal.c
+++ b/src/lib/libcrypto/pem/pem_seal.c
@@ -96,7 +96,8 @@ int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
         EVP_EncodeInit(&ctx->encode);
 
         EVP_MD_CTX_init(&ctx->md);
-        EVP_SignInit(&ctx->md,md_type);
+        if (!EVP_SignInit(&ctx->md,md_type))
+                goto err;
 
         EVP_CIPHER_CTX_init(&ctx->cipher);
         ret=EVP_SealInit(&ctx->cipher,type,ek,ekl,iv,pubk,npubk);
@@ -163,7 +164,8 @@ int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
                 goto err;
                 }
 
-        EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i);
+        if (!EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i))
+                goto err;
         EVP_EncodeUpdate(&ctx->encode,out,&j,s,i);
         *outl=j;
         out+=j;
diff --git a/src/lib/libcrypto/perlasm/cbc.pl b/src/lib/libcrypto/perlasm/cbc.pl
index 6fc2510905..24561e759a 100644
--- a/src/lib/libcrypto/perlasm/cbc.pl
+++ b/src/lib/libcrypto/perlasm/cbc.pl
@@ -150,7 +150,7 @@ sub cbc
 &set_label("PIC_point");
         &blindpop("edx");
         &lea("ecx",&DWP(&label("cbc_enc_jmp_table")."-".&label("PIC_point"),"edx"));
-        &mov($count,&DWP(0,"ecx",$count,4))
+        &mov($count,&DWP(0,"ecx",$count,4));
         &add($count,"edx");
         &xor("ecx","ecx");
         &xor("edx","edx");
diff --git a/src/lib/libcrypto/pkcs12/p12_crt.c b/src/lib/libcrypto/pkcs12/p12_crt.c
index 96b131defa..a34915d02d 100644
--- a/src/lib/libcrypto/pkcs12/p12_crt.c
+++ b/src/lib/libcrypto/pkcs12/p12_crt.c
@@ -90,7 +90,14 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
 
         /* Set defaults */
         if (!nid_cert)
+                {
+#ifdef OPENSSL_FIPS
+                if (FIPS_mode())
+                        nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+                else
+#endif
                 nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
+                }
         if (!nid_key)
                 nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
         if (!iter)
diff --git a/src/lib/libcrypto/pkcs12/p12_key.c b/src/lib/libcrypto/pkcs12/p12_key.c
index c55c7b60b3..61d58502fd 100644
--- a/src/lib/libcrypto/pkcs12/p12_key.c
+++ b/src/lib/libcrypto/pkcs12/p12_key.c
@@ -176,24 +176,32 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
                 out += u;
                 for (j = 0; j < v; j++) B[j] = Ai[j % u];
                 /* Work out B + 1 first then can use B as tmp space */
-                if (!BN_bin2bn (B, v, Bpl1)) goto err;
-                if (!BN_add_word (Bpl1, 1)) goto err;
+                if (!BN_bin2bn (B, v, Bpl1))
+                        goto err;
+                if (!BN_add_word (Bpl1, 1))
+                        goto err;
                 for (j = 0; j < Ilen ; j+=v) {
-                        if (!BN_bin2bn (I + j, v, Ij)) goto err;
-                        if (!BN_add (Ij, Ij, Bpl1)) goto err;
-                        BN_bn2bin (Ij, B);
+                        if (!BN_bin2bn(I + j, v, Ij))
+                                goto err;
+                        if (!BN_add(Ij, Ij, Bpl1))
+                                goto err;
+                        if (!BN_bn2bin(Ij, B))
+                                goto err;
                         Ijlen = BN_num_bytes (Ij);
                         /* If more than 2^(v*8) - 1 cut off MSB */
                         if (Ijlen > v) {
-                                BN_bn2bin (Ij, B);
+                                if (!BN_bn2bin (Ij, B))
+                                        goto err;
                                 memcpy (I + j, B + 1, v);
 #ifndef PKCS12_BROKEN_KEYGEN
                         /* If less than v bytes pad with zeroes */
                         } else if (Ijlen < v) {
                                 memset(I + j, 0, v - Ijlen);
-                                BN_bn2bin(Ij, I + j + v - Ijlen); 
+                                if (!BN_bn2bin(Ij, I + j + v - Ijlen))
+                                        goto err;
 #endif
-                        } else BN_bn2bin (Ij, I + j);
+                        } else if (!BN_bn2bin (Ij, I + j))
+                                goto err;
                 }
         }
 
diff --git a/src/lib/libcrypto/rand/md_rand.c b/src/lib/libcrypto/rand/md_rand.c
index fcdd3f2a84..aee1c30b0a 100644
--- a/src/lib/libcrypto/rand/md_rand.c
+++ b/src/lib/libcrypto/rand/md_rand.c
@@ -123,10 +123,10 @@
 
 #include "e_os.h"
 
+#include <openssl/crypto.h>
 #include <openssl/rand.h>
 #include "rand_lcl.h"
 
-#include <openssl/crypto.h>
 #include <openssl/err.h>
 
 #ifdef BN_DEBUG
@@ -198,6 +198,9 @@ static void ssleay_rand_add(const void *buf, int num, double add)
         EVP_MD_CTX m;
         int do_not_lock;
 
+        if (!num)
+                return;
+
         /*
          * (Based on the rand(3) manpage)
          *
@@ -380,8 +383,11 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
          * are fed into the hash function and the results are kept in the
          * global 'md'.
          */
-
-        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+#ifdef OPENSSL_FIPS
+        /* NB: in FIPS mode we are already under a lock */
+        if (!FIPS_mode())
+#endif
+                CRYPTO_w_lock(CRYPTO_LOCK_RAND);
 
         /* prevent ssleay_rand_bytes() from trying to obtain the lock again */
         CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
@@ -460,7 +466,10 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
 
         /* before unlocking, we must clear 'crypto_lock_rand' */
         crypto_lock_rand = 0;
-        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+#ifdef OPENSSL_FIPS
+        if (!FIPS_mode())
+#endif
+                CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
 
         while (num > 0)
                 {
@@ -512,10 +521,16 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
         MD_Init(&m);
         MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
         MD_Update(&m,local_md,MD_DIGEST_LENGTH);
-        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+#ifdef OPENSSL_FIPS
+        if (!FIPS_mode())
+#endif
+                CRYPTO_w_lock(CRYPTO_LOCK_RAND);
         MD_Update(&m,md,MD_DIGEST_LENGTH);
         MD_Final(&m,md);
-        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+#ifdef OPENSSL_FIPS
+        if (!FIPS_mode())
+#endif
+                CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
 
         EVP_MD_CTX_cleanup(&m);
         if (ok)
diff --git a/src/lib/libcrypto/rand/rand.h b/src/lib/libcrypto/rand/rand.h
index dc8fcf94c5..bb5520e80a 100644
--- a/src/lib/libcrypto/rand/rand.h
+++ b/src/lib/libcrypto/rand/rand.h
@@ -138,6 +138,7 @@ void ERR_load_RAND_strings(void);
 #define RAND_F_SSLEAY_RAND_BYTES                         100
 
 /* Reason codes. */
+#define RAND_R_DUAL_EC_DRBG_DISABLED                     104
 #define RAND_R_ERROR_INITIALISING_DRBG                   102
 #define RAND_R_ERROR_INSTANTIATING_DRBG                  103
 #define RAND_R_NO_FIPS_RANDOM_METHOD_SET                 101
diff --git a/src/lib/libcrypto/rand/rand_err.c b/src/lib/libcrypto/rand/rand_err.c
index b8586c8f4a..c4c80fc8cc 100644
--- a/src/lib/libcrypto/rand/rand_err.c
+++ b/src/lib/libcrypto/rand/rand_err.c
@@ -78,6 +78,7 @@ static ERR_STRING_DATA RAND_str_functs[]=
 
 static ERR_STRING_DATA RAND_str_reasons[]=
         {
+{ERR_REASON(RAND_R_DUAL_EC_DRBG_DISABLED),"dual ec drbg disabled"},
 {ERR_REASON(RAND_R_ERROR_INITIALISING_DRBG),"error initialising drbg"},
 {ERR_REASON(RAND_R_ERROR_INSTANTIATING_DRBG),"error instantiating drbg"},
 {ERR_REASON(RAND_R_NO_FIPS_RANDOM_METHOD_SET),"no fips random method set"},
diff --git a/src/lib/libcrypto/rand/rand_lib.c b/src/lib/libcrypto/rand/rand_lib.c
index daf1dab973..5ac0e14caf 100644
--- a/src/lib/libcrypto/rand/rand_lib.c
+++ b/src/lib/libcrypto/rand/rand_lib.c
@@ -210,8 +210,11 @@ static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout,
 
 static void drbg_free_entropy(DRBG_CTX *ctx, unsigned char *out, size_t olen)
         {
-        OPENSSL_cleanse(out, olen);
-        OPENSSL_free(out);
+        if (out)
+                {
+                OPENSSL_cleanse(out, olen);
+                OPENSSL_free(out);
+                }
         }
 
 /* Set "additional input" when generating random data. This uses the
@@ -266,6 +269,14 @@ int RAND_init_fips(void)
         DRBG_CTX *dctx;
         size_t plen;
         unsigned char pers[32], *p;
+#ifndef OPENSSL_ALLOW_DUAL_EC_DRBG
+        if (fips_drbg_type >> 16)
+                {
+                RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_DUAL_EC_DRBG_DISABLED);
+                return 0;
+                }
+#endif
+                
         dctx = FIPS_get_default_drbg();
         if (FIPS_drbg_init(dctx, fips_drbg_type, fips_drbg_flags) <= 0)
                 {
diff --git a/src/lib/libcrypto/rand/rand_win.c b/src/lib/libcrypto/rand/rand_win.c
index 5d134e186b..34ffcd23f9 100644
--- a/src/lib/libcrypto/rand/rand_win.c
+++ b/src/lib/libcrypto/rand/rand_win.c
@@ -750,7 +750,7 @@ static void readscreen(void)
   int           y;              /* y-coordinate of screen lines to grab */
   int           n = 16;         /* number of screen lines to grab at a time */
 
-  if (GetVersion() < 0x80000000 && OPENSSL_isservice()>0)
+  if (check_winnt() && OPENSSL_isservice()>0)
     return;
 
   /* Create a screen DC and a memory DC compatible to screen DC */
diff --git a/src/lib/libcrypto/rand/randfile.c b/src/lib/libcrypto/rand/randfile.c
index 030e07f418..7f1428072d 100644
--- a/src/lib/libcrypto/rand/randfile.c
+++ b/src/lib/libcrypto/rand/randfile.c
@@ -57,7 +57,9 @@
  */
 
 /* We need to define this to get macros like S_IFBLK and S_IFCHR */
+#if !defined(OPENSSL_SYS_VXWORKS)
 #define _XOPEN_SOURCE 500
+#endif
 
 #include <errno.h>
 #include <stdio.h>
diff --git a/src/lib/libcrypto/rc4/asm/rc4-x86_64.pl b/src/lib/libcrypto/rc4/asm/rc4-x86_64.pl
index d6eac205e9..75750dbf33 100755
--- a/src/lib/libcrypto/rc4/asm/rc4-x86_64.pl
+++ b/src/lib/libcrypto/rc4/asm/rc4-x86_64.pl
@@ -112,7 +112,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 
-open STDOUT,"| $^X $xlate $flavour $output";
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
 
 $dat="%rdi";        # arg1
 $len="%rsi";        # arg2
diff --git a/src/lib/libcrypto/rc4/rc4test.c b/src/lib/libcrypto/rc4/rc4test.c
index 633a79e758..4312605ccb 100644
--- a/src/lib/libcrypto/rc4/rc4test.c
+++ b/src/lib/libcrypto/rc4/rc4test.c
@@ -120,6 +120,12 @@ int main(int argc, char *argv[])
         RC4_KEY key;
         unsigned char obuf[512];
 
+#if !defined(OPENSSL_PIC)
+        void OPENSSL_cpuid_setup(void);
+
+        OPENSSL_cpuid_setup();
+#endif
+
         for (i=0; i<6; i++)
                 {
                 RC4_set_key(&key,keys[i][0],&(keys[i][1]));
diff --git a/src/lib/libcrypto/ripemd/rmd_dgst.c b/src/lib/libcrypto/ripemd/rmd_dgst.c
index 9ff1a0705e..d8e72da51b 100644
--- a/src/lib/libcrypto/ripemd/rmd_dgst.c
+++ b/src/lib/libcrypto/ripemd/rmd_dgst.c
@@ -88,7 +88,7 @@ fips_md_init(RIPEMD160)
 void ripemd160_block_data_order (RIPEMD160_CTX *ctx, const void *p, size_t num)
         {
         const unsigned char *data=p;
-        register volatile unsigned MD32_REG_T A,B,C,D,E;
+        register unsigned MD32_REG_T A,B,C,D,E;
         unsigned MD32_REG_T a,b,c,d,e,l;
 #ifndef MD32_XARRAY
         /* See comment in crypto/sha/sha_locl.h for details. */
@@ -105,21 +105,21 @@ void ripemd160_block_data_order (RIPEMD160_CTX *ctx, const void *p, size_t num)
 
         A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E;
 
-        HOST_c2l(data,l); X( 0)=l;      HOST_c2l(data,l); X( 1)=l;
-        RIP1(A,B,C,D,E,WL00,SL00);      HOST_c2l(data,l); X( 2)=l;
-        RIP1(E,A,B,C,D,WL01,SL01);      HOST_c2l(data,l); X( 3)=l;
-        RIP1(D,E,A,B,C,WL02,SL02);      HOST_c2l(data,l); X( 4)=l;
-        RIP1(C,D,E,A,B,WL03,SL03);      HOST_c2l(data,l); X( 5)=l;
-        RIP1(B,C,D,E,A,WL04,SL04);      HOST_c2l(data,l); X( 6)=l;
-        RIP1(A,B,C,D,E,WL05,SL05);      HOST_c2l(data,l); X( 7)=l;
-        RIP1(E,A,B,C,D,WL06,SL06);      HOST_c2l(data,l); X( 8)=l;
-        RIP1(D,E,A,B,C,WL07,SL07);      HOST_c2l(data,l); X( 9)=l;
-        RIP1(C,D,E,A,B,WL08,SL08);      HOST_c2l(data,l); X(10)=l;
-        RIP1(B,C,D,E,A,WL09,SL09);      HOST_c2l(data,l); X(11)=l;
-        RIP1(A,B,C,D,E,WL10,SL10);      HOST_c2l(data,l); X(12)=l;
-        RIP1(E,A,B,C,D,WL11,SL11);      HOST_c2l(data,l); X(13)=l;
-        RIP1(D,E,A,B,C,WL12,SL12);      HOST_c2l(data,l); X(14)=l;
-        RIP1(C,D,E,A,B,WL13,SL13);      HOST_c2l(data,l); X(15)=l;
+        (void)HOST_c2l(data,l); X( 0)=l;(void)HOST_c2l(data,l); X( 1)=l;
+        RIP1(A,B,C,D,E,WL00,SL00);      (void)HOST_c2l(data,l); X( 2)=l;
+        RIP1(E,A,B,C,D,WL01,SL01);      (void)HOST_c2l(data,l); X( 3)=l;
+        RIP1(D,E,A,B,C,WL02,SL02);      (void)HOST_c2l(data,l); X( 4)=l;
+        RIP1(C,D,E,A,B,WL03,SL03);      (void)HOST_c2l(data,l); X( 5)=l;
+        RIP1(B,C,D,E,A,WL04,SL04);      (void)HOST_c2l(data,l); X( 6)=l;
+        RIP1(A,B,C,D,E,WL05,SL05);      (void)HOST_c2l(data,l); X( 7)=l;
+        RIP1(E,A,B,C,D,WL06,SL06);      (void)HOST_c2l(data,l); X( 8)=l;
+        RIP1(D,E,A,B,C,WL07,SL07);      (void)HOST_c2l(data,l); X( 9)=l;
+        RIP1(C,D,E,A,B,WL08,SL08);      (void)HOST_c2l(data,l); X(10)=l;
+        RIP1(B,C,D,E,A,WL09,SL09);      (void)HOST_c2l(data,l); X(11)=l;
+        RIP1(A,B,C,D,E,WL10,SL10);      (void)HOST_c2l(data,l); X(12)=l;
+        RIP1(E,A,B,C,D,WL11,SL11);      (void)HOST_c2l(data,l); X(13)=l;
+        RIP1(D,E,A,B,C,WL12,SL12);      (void)HOST_c2l(data,l); X(14)=l;
+        RIP1(C,D,E,A,B,WL13,SL13);      (void)HOST_c2l(data,l); X(15)=l;
         RIP1(B,C,D,E,A,WL14,SL14);
         RIP1(A,B,C,D,E,WL15,SL15);
 
diff --git a/src/lib/libcrypto/ripemd/rmd_locl.h b/src/lib/libcrypto/ripemd/rmd_locl.h
index f14b346e66..2bd8957d14 100644
--- a/src/lib/libcrypto/ripemd/rmd_locl.h
+++ b/src/lib/libcrypto/ripemd/rmd_locl.h
@@ -88,11 +88,11 @@ void ripemd160_block_data_order (RIPEMD160_CTX *c, const void *p,size_t num);
 #define HASH_FINAL              RIPEMD160_Final
 #define HASH_MAKE_STRING(c,s)   do {    \
         unsigned long ll;               \
-        ll=(c)->A; HOST_l2c(ll,(s));    \
-        ll=(c)->B; HOST_l2c(ll,(s));    \
-        ll=(c)->C; HOST_l2c(ll,(s));    \
-        ll=(c)->D; HOST_l2c(ll,(s));    \
-        ll=(c)->E; HOST_l2c(ll,(s));    \
+        ll=(c)->A; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->B; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->C; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->D; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->E; (void)HOST_l2c(ll,(s));      \
         } while (0)
 #define HASH_BLOCK_DATA_ORDER   ripemd160_block_data_order
 
diff --git a/src/lib/libcrypto/rsa/rsa.h b/src/lib/libcrypto/rsa/rsa.h
index 4814a2fc15..5f269e577a 100644
--- a/src/lib/libcrypto/rsa/rsa.h
+++ b/src/lib/libcrypto/rsa/rsa.h
@@ -280,7 +280,7 @@ struct rsa_st
 
 RSA *   RSA_new(void);
 RSA *   RSA_new_method(ENGINE *engine);
-int     RSA_size(const RSA *);
+int     RSA_size(const RSA *rsa);
 
 /* Deprecated version */
 #ifndef OPENSSL_NO_DEPRECATED
diff --git a/src/lib/libcrypto/rsa/rsa_chk.c b/src/lib/libcrypto/rsa/rsa_chk.c
index 9d848db8c6..cc30e77132 100644
--- a/src/lib/libcrypto/rsa/rsa_chk.c
+++ b/src/lib/libcrypto/rsa/rsa_chk.c
@@ -59,6 +59,12 @@ int RSA_check_key(const RSA *key)
         BN_CTX *ctx;
         int r;
         int ret=1;
+
+        if (!key->p || !key->q || !key->n || !key->e || !key->d)
+                {
+                RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_VALUE_MISSING);
+                return 0;
+                }
         
         i = BN_new();
         j = BN_new();
diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c
index 2e1ddd48d3..88ee2cb557 100644
--- a/src/lib/libcrypto/rsa/rsa_eay.c
+++ b/src/lib/libcrypto/rsa/rsa_eay.c
@@ -847,12 +847,12 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
         if (!BN_mod(r0,pr1,rsa->p,ctx)) goto err;
 
         /* If p < q it is occasionally possible for the correction of
-         * adding 'p' if r0 is negative above to leave the result still
+         * adding 'p' if r0 is negative above to leave the result still
          * negative. This can break the private key operations: the following
          * second correction should *always* correct this rare occurrence.
          * This will *never* happen with OpenSSL generated keys because
-         * they ensure p > q [steve]
-         */
+         * they ensure p > q [steve]
+         */
         if (BN_is_negative(r0))
                 if (!BN_add(r0,r0,rsa->p)) goto err;
         if (!BN_mul(r1,r0,rsa->q,ctx)) goto err;
diff --git a/src/lib/libcrypto/rsa/rsa_oaep.c b/src/lib/libcrypto/rsa/rsa_oaep.c
index e08ac151ff..af4d24a56e 100644
--- a/src/lib/libcrypto/rsa/rsa_oaep.c
+++ b/src/lib/libcrypto/rsa/rsa_oaep.c
@@ -149,7 +149,7 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
         if (!EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL))
                 return -1;
 
-        if (timingsafe_bcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)
+        if (CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)
                 goto decoding_err;
         else
                 {
diff --git a/src/lib/libcrypto/sha/Makefile b/src/lib/libcrypto/sha/Makefile
index 2eb2b7af99..6d191d3936 100644
--- a/src/lib/libcrypto/sha/Makefile
+++ b/src/lib/libcrypto/sha/Makefile
@@ -60,9 +60,7 @@ sha256-armv4.S: asm/sha256-armv4.pl
         $(PERL) $< $(PERLASM_SCHEME) $@
 
 sha1-alpha.s:   asm/sha1-alpha.pl
-        (preproc=/tmp/$$$$.$@; trap "rm $$preproc" INT; \
-        $(PERL) asm/sha1-alpha.pl > $$preproc && \
-        $(CC) -E $$preproc > $@ && rm $$preproc)
+        $(PERL) $< | $(CC) -E - | tee $@ > /dev/null
 
 # Solaris make has to be explicitly told
 sha1-x86_64.s:  asm/sha1-x86_64.pl;     $(PERL) asm/sha1-x86_64.pl $(PERLASM_SCHEME) > $@
diff --git a/src/lib/libcrypto/sha/sha1_one.c b/src/lib/libcrypto/sha/sha1_one.c
index 7c65b60276..c56ec94020 100644
--- a/src/lib/libcrypto/sha/sha1_one.c
+++ b/src/lib/libcrypto/sha/sha1_one.c
@@ -58,8 +58,8 @@
 
 #include <stdio.h>
 #include <string.h>
-#include <openssl/sha.h>
 #include <openssl/crypto.h>
+#include <openssl/sha.h>
 
 #ifndef OPENSSL_NO_SHA1
 unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md)
diff --git a/src/lib/libcrypto/sha/sha1dgst.c b/src/lib/libcrypto/sha/sha1dgst.c
index 81219af088..a98690225f 100644
--- a/src/lib/libcrypto/sha/sha1dgst.c
+++ b/src/lib/libcrypto/sha/sha1dgst.c
@@ -56,8 +56,8 @@
  * [including the GNU Public Licence.]
  */
 
-#include <openssl/opensslconf.h>
 #include <openssl/crypto.h>
+#include <openssl/opensslconf.h>
 #if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA)
 
 #undef  SHA_0
diff --git a/src/lib/libcrypto/sha/sha_dgst.c b/src/lib/libcrypto/sha/sha_dgst.c
index c946ad827d..fb63b17ff2 100644
--- a/src/lib/libcrypto/sha/sha_dgst.c
+++ b/src/lib/libcrypto/sha/sha_dgst.c
@@ -56,8 +56,8 @@
  * [including the GNU Public Licence.]
  */
 
-#include <openssl/opensslconf.h>
 #include <openssl/crypto.h>
+#include <openssl/opensslconf.h>
 #if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA)
 
 #undef  SHA_1
diff --git a/src/lib/libcrypto/sha/sha_locl.h b/src/lib/libcrypto/sha/sha_locl.h
index 7a0c3ca8d8..d673255f78 100644
--- a/src/lib/libcrypto/sha/sha_locl.h
+++ b/src/lib/libcrypto/sha/sha_locl.h
@@ -69,11 +69,11 @@
 #define HASH_CBLOCK             SHA_CBLOCK
 #define HASH_MAKE_STRING(c,s)   do {    \
         unsigned long ll;               \
-        ll=(c)->h0; HOST_l2c(ll,(s));   \
-        ll=(c)->h1; HOST_l2c(ll,(s));   \
-        ll=(c)->h2; HOST_l2c(ll,(s));   \
-        ll=(c)->h3; HOST_l2c(ll,(s));   \
-        ll=(c)->h4; HOST_l2c(ll,(s));   \
+        ll=(c)->h0; (void)HOST_l2c(ll,(s));     \
+        ll=(c)->h1; (void)HOST_l2c(ll,(s));     \
+        ll=(c)->h2; (void)HOST_l2c(ll,(s));     \
+        ll=(c)->h3; (void)HOST_l2c(ll,(s));     \
+        ll=(c)->h4; (void)HOST_l2c(ll,(s));     \
         } while (0)
 
 #if defined(SHA_0)
@@ -256,21 +256,21 @@ static void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num)
                 }
         else
                 {
-                HOST_c2l(data,l); X( 0)=l;              HOST_c2l(data,l); X( 1)=l;
-                BODY_00_15( 0,A,B,C,D,E,T,X( 0));       HOST_c2l(data,l); X( 2)=l;
-                BODY_00_15( 1,T,A,B,C,D,E,X( 1));       HOST_c2l(data,l); X( 3)=l;
-                BODY_00_15( 2,E,T,A,B,C,D,X( 2));       HOST_c2l(data,l); X( 4)=l;
-                BODY_00_15( 3,D,E,T,A,B,C,X( 3));       HOST_c2l(data,l); X( 5)=l;
-                BODY_00_15( 4,C,D,E,T,A,B,X( 4));       HOST_c2l(data,l); X( 6)=l;
-                BODY_00_15( 5,B,C,D,E,T,A,X( 5));       HOST_c2l(data,l); X( 7)=l;
-                BODY_00_15( 6,A,B,C,D,E,T,X( 6));       HOST_c2l(data,l); X( 8)=l;
-                BODY_00_15( 7,T,A,B,C,D,E,X( 7));       HOST_c2l(data,l); X( 9)=l;
-                BODY_00_15( 8,E,T,A,B,C,D,X( 8));       HOST_c2l(data,l); X(10)=l;
-                BODY_00_15( 9,D,E,T,A,B,C,X( 9));       HOST_c2l(data,l); X(11)=l;
-                BODY_00_15(10,C,D,E,T,A,B,X(10));       HOST_c2l(data,l); X(12)=l;
-                BODY_00_15(11,B,C,D,E,T,A,X(11));       HOST_c2l(data,l); X(13)=l;
-                BODY_00_15(12,A,B,C,D,E,T,X(12));       HOST_c2l(data,l); X(14)=l;
-                BODY_00_15(13,T,A,B,C,D,E,X(13));       HOST_c2l(data,l); X(15)=l;
+                (void)HOST_c2l(data,l); X( 0)=l;        (void)HOST_c2l(data,l); X( 1)=l;
+                BODY_00_15( 0,A,B,C,D,E,T,X( 0));       (void)HOST_c2l(data,l); X( 2)=l;
+                BODY_00_15( 1,T,A,B,C,D,E,X( 1));       (void)HOST_c2l(data,l); X( 3)=l;
+                BODY_00_15( 2,E,T,A,B,C,D,X( 2));       (void)HOST_c2l(data,l); X( 4)=l;
+                BODY_00_15( 3,D,E,T,A,B,C,X( 3));       (void)HOST_c2l(data,l); X( 5)=l;
+                BODY_00_15( 4,C,D,E,T,A,B,X( 4));       (void)HOST_c2l(data,l); X( 6)=l;
+                BODY_00_15( 5,B,C,D,E,T,A,X( 5));       (void)HOST_c2l(data,l); X( 7)=l;
+                BODY_00_15( 6,A,B,C,D,E,T,X( 6));       (void)HOST_c2l(data,l); X( 8)=l;
+                BODY_00_15( 7,T,A,B,C,D,E,X( 7));       (void)HOST_c2l(data,l); X( 9)=l;
+                BODY_00_15( 8,E,T,A,B,C,D,X( 8));       (void)HOST_c2l(data,l); X(10)=l;
+                BODY_00_15( 9,D,E,T,A,B,C,X( 9));       (void)HOST_c2l(data,l); X(11)=l;
+                BODY_00_15(10,C,D,E,T,A,B,X(10));       (void)HOST_c2l(data,l); X(12)=l;
+                BODY_00_15(11,B,C,D,E,T,A,X(11));       (void)HOST_c2l(data,l); X(13)=l;
+                BODY_00_15(12,A,B,C,D,E,T,X(12));       (void)HOST_c2l(data,l); X(14)=l;
+                BODY_00_15(13,T,A,B,C,D,E,X(13));       (void)HOST_c2l(data,l); X(15)=l;
                 BODY_00_15(14,E,T,A,B,C,D,X(14));
                 BODY_00_15(15,D,E,T,A,B,C,X(15));
                 }
diff --git a/src/lib/libcrypto/symhacks.h b/src/lib/libcrypto/symhacks.h
index 403f592dcd..bd2f000d59 100644
--- a/src/lib/libcrypto/symhacks.h
+++ b/src/lib/libcrypto/symhacks.h
@@ -193,17 +193,23 @@
 #undef SSL_CTX_set_srp_username_callback
 #define SSL_CTX_set_srp_username_callback       SSL_CTX_set_srp_un_cb
 #undef ssl_add_clienthello_use_srtp_ext
-#define ssl_add_clienthello_use_srtp_ext ssl_add_clihello_use_srtp_ext
+#define ssl_add_clienthello_use_srtp_ext        ssl_add_clihello_use_srtp_ext
 #undef ssl_add_serverhello_use_srtp_ext
-#define ssl_add_serverhello_use_srtp_ext ssl_add_serhello_use_srtp_ext
+#define ssl_add_serverhello_use_srtp_ext        ssl_add_serhello_use_srtp_ext
 #undef ssl_parse_clienthello_use_srtp_ext
-#define ssl_parse_clienthello_use_srtp_ext ssl_parse_clihello_use_srtp_ext
+#define ssl_parse_clienthello_use_srtp_ext      ssl_parse_clihello_use_srtp_ext
 #undef ssl_parse_serverhello_use_srtp_ext
-#define ssl_parse_serverhello_use_srtp_ext ssl_parse_serhello_use_srtp_ext
+#define ssl_parse_serverhello_use_srtp_ext      ssl_parse_serhello_use_srtp_ext
 #undef SSL_CTX_set_next_protos_advertised_cb
-#define SSL_CTX_set_next_protos_advertised_cb SSL_CTX_set_next_protos_adv_cb
+#define SSL_CTX_set_next_protos_advertised_cb   SSL_CTX_set_next_protos_adv_cb
 #undef SSL_CTX_set_next_proto_select_cb
-#define SSL_CTX_set_next_proto_select_cb SSL_CTX_set_next_proto_sel_cb
+#define SSL_CTX_set_next_proto_select_cb        SSL_CTX_set_next_proto_sel_cb
+#undef ssl3_cbc_record_digest_supported
+#define ssl3_cbc_record_digest_supported        ssl3_cbc_record_digest_support
+#undef ssl_check_clienthello_tlsext_late
+#define ssl_check_clienthello_tlsext_late       ssl_check_clihello_tlsext_late
+#undef ssl_check_clienthello_tlsext_early
+#define ssl_check_clienthello_tlsext_early      ssl_check_clihello_tlsext_early
 
 /* Hack some long ENGINE names */
 #undef ENGINE_get_default_BN_mod_exp_crt
@@ -316,8 +322,6 @@
 #define ec_GFp_simple_point_set_to_infinity     ec_GFp_simple_pt_set_to_inf
 #undef ec_GFp_simple_points_make_affine
 #define ec_GFp_simple_points_make_affine        ec_GFp_simple_pts_make_affine
-#undef ec_GFp_simple_group_get_curve_GFp
-#define ec_GFp_simple_group_get_curve_GFp       ec_GFp_simple_grp_get_curve_GFp
 #undef ec_GFp_simple_set_Jprojective_coordinates_GFp
 #define ec_GFp_simple_set_Jprojective_coordinates_GFp \
                                                 ec_GFp_smp_set_Jproj_coords_GFp
diff --git a/src/lib/libcrypto/threads/pthreads-vms.com b/src/lib/libcrypto/threads/pthreads-vms.com
deleted file mode 100644
index 1cf92bdf57..0000000000
--- a/src/lib/libcrypto/threads/pthreads-vms.com
+++ /dev/null
@@ -1,14 +0,0 @@
-$! To compile mttest on VMS.
-$!
-$! WARNING: only tested with DEC C so far.
-$
-$ if (f$getsyi("cpu").lt.128)
-$ then
-$     arch := VAX
-$ else
-$     arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$     if (arch .eqs. "") then arch = "UNK"
-$ endif
-$ define/user openssl [--.include.openssl]
-$ cc/def=PTHREADS mttest.c
-$ link mttest,[--.'arch'.exe.ssl]libssl/lib,[--.'arch'.exe.crypto]libcrypto/lib
diff --git a/src/lib/libcrypto/ui/ui_openssl.c b/src/lib/libcrypto/ui/ui_openssl.c
index e319faa47b..a38c7581e6 100644
--- a/src/lib/libcrypto/ui/ui_openssl.c
+++ b/src/lib/libcrypto/ui/ui_openssl.c
@@ -122,9 +122,15 @@
  * sigaction and fileno included. -pedantic would be more appropriate for
  * the intended purposes, but we can't prevent users from adding -ansi.
  */
+#if defined(OPENSSL_SYSNAME_VXWORKS)
+#include <sys/types.h>
+#endif
+
 #if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
+#ifndef _POSIX_C_SOURCE
 #define _POSIX_C_SOURCE 2
 #endif
+#endif
 #include <signal.h>
 #include <stdio.h>
 #include <string.h>
@@ -398,8 +404,8 @@ static int read_till_nl(FILE *in)
         char buf[SIZE+1];
 
         do      {
-                if (fgets(buf,sizeof(buf),in) == NULL)
-                        break;
+                if (!fgets(buf,SIZE,in))
+                        return 0;
                 } while (strchr(buf,'\n') == NULL);
         return 1;
         }
diff --git a/src/lib/libcrypto/util/deltree.com b/src/lib/libcrypto/util/deltree.com
deleted file mode 100644
index 9f36b1a5e9..0000000000
--- a/src/lib/libcrypto/util/deltree.com
+++ /dev/null
@@ -1,34 +0,0 @@
-$! DELTREE.COM
-$
-$ call deltree 'p1'
-$ exit $status
-$
-$ deltree: subroutine ! P1 is a name of a directory
-$       on control_y then goto dt_STOP
-$       on warning then goto dt_exit
-$       _dt_def = f$trnlnm("SYS$DISK")+f$directory()
-$       if f$parse(p1) .eqs. "" then exit
-$       set default 'f$parse(p1,,,"DEVICE")''f$parse(p1,,,"DIRECTORY")'
-$       p1 = f$parse(p1,,,"NAME") + f$parse(p1,,,"TYPE")
-$       _fp = f$parse(".DIR",p1)
-$ dt_loop:
-$       _f = f$search(_fp)
-$       if _f .eqs. "" then goto dt_loopend
-$       call deltree [.'f$parse(_f,,,"NAME")']*.*
-$       goto dt_loop
-$ dt_loopend:
-$       _fp = f$parse(p1,".;*")
-$       if f$search(_fp) .eqs. "" then goto dt_exit
-$       set noon
-$       set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) '_fp'
-$       set on
-$       delete/nolog '_fp'
-$ dt_exit:
-$       set default '_dt_def'
-$       goto dt_end
-$ dt_STOP:
-$       set default '_dt_def'
-$       stop/id=""
-$       exit
-$ dt_end:
-$       endsubroutine
diff --git a/src/lib/libcrypto/util/libeay.num b/src/lib/libcrypto/util/libeay.num
index 93f80ba0c6..aa86b2b8b1 100644
--- a/src/lib/libcrypto/util/libeay.num
+++ b/src/lib/libcrypto/util/libeay.num
@@ -3510,6 +3510,8 @@ BIO_get_callback_arg                    3902	EXIST::FUNCTION:
 BIO_set_callback                        3903    EXIST::FUNCTION:
 d2i_ASIdOrRange                         3904    EXIST::FUNCTION:RFC3779
 i2d_ASIdentifiers                       3905    EXIST::FUNCTION:RFC3779
+CRYPTO_memcmp                           3906    EXIST::FUNCTION:
+BN_consttime_swap                       3907    EXIST::FUNCTION:
 SEED_decrypt                            3908    EXIST::FUNCTION:SEED
 SEED_encrypt                            3909    EXIST::FUNCTION:SEED
 SEED_cbc_encrypt                        3910    EXIST::FUNCTION:SEED
@@ -3687,7 +3689,7 @@ FIPS_dh_new                             4073	NOEXIST::FUNCTION:
 FIPS_corrupt_dsa_keygen                 4074    NOEXIST::FUNCTION:
 FIPS_dh_free                            4075    NOEXIST::FUNCTION:
 fips_pkey_signature_test                4076    NOEXIST::FUNCTION:
-EVP_add_alg_module                      4077    NOEXIST::FUNCTION:
+EVP_add_alg_module                      4077    EXIST::FUNCTION:
 int_RAND_init_engine_callbacks          4078    NOEXIST::FUNCTION:
 int_EVP_CIPHER_set_engine_callbacks     4079    NOEXIST::FUNCTION:
 int_EVP_MD_init_engine_callbacks        4080    NOEXIST::FUNCTION:
diff --git a/src/lib/libcrypto/util/mk1mf.pl b/src/lib/libcrypto/util/mk1mf.pl
index 458f830401..72fa089f6b 100644
--- a/src/lib/libcrypto/util/mk1mf.pl
+++ b/src/lib/libcrypto/util/mk1mf.pl
@@ -1222,7 +1222,7 @@ sub read_options
                                 }
                         }
                 }
-        elsif (/^([^=]*)=(.*)$/ && !/^-D/){ $VARS{$1}=$2; }
+        elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; }
         elsif (/^-[lL].*$/)     { $l_flags.="$_ "; }
         elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/)
                 { $c_flags.="$_ "; }
diff --git a/src/lib/libcrypto/util/pl/BC-32.pl b/src/lib/libcrypto/util/pl/BC-32.pl
index 1f1e13fb40..b41bb45e82 100644
--- a/src/lib/libcrypto/util/pl/BC-32.pl
+++ b/src/lib/libcrypto/util/pl/BC-32.pl
@@ -18,7 +18,7 @@ $out_def="out32";
 $tmp_def="tmp32";
 $inc_def="inc32";
 #enable max error messages, disable most common warnings
-$cflags="-DWIN32_LEAN_AND_MEAN -q -w-ccc -w-rch -w-pia -w-aus -w-par -w-inl  -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp -D_strnicmp=strnicmp ";
+$cflags="-DWIN32_LEAN_AND_MEAN -q -w-ccc -w-rch -w-pia -w-aus -w-par -w-inl  -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp -D_strnicmp=strnicmp -D_timeb=timeb -D_ftime=ftime ";
 if ($debug)
 {
     $cflags.="-Od -y -v -vi- -D_DEBUG";
@@ -38,7 +38,7 @@ $efile="";
 $exep='.exe';
 if ($no_sock)
         { $ex_libs=""; }
-else    { $ex_libs="cw32mt.lib import32.lib"; }
+else    { $ex_libs="cw32mt.lib import32.lib crypt32.lib ws2_32.lib"; }
 
 # static library stuff
 $mklib='tlib /P64';
@@ -51,8 +51,8 @@ $lfile='';
 $shlib_ex_obj="";
 $app_ex_obj="c0x32.obj"; 
 
-$asm='nasmw -f obj -d__omf__';
-$asm.=" /Zi" if $debug;
+$asm=(`nasm -v 2>NUL` ge `nasmw -v 2>NUL`?"nasm":"nasmw")." -f obj -d__omf__";
+$asm.=" -g" if $debug;
 $afile='-o';
 
 $bn_mulw_obj='';
diff --git a/src/lib/libcrypto/util/pl/VC-32.pl b/src/lib/libcrypto/util/pl/VC-32.pl
index c503bd52b9..3705fc73b7 100644
--- a/src/lib/libcrypto/util/pl/VC-32.pl
+++ b/src/lib/libcrypto/util/pl/VC-32.pl
@@ -27,6 +27,8 @@ $zlib_lib="zlib1.lib";
 $l_flags =~ s/-L("\[^"]+")/\/libpath:$1/g;
 $l_flags =~ s/-L(\S+)/\/libpath:$1/g;
 
+my $ff = "";
+
 # C compiler stuff
 $cc='cl';
 if ($FLAVOR =~ /WIN64/)
@@ -118,7 +120,7 @@ elsif ($FLAVOR =~ /CE/)
     $base_cflags.=' -I$(WCECOMPAT)/include'             if (defined($ENV{'WCECOMPAT'}));
     $base_cflags.=' -I$(PORTSDK_LIBPATH)/../../include' if (defined($ENV{'PORTSDK_LIBPATH'}));
     $opt_cflags=' /MC /O1i';    # optimize for space, but with intrinsics...
-    $dbg_clfags=' /MC /Od -DDEBUG -D_DEBUG';
+    $dbg_cflags=' /MC /Od -DDEBUG -D_DEBUG';
     $lflags="/nologo /opt:ref $wcelflag";
     }
 else    # Win32
@@ -126,6 +128,7 @@ else	# Win32
     $base_cflags= " $mf_cflag";
     my $f = $shlib || $fips ?' /MD':' /MT';
     $lib_cflag='/Zl' if (!$shlib);      # remove /DEFAULTLIBs from static lib
+    $ff = "/fixed";
     $opt_cflags=$f.' /Ox /O2 /Ob2';
     $dbg_cflags=$f.'d /Od -DDEBUG -D_DEBUG';
     $lflags="/nologo /subsystem:console /opt:ref";
@@ -318,7 +321,7 @@ sub do_lib_rule
                         $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";
                         $ret.="\tSET FIPS_TARGET=$target\n";
                         $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";
-                        $ret.="\t\$(FIPSLINK) \$(MLFLAGS) /map $base_arg $efile$target ";
+                        $ret.="\t\$(FIPSLINK) \$(MLFLAGS) $ff /map $base_arg $efile$target ";
                         $ret.="$name @<<\n  \$(SHLIB_EX_OBJ) $objs \$(EX_LIBS) ";
                         $ret.="\$(OBJ_D)${o}fips_premain.obj $ex\n<<\n";
                         }
@@ -355,7 +358,7 @@ sub do_link_rule
                 $ret.="\tSET FIPS_TARGET=$target\n";
                 $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";
                 $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";
-                $ret.="\t\$(FIPSLINK) \$(LFLAGS) /map $efile$target @<<\n";
+                $ret.="\t\$(FIPSLINK) \$(LFLAGS) $ff /map $efile$target @<<\n";
                 $ret.="\t\$(APP_EX_OBJ) $files \$(OBJ_D)${o}fips_premain.obj $libs\n<<\n";
                 }
         else
diff --git a/src/lib/libcrypto/x509/by_dir.c b/src/lib/libcrypto/x509/by_dir.c
index 27ca5150c1..c6602dae4f 100644
--- a/src/lib/libcrypto/x509/by_dir.c
+++ b/src/lib/libcrypto/x509/by_dir.c
@@ -218,7 +218,7 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
 
         s=dir;
         p=s;
-        for (;;p++)
+        do
                 {
                 if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0'))
                         {
@@ -264,9 +264,7 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
                                 return 0;
                                 }
                         }
-                if (*p == '\0')
-                        break;
-                }
+                } while (*p++ != '\0');
         return 1;
         }
 
diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c
index 7c2aaee2e9..352aa37434 100644
--- a/src/lib/libcrypto/x509/x509_cmp.c
+++ b/src/lib/libcrypto/x509/x509_cmp.c
@@ -86,10 +86,9 @@ unsigned long X509_issuer_and_serial_hash(X509 *a)
 
         EVP_MD_CTX_init(&ctx);
         f=X509_NAME_oneline(a->cert_info->issuer,NULL,0);
-        ret=strlen(f);
         if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL))
                 goto err;
-        if (!EVP_DigestUpdate(&ctx,(unsigned char *)f,ret))
+        if (!EVP_DigestUpdate(&ctx,(unsigned char *)f,strlen(f)))
                 goto err;
         OPENSSL_free(f);
         if(!EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
@@ -249,14 +248,14 @@ unsigned long X509_NAME_hash_old(X509_NAME *x)
         i2d_X509_NAME(x,NULL);
         EVP_MD_CTX_init(&md_ctx);
         EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-        EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL);
-        EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length);
-        EVP_DigestFinal_ex(&md_ctx,md,NULL);
+        if (EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL)
+            && EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length)
+            && EVP_DigestFinal_ex(&md_ctx,md,NULL))
+                ret=(((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
+                     ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
+                     )&0xffffffffL;
         EVP_MD_CTX_cleanup(&md_ctx);
 
-        ret=(   ((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
-                ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
-                )&0xffffffffL;
         return(ret);
         }
 #endif
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
index b0779db023..920066aeba 100644
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -694,6 +694,7 @@ static int check_cert(X509_STORE_CTX *ctx)
         X509_CRL *crl = NULL, *dcrl = NULL;
         X509 *x;
         int ok, cnum;
+        unsigned int last_reasons;
         cnum = ctx->error_depth;
         x = sk_X509_value(ctx->chain, cnum);
         ctx->current_cert = x;
@@ -702,6 +703,7 @@ static int check_cert(X509_STORE_CTX *ctx)
         ctx->current_reasons = 0;
         while (ctx->current_reasons != CRLDP_ALL_REASONS)
                 {
+                last_reasons = ctx->current_reasons;
                 /* Try to retrieve relevant CRL */
                 if (ctx->get_crl)
                         ok = ctx->get_crl(ctx, &crl, x);
@@ -745,6 +747,15 @@ static int check_cert(X509_STORE_CTX *ctx)
                 X509_CRL_free(dcrl);
                 crl = NULL;
                 dcrl = NULL;
+                /* If reasons not updated we wont get anywhere by
+                 * another iteration, so exit loop.
+                 */
+                if (last_reasons == ctx->current_reasons)
+                        {
+                        ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
+                        ok = ctx->verify_cb(0, ctx);
+                        goto err;
+                        }
                 }
         err:
         X509_CRL_free(crl);
@@ -872,7 +883,7 @@ static int crl_extension_match(X509_CRL *a, X509_CRL *b, int nid)
         {
         ASN1_OCTET_STRING *exta, *extb;
         int i;
-        i = X509_CRL_get_ext_by_NID(a, nid, 0);
+        i = X509_CRL_get_ext_by_NID(a, nid, -1);
         if (i >= 0)
                 {
                 /* Can't have multiple occurrences */
@@ -883,7 +894,7 @@ static int crl_extension_match(X509_CRL *a, X509_CRL *b, int nid)
         else
                 exta = NULL;
 
-        i = X509_CRL_get_ext_by_NID(b, nid, 0);
+        i = X509_CRL_get_ext_by_NID(b, nid, -1);
 
         if (i >= 0)
                 {
@@ -1451,10 +1462,9 @@ static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
          * a certificate was revoked. This has since been changed since 
          * critical extension can change the meaning of CRL entries.
          */
-        if (crl->flags & EXFLAG_CRITICAL)
+        if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
+                && (crl->flags & EXFLAG_CRITICAL))
                 {
-                if (ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
-                        return 1;
                 ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
                 ok = ctx->verify_cb(0, ctx);
                 if(!ok)
diff --git a/src/lib/libcrypto/x509/x_all.c b/src/lib/libcrypto/x509/x_all.c
index b94aeeb873..e06602d65a 100644
--- a/src/lib/libcrypto/x509/x_all.c
+++ b/src/lib/libcrypto/x509/x_all.c
@@ -97,6 +97,7 @@ int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
 
 int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx)
         {
+        x->cert_info->enc.modified = 1;
         return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF),
                 x->cert_info->signature,
                 x->sig_alg, x->signature, x->cert_info, ctx);
@@ -123,6 +124,7 @@ int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
 
 int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx)
         {
+        x->crl->enc.modified = 1;
         return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO),
                 x->crl->sig_alg, x->sig_alg, x->signature, x->crl, ctx);
         }
diff --git a/src/lib/libcrypto/x509v3/v3_purp.c b/src/lib/libcrypto/x509v3/v3_purp.c
index 181bd34979..ad688657e0 100644
--- a/src/lib/libcrypto/x509v3/v3_purp.c
+++ b/src/lib/libcrypto/x509v3/v3_purp.c
@@ -474,11 +474,11 @@ static void x509v3_cache_extensions(X509 *x)
         for (i = 0; i < X509_get_ext_count(x); i++)
                 {
                 ex = X509_get_ext(x, i);
-                if (!X509_EXTENSION_get_critical(ex))
-                        continue;
                 if (OBJ_obj2nid(X509_EXTENSION_get_object(ex))
                                         == NID_freshest_crl)
                         x->ex_flags |= EXFLAG_FRESHEST;
+                if (!X509_EXTENSION_get_critical(ex))
+                        continue;
                 if (!X509_supported_extension(ex))
                         {
                         x->ex_flags |= EXFLAG_CRITICAL;
diff --git a/src/lib/libcrypto/x86_64cpuid.pl b/src/lib/libcrypto/x86_64cpuid.pl
index 7b7b93b223..6ebfd017ea 100644
--- a/src/lib/libcrypto/x86_64cpuid.pl
+++ b/src/lib/libcrypto/x86_64cpuid.pl
@@ -11,7 +11,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 
-open STDOUT,"| $^X $xlate $flavour $output";
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
 
 ($arg1,$arg2,$arg3,$arg4)=$win64?("%rcx","%rdx","%r8", "%r9") : # Win64 order
                                  ("%rdi","%rsi","%rdx","%rcx"); # Unix order
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
index e4b718efa7..2e8cf681ed 100644
--- a/src/lib/libssl/d1_both.c
+++ b/src/lib/libssl/d1_both.c
@@ -220,7 +220,6 @@ dtls1_hm_fragment_free(hm_fragment *frag)
                 EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx);
                 EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash);
                 }
-
         if (frag->fragment) OPENSSL_free(frag->fragment);
         if (frag->reassembly) OPENSSL_free(frag->reassembly);
         OPENSSL_free(frag);
@@ -320,9 +319,10 @@ int dtls1_do_write(SSL *s, int type)
                                 s->init_off -= DTLS1_HM_HEADER_LENGTH;
                                 s->init_num += DTLS1_HM_HEADER_LENGTH;
 
-                                /* write atleast DTLS1_HM_HEADER_LENGTH bytes */
-                                if ( len <= DTLS1_HM_HEADER_LENGTH)  
-                                        len += DTLS1_HM_HEADER_LENGTH;
+                                if ( s->init_num > curr_mtu)
+                                        len = curr_mtu;
+                                else
+                                        len = s->init_num;
                                 }
 
                         dtls1_fix_message_header(s, frag_off, 
diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c
index a6ed09c51d..48e5e06bde 100644
--- a/src/lib/libssl/d1_clnt.c
+++ b/src/lib/libssl/d1_clnt.c
@@ -538,13 +538,6 @@ int dtls1_connect(SSL *s)
                                 SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
                         if (ret <= 0) goto end;
 
-#ifndef OPENSSL_NO_SCTP
-                        /* Change to new shared key of SCTP-Auth,
-                         * will be ignored if no SCTP used.
-                         */
-                        BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
-#endif
-
                         s->state=SSL3_ST_CW_FINISHED_A;
                         s->init_num=0;
 
@@ -571,6 +564,16 @@ int dtls1_connect(SSL *s)
                                 goto end;
                                 }
                         
+#ifndef OPENSSL_NO_SCTP
+                                if (s->hit)
+                                        {
+                                        /* Change to new shared key of SCTP-Auth,
+                                         * will be ignored if no SCTP used.
+                                         */
+                                        BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
+                                        }
+#endif
+
                         dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
                         break;
 
@@ -613,6 +616,13 @@ int dtls1_connect(SSL *s)
                                 }
                         else
                                 {
+#ifndef OPENSSL_NO_SCTP
+                                /* Change to new shared key of SCTP-Auth,
+                                 * will be ignored if no SCTP used.
+                                 */
+                                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
+#endif
+
 #ifndef OPENSSL_NO_TLSEXT
                                 /* Allow NewSessionTicket if ticket expected */
                                 if (s->tlsext_ticket_expected)
@@ -773,7 +783,7 @@ int dtls1_client_hello(SSL *s)
         unsigned char *buf;
         unsigned char *p,*d;
         unsigned int i,j;
-        unsigned long Time,l;
+        unsigned long l;
         SSL_COMP *comp;
 
         buf=(unsigned char *)s->init_buf->data;
@@ -798,13 +808,11 @@ int dtls1_client_hello(SSL *s)
 
                 /* if client_random is initialized, reuse it, we are
                  * required to use same upon reply to HelloVerify */
-                for (i=0;p[i]=='\0' && i<sizeof(s->s3->client_random);i++) ;
+                for (i=0;p[i]=='\0' && i<sizeof(s->s3->client_random);i++)
+                        ;
                 if (i==sizeof(s->s3->client_random))
-                        {
-                        Time=(unsigned long)time(NULL); /* Time */
-                        l2n(Time,p);
-                        RAND_pseudo_bytes(p,sizeof(s->s3->client_random)-4);
-                        }
+                        ssl_fill_hello_random(s, 0, p,
+                                              sizeof(s->s3->client_random));
 
                 /* Do the message type and length last */
                 d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index cfe4524553..8186462d4a 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -455,7 +455,7 @@ printf("\n");
                      orig_len < mac_size+1))
                         {
                         al=SSL_AD_DECODE_ERROR;
-                        SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
+                        SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
                         goto f_err;
                         }
 
@@ -480,7 +480,7 @@ printf("\n");
                         }
 
                 i=s->method->ssl3_enc->mac(s,md,0 /* not send */);
-                if (i < 0 || mac == NULL || timingsafe_bcmp(md, mac, (size_t)mac_size) != 0)
+                if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
                         enc_err = -1;
                 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size)
                         enc_err = -1;
@@ -847,6 +847,12 @@ start:
                         }
                 }
 
+        if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE)
+                {
+                rr->length = 0;
+                goto start;
+                }
+
         /* we now have a packet which can be read and processed */
 
         if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
@@ -1051,6 +1057,7 @@ start:
                         !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
                         !s->s3->renegotiate)
                         {
+                        s->d1->handshake_read_seq++;
                         s->new_session = 1;
                         ssl3_renegotiate(s);
                         if (ssl3_renegotiate_check(s))
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index 29421da9aa..9975e20873 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -276,10 +276,11 @@ int dtls1_accept(SSL *s)
                 case SSL3_ST_SW_HELLO_REQ_B:
 
                         s->shutdown=0;
+                        dtls1_clear_record_buffer(s);
                         dtls1_start_timer(s);
                         ret=dtls1_send_hello_request(s);
                         if (ret <= 0) goto end;
-                        s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;
+                        s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
                         s->state=SSL3_ST_SW_FLUSH;
                         s->init_num=0;
 
@@ -721,10 +722,13 @@ int dtls1_accept(SSL *s)
                         if (ret <= 0) goto end;
 
 #ifndef OPENSSL_NO_SCTP
-                        /* Change to new shared key of SCTP-Auth,
-                         * will be ignored if no SCTP used.
-                         */
-                        BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
+                        if (!s->hit)
+                                {
+                                /* Change to new shared key of SCTP-Auth,
+                                 * will be ignored if no SCTP used.
+                                 */
+                                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
+                                }
 #endif
 
                         s->state=SSL3_ST_SW_FINISHED_A;
@@ -749,7 +753,16 @@ int dtls1_accept(SSL *s)
                         if (ret <= 0) goto end;
                         s->state=SSL3_ST_SW_FLUSH;
                         if (s->hit)
+                                {
                                 s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
+
+#ifndef OPENSSL_NO_SCTP
+                                /* Change to new shared key of SCTP-Auth,
+                                 * will be ignored if no SCTP used.
+                                 */
+                                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
+#endif
+                                }
                         else
                                 {
                                 s->s3->tmp.next_state=SSL_ST_OK;
@@ -912,15 +925,13 @@ int dtls1_send_server_hello(SSL *s)
         unsigned char *p,*d;
         int i;
         unsigned int sl;
-        unsigned long l,Time;
+        unsigned long l;
 
         if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
                 {
                 buf=(unsigned char *)s->init_buf->data;
                 p=s->s3->server_random;
-                Time=(unsigned long)time(NULL);                 /* Time */
-                l2n(Time,p);
-                RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4);
+                ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE);
                 /* Do the message type and length last */
                 d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
 
diff --git a/src/lib/libssl/dtls1.h b/src/lib/libssl/dtls1.h
index 5008bf6081..e65d501191 100644
--- a/src/lib/libssl/dtls1.h
+++ b/src/lib/libssl/dtls1.h
@@ -57,8 +57,8 @@
  *
  */
 
-#ifndef HEADER_DTLS1_H 
-#define HEADER_DTLS1_H 
+#ifndef HEADER_DTLS1_H
+#define HEADER_DTLS1_H
 
 #include <openssl/buffer.h>
 #include <openssl/pqueue.h>
@@ -72,8 +72,12 @@
 #elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_)
 #include <sys/timeval.h>
 #else
+#if defined(OPENSSL_SYS_VXWORKS)
+#include <sys/times.h>
+#else
 #include <sys/time.h>
 #endif
+#endif
 
 #ifdef  __cplusplus
 extern "C" {
diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c
index 47673e740a..2b93c639dd 100644
--- a/src/lib/libssl/s23_clnt.c
+++ b/src/lib/libssl/s23_clnt.c
@@ -269,12 +269,35 @@ static int ssl23_no_ssl2_ciphers(SSL *s)
         return 1;
         }
 
+/* Fill a ClientRandom or ServerRandom field of length len. Returns <= 0
+ * on failure, 1 on success. */
+int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
+        {
+        int send_time = 0;
+
+        if (len < 4)
+                return 0;
+        if (server)
+                send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
+        else
+                send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
+        if (send_time)
+                {
+                unsigned long Time = (unsigned long)time(NULL);
+                unsigned char *p = result;
+                l2n(Time, p);
+                return RAND_pseudo_bytes(p, len-4);
+                }
+        else
+                return RAND_pseudo_bytes(result, len);
+        }
+
 static int ssl23_client_hello(SSL *s)
         {
         unsigned char *buf;
         unsigned char *p,*d;
         int i,ch_len;
-        unsigned long Time,l;
+        unsigned long l;
         int ssl2_compat;
         int version = 0, version_major, version_minor;
 #ifndef OPENSSL_NO_COMP
@@ -355,9 +378,7 @@ static int ssl23_client_hello(SSL *s)
 #endif
 
                 p=s->s3->client_random;
-                Time=(unsigned long)time(NULL);         /* Time */
-                l2n(Time,p);
-                if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
+                if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
                         return -1;
 
                 if (version == TLS1_2_VERSION)
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c
index ed0fcfc532..53b9390fdd 100644
--- a/src/lib/libssl/s3_both.c
+++ b/src/lib/libssl/s3_both.c
@@ -206,10 +206,10 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
 
 #ifndef OPENSSL_NO_NEXTPROTONEG
 /* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen to far. */
-static void ssl3_take_mac(SSL *s) {
+static void ssl3_take_mac(SSL *s)
+        {
         const char *sender;
         int slen;
-
         /* If no new cipher setup return immediately: other functions will
          * set the appropriate error.
          */
@@ -228,7 +228,7 @@ static void ssl3_take_mac(SSL *s) {
 
         s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
                 sender,slen,s->s3->tmp.peer_finish_md);
-}
+        }
 #endif
 
 int ssl3_get_finished(SSL *s, int a, int b)
@@ -238,8 +238,9 @@ int ssl3_get_finished(SSL *s, int a, int b)
         unsigned char *p;
 
 #ifdef OPENSSL_NO_NEXTPROTONEG
-        /* the mac has already been generated when we received the change
-         * cipher spec message and is in s->s3->tmp.peer_finish_md. */
+        /* the mac has already been generated when we received the
+         * change cipher spec message and is in s->s3->tmp.peer_finish_md.
+         */ 
 #endif
 
         n=s->method->ssl_get_message(s,
@@ -270,7 +271,7 @@ int ssl3_get_finished(SSL *s, int a, int b)
                 goto f_err;
                 }
 
-        if (timingsafe_bcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
+        if (CRYPTO_memcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
                 {
                 al=SSL_AD_DECRYPT_ERROR;
                 SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);
@@ -544,12 +545,14 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
                 s->init_num += i;
                 n -= i;
                 }
+
 #ifndef OPENSSL_NO_NEXTPROTONEG
         /* If receiving Finished, record MAC of prior handshake messages for
          * Finished verification. */
         if (*s->init_buf->data == SSL3_MT_FINISHED)
                 ssl3_take_mac(s);
 #endif
+
         /* Feed this message into MAC computation. */
         ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
         if (s->msg_callback)
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index b80d052e1f..a6b3c01afa 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -459,7 +459,6 @@ int ssl3_connect(SSL *s)
                                 SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
                         if (ret <= 0) goto end;
 
-
 #if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
                         s->state=SSL3_ST_CW_FINISHED_A;
 #else
@@ -656,7 +655,7 @@ int ssl3_client_hello(SSL *s)
         unsigned char *buf;
         unsigned char *p,*d;
         int i;
-        unsigned long Time,l;
+        unsigned long l;
 #ifndef OPENSSL_NO_COMP
         int j;
         SSL_COMP *comp;
@@ -681,9 +680,8 @@ int ssl3_client_hello(SSL *s)
                 /* else use the pre-loaded session */
 
                 p=s->s3->client_random;
-                Time=(unsigned long)time(NULL);                 /* Time */
-                l2n(Time,p);
-                if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
+
+                if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
                         goto err;
 
                 /* Do the message type and length last */
@@ -987,7 +985,10 @@ int ssl3_get_server_hello(SSL *s)
          * client authentication.
          */
         if (TLS1_get_version(s) < TLS1_2_VERSION && !ssl3_digest_cached_records(s))
+                {
+                al = SSL_AD_INTERNAL_ERROR;
                 goto f_err;
+                }
         /* lets get the compression algorithm */
         /* COMPRESSION */
 #ifdef OPENSSL_NO_COMP
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index b73b5ac87f..c4ef2738d7 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1125,7 +1125,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         0, /* not implemented (non-ephemeral DH) */
         TLS1_TXT_DH_DSS_WITH_AES_128_SHA256,
         TLS1_CK_DH_DSS_WITH_AES_128_SHA256,
-        SSL_kDHr,
+        SSL_kDHd,
         SSL_aDH,
         SSL_AES128,
         SSL_SHA256,
@@ -1407,7 +1407,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         0, /* not implemented (non-ephemeral DH) */
         TLS1_TXT_DH_DSS_WITH_AES_256_SHA256,
         TLS1_CK_DH_DSS_WITH_AES_256_SHA256,
-        SSL_kDHr,
+        SSL_kDHd,
         SSL_aDH,
         SSL_AES256,
         SSL_SHA256,
@@ -1683,7 +1683,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL_3DES,
         SSL_SHA1,
         SSL_TLSV1,
-        SSL_NOT_EXP|SSL_HIGH,
+        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
         168,
         168,
@@ -1699,7 +1699,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL_AES128,
         SSL_SHA1,
         SSL_TLSV1,
-        SSL_NOT_EXP|SSL_HIGH,
+        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
         128,
         128,
@@ -1715,7 +1715,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL_AES256,
         SSL_SHA1,
         SSL_TLSV1,
-        SSL_NOT_EXP|SSL_HIGH,
+        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
         256,
         256,
@@ -1958,7 +1958,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         0,
         TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256,
         TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256,
-        SSL_kDHr,
+        SSL_kDHd,
         SSL_aDH,
         SSL_AES128GCM,
         SSL_AEAD,
@@ -1974,7 +1974,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         0,
         TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384,
         TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384,
-        SSL_kDHr,
+        SSL_kDHd,
         SSL_aDH,
         SSL_AES256GCM,
         SSL_AEAD,
@@ -2669,7 +2669,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         1,
         TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
         TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
-        SSL_kECDHe,
+        SSL_kECDHr,
         SSL_aECDH,
         SSL_AES128,
         SSL_SHA256,
@@ -2685,7 +2685,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         1,
         TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
         TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
-        SSL_kECDHe,
+        SSL_kECDHr,
         SSL_aECDH,
         SSL_AES256,
         SSL_SHA384,
@@ -2799,7 +2799,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         1,
         TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256,
         TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
-        SSL_kECDHe,
+        SSL_kECDHr,
         SSL_aECDH,
         SSL_AES128GCM,
         SSL_AEAD,
@@ -2815,7 +2815,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         1,
         TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384,
         TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384,
-        SSL_kECDHe,
+        SSL_kECDHr,
         SSL_aECDH,
         SSL_AES256GCM,
         SSL_AEAD,
@@ -3037,6 +3037,11 @@ void ssl3_clear(SSL *s)
                 s->s3->tmp.ecdh = NULL;
                 }
 #endif
+#ifndef OPENSSL_NO_TLSEXT
+#ifndef OPENSSL_NO_EC
+        s->s3->is_probably_safari = 0;
+#endif /* !OPENSSL_NO_EC */
+#endif /* !OPENSSL_NO_TLSEXT */
 
         rp = s->s3->rbuf.buf;
         wp = s->s3->wbuf.buf;
@@ -4016,6 +4021,13 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
                 ii=sk_SSL_CIPHER_find(allow,c);
                 if (ii >= 0)
                         {
+#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT)
+                        if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari)
+                                {
+                                if (!ret) ret=sk_SSL_CIPHER_value(allow,ii);
+                                continue;
+                                }
+#endif
                         ret=sk_SSL_CIPHER_value(allow,ii);
                         break;
                         }
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
index 722ed9a858..96ba63262e 100644
--- a/src/lib/libssl/s3_pkt.c
+++ b/src/lib/libssl/s3_pkt.c
@@ -335,7 +335,7 @@ fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
                         if (version != s->version)
                                 {
                                 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
-                                if ((s->version & 0xFF00) == (version & 0xFF00))
+                                if ((s->version & 0xFF00) == (version & 0xFF00) && !s->enc_write_ctx && !s->write_hash)
                                         /* Send back error using their minor version number :-) */
                                         s->version = (unsigned short)version;
                                 al=SSL_AD_PROTOCOL_VERSION;
@@ -407,7 +407,7 @@ fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
         if (enc_err == 0)
                 {
                 al=SSL_AD_DECRYPTION_FAILED;
-                SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+                SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
                 goto f_err;
                 }
 
@@ -467,7 +467,7 @@ printf("\n");
                         }
 
                 i=s->method->ssl3_enc->mac(s,md,0 /* not send */);
-                if (i < 0 || mac == NULL || timingsafe_bcmp(md, mac, (size_t)mac_size) != 0)
+                if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
                         enc_err = -1;
                 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
                         enc_err = -1;
@@ -748,6 +748,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
          * bytes and record version number > TLS 1.0
          */
         if (s->state == SSL3_ST_CW_CLNT_HELLO_B
+                                && !s->renegotiate
                                 && TLS1_get_version(s) > TLS1_VERSION)
                 *(p++) = 0x1;
         else
@@ -1054,7 +1055,7 @@ start:
                                 {
                                 s->rstate=SSL_ST_READ_HEADER;
                                 rr->off=0;
-                                if (s->mode & SSL_MODE_RELEASE_BUFFERS && s->s3->rbuf.left == 0)
+                                if (s->mode & SSL_MODE_RELEASE_BUFFERS)
                                         ssl3_release_read_buffer(s);
                                 }
                         }
@@ -1242,7 +1243,7 @@ start:
                                 goto f_err;
                                 }
 #ifdef SSL_AD_MISSING_SRP_USERNAME
-                        if (alert_descr == SSL_AD_MISSING_SRP_USERNAME)
+                        else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME)
                                 return(0);
 #endif
                         }
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index 118939fabb..9ac19c05f2 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -191,7 +191,8 @@ static int ssl_check_srp_ext_ClientHello(SSL *s, int *al)
                 {
                 if(s->srp_ctx.login == NULL)
                         {
-                        /* There isn't any srp login extension !!! */
+                        /* RFC 5054 says SHOULD reject, 
+                           we do so if There is no srp login name */
                         ret = SSL3_AL_FATAL;
                         *al = SSL_AD_UNKNOWN_PSK_IDENTITY;
                         }
@@ -378,6 +379,7 @@ int ssl3_accept(SSL *s)
                                 }
                         }
 #endif          
+                        
                         s->renegotiate = 2;
                         s->state=SSL3_ST_SW_SRVR_HELLO_A;
                         s->init_num=0;
@@ -956,7 +958,8 @@ int ssl3_get_client_hello(SSL *s)
             (s->version != DTLS1_VERSION && s->client_version < s->version))
                 {
                 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
-                if ((s->client_version>>8) == SSL3_VERSION_MAJOR)
+                if ((s->client_version>>8) == SSL3_VERSION_MAJOR && 
+                        !s->enc_write_ctx && !s->write_hash)
                         {
                         /* similar to ssl3_get_record, send alert using remote version number */
                         s->version = s->client_version;
@@ -1181,7 +1184,7 @@ int ssl3_get_client_hello(SSL *s)
                         goto f_err;
                         }
                 }
-                if (ssl_check_clienthello_tlsext(s) <= 0) {
+                if (ssl_check_clienthello_tlsext_early(s) <= 0) {
                         SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
                         goto err;
                 }
@@ -1191,12 +1194,9 @@ int ssl3_get_client_hello(SSL *s)
          * server_random before calling tls_session_secret_cb in order to allow
          * SessionTicket processing to use it in key derivation. */
         {
-                unsigned long Time;
                 unsigned char *pos;
-                Time=(unsigned long)time(NULL);                 /* Time */
                 pos=s->s3->server_random;
-                l2n(Time,pos);
-                if (RAND_pseudo_bytes(pos,SSL3_RANDOM_SIZE-4) <= 0)
+                if (ssl_fill_hello_random(s, 1, pos, SSL3_RANDOM_SIZE) <= 0)
                         {
                         al=SSL_AD_INTERNAL_ERROR;
                         goto f_err;
@@ -1389,7 +1389,10 @@ int ssl3_get_client_hello(SSL *s)
         if (TLS1_get_version(s) < TLS1_2_VERSION || !(s->verify_mode & SSL_VERIFY_PEER))
                 {
                 if (!ssl3_digest_cached_records(s))
+                        {
+                        al = SSL_AD_INTERNAL_ERROR;
                         goto f_err;
+                        }
                 }
         
         /* we now have the following setup. 
@@ -1403,6 +1406,16 @@ int ssl3_get_client_hello(SSL *s)
          * s->tmp.new_cipher    - the new cipher to use.
          */
 
+        /* Handles TLS extensions that we couldn't check earlier */
+        if (s->version >= SSL3_VERSION)
+                {
+                if (ssl_check_clienthello_tlsext_late(s) <= 0)
+                        {
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
+                        goto err;
+                        }
+                }
+
         if (ret < 0) ret=1;
         if (0)
                 {
@@ -1420,19 +1433,13 @@ int ssl3_send_server_hello(SSL *s)
         unsigned char *p,*d;
         int i,sl;
         unsigned long l;
-#ifdef OPENSSL_NO_TLSEXT
-        unsigned long Time;
-#endif
 
         if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
                 {
                 buf=(unsigned char *)s->init_buf->data;
 #ifdef OPENSSL_NO_TLSEXT
                 p=s->s3->server_random;
-                /* Generate server_random if it was not needed previously */
-                Time=(unsigned long)time(NULL);                 /* Time */
-                l2n(Time,p);
-                if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
+                if (ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE) <= 0)
                         return -1;
 #endif
                 /* Do the message type and length last */
@@ -1823,7 +1830,7 @@ int ssl3_send_server_key_exchange(SSL *s)
                         SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
                         goto f_err;
                         }
-                for (i=0; r[i] != NULL && i<4; i++)
+                for (i=0; i < 4 && r[i] != NULL; i++)
                         {
                         nr[i]=BN_num_bytes(r[i]);
 #ifndef OPENSSL_NO_SRP
@@ -1859,7 +1866,7 @@ int ssl3_send_server_key_exchange(SSL *s)
                 d=(unsigned char *)s->init_buf->data;
                 p= &(d[4]);
 
-                for (i=0; r[i] != NULL && i<4; i++)
+                for (i=0; i < 4 && r[i] != NULL; i++)
                         {
 #ifndef OPENSSL_NO_SRP
                         if ((i == 2) && (type & SSL_kSRP))
diff --git a/src/lib/libssl/src/CHANGES b/src/lib/libssl/src/CHANGES
index 7013e4c12c..4fcfd1d4be 100644
--- a/src/lib/libssl/src/CHANGES
+++ b/src/lib/libssl/src/CHANGES
@@ -2,6 +2,104 @@
  OpenSSL CHANGES
  _______________
 
+ Changes between 1.0.1f and 1.0.1g [7 Apr 2014]
+
+  *) A missing bounds check in the handling of the TLS heartbeat extension
+     can be used to reveal up to 64k of memory to a connected client or
+     server.
+
+     Thanks for Neel Mehta of Google Security for discovering this bug and to
+     Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
+     preparing the fix (CVE-2014-0160)
+     [Adam Langley, Bodo Moeller]
+
+  *) Fix for the attack described in the paper "Recovering OpenSSL
+     ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
+     by Yuval Yarom and Naomi Benger. Details can be obtained from:
+     http://eprint.iacr.org/2014/140
+
+     Thanks to Yuval Yarom and Naomi Benger for discovering this
+     flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076)
+     [Yuval Yarom and Naomi Benger]
+
+  *) TLS pad extension: draft-agl-tls-padding-03
+
+     Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the
+     TLS client Hello record length value would otherwise be > 255 and
+     less that 512 pad with a dummy extension containing zeroes so it
+     is at least 512 bytes long.
+
+     [Adam Langley, Steve Henson]
+
+ Changes between 1.0.1e and 1.0.1f [6 Jan 2014]
+
+  *) Fix for TLS record tampering bug. A carefully crafted invalid 
+     handshake could crash OpenSSL with a NULL pointer exception.
+     Thanks to Anton Johansson for reporting this issues.
+     (CVE-2013-4353)
+
+  *) Keep original DTLS digest and encryption contexts in retransmission
+     structures so we can use the previous session parameters if they need
+     to be resent. (CVE-2013-6450)
+     [Steve Henson]
+
+  *) Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which
+     avoids preferring ECDHE-ECDSA ciphers when the client appears to be
+     Safari on OS X.  Safari on OS X 10.8..10.8.3 advertises support for
+     several ECDHE-ECDSA ciphers, but fails to negotiate them.  The bug
+     is fixed in OS X 10.8.4, but Apple have ruled out both hot fixing
+     10.8..10.8.3 and forcing users to upgrade to 10.8.4 or newer.
+     [Rob Stradling, Adam Langley]
+
+ Changes between 1.0.1d and 1.0.1e [11 Feb 2013]
+
+  *) Correct fix for CVE-2013-0169. The original didn't work on AES-NI
+     supporting platforms or when small records were transferred.
+     [Andy Polyakov, Steve Henson]
+
+ Changes between 1.0.1c and 1.0.1d [5 Feb 2013]
+
+  *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
+
+     This addresses the flaw in CBC record processing discovered by 
+     Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
+     at: http://www.isg.rhul.ac.uk/tls/     
+
+     Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
+     Security Group at Royal Holloway, University of London
+     (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
+     Emilia Käsper for the initial patch.
+     (CVE-2013-0169)
+     [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
+
+  *) Fix flaw in AESNI handling of TLS 1.2 and 1.1 records for CBC mode
+     ciphersuites which can be exploited in a denial of service attack.
+     Thanks go to and to Adam Langley <agl@chromium.org> for discovering
+     and detecting this bug and to Wolfgang Ettlinger
+     <wolfgang.ettlinger@gmail.com> for independently discovering this issue.
+     (CVE-2012-2686)
+     [Adam Langley]
+
+  *) Return an error when checking OCSP signatures when key is NULL.
+     This fixes a DoS attack. (CVE-2013-0166)
+     [Steve Henson]
+
+  *) Make openssl verify return errors.
+     [Chris Palmer <palmer@google.com> and Ben Laurie]
+
+  *) Call OCSP Stapling callback after ciphersuite has been chosen, so
+     the right response is stapled. Also change SSL_get_certificate()
+     so it returns the certificate actually sent.
+     See http://rt.openssl.org/Ticket/Display.html?id=2836.
+     [Rob Stradling <rob.stradling@comodo.com>]
+
+  *) Fix possible deadlock when decoding public keys.
+     [Steve Henson]
+
+  *) Don't use TLS 1.0 record version number in initial client hello
+     if renegotiating.
+     [Steve Henson]
+
  Changes between 1.0.1b and 1.0.1c [10 May 2012]
 
   *) Sanity check record length before skipping explicit IV in TLS
@@ -357,6 +455,63 @@
        Add command line options to s_client/s_server.
      [Steve Henson]
 
+ Changes between 1.0.0j and 1.0.0k [5 Feb 2013]
+
+  *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
+
+     This addresses the flaw in CBC record processing discovered by 
+     Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
+     at: http://www.isg.rhul.ac.uk/tls/     
+
+     Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
+     Security Group at Royal Holloway, University of London
+     (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
+     Emilia Käsper for the initial patch.
+     (CVE-2013-0169)
+     [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
+
+  *) Return an error when checking OCSP signatures when key is NULL.
+     This fixes a DoS attack. (CVE-2013-0166)
+     [Steve Henson]
+
+  *) Call OCSP Stapling callback after ciphersuite has been chosen, so
+     the right response is stapled. Also change SSL_get_certificate()
+     so it returns the certificate actually sent.
+     See http://rt.openssl.org/Ticket/Display.html?id=2836.
+     (This is a backport)
+     [Rob Stradling <rob.stradling@comodo.com>]
+
+  *) Fix possible deadlock when decoding public keys.
+     [Steve Henson]
+
+ Changes between 1.0.0i and 1.0.0j [10 May 2012]
+
+  [NB: OpenSSL 1.0.0i and later 1.0.0 patch levels were released after
+  OpenSSL 1.0.1.]
+
+  *) Sanity check record length before skipping explicit IV in DTLS
+     to fix DoS attack.
+
+     Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
+     fuzzing as a service testing platform.
+     (CVE-2012-2333)
+     [Steve Henson]
+
+  *) Initialise tkeylen properly when encrypting CMS messages.
+     Thanks to Solar Designer of Openwall for reporting this issue.
+     [Steve Henson]
+
+ Changes between 1.0.0h and 1.0.0i [19 Apr 2012]
+
+  *) Check for potentially exploitable overflows in asn1_d2i_read_bio
+     BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
+     in CRYPTO_realloc_clean.
+
+     Thanks to Tavis Ormandy, Google Security Team, for discovering this
+     issue and to Adam Langley <agl@chromium.org> for fixing it.
+     (CVE-2012-2110)
+     [Adam Langley (Google), Tavis Ormandy, Google Security Team]
+
  Changes between 1.0.0g and 1.0.0h [12 Mar 2012]
 
   *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
@@ -1347,6 +1502,86 @@
   *) Change 'Configure' script to enable Camellia by default.
      [NTT]
 
+ Changes between 0.9.8x and 0.9.8y [5 Feb 2013]
+
+  *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
+
+     This addresses the flaw in CBC record processing discovered by 
+     Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
+     at: http://www.isg.rhul.ac.uk/tls/     
+
+     Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
+     Security Group at Royal Holloway, University of London
+     (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
+     Emilia Käsper for the initial patch.
+     (CVE-2013-0169)
+     [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
+
+  *) Return an error when checking OCSP signatures when key is NULL.
+     This fixes a DoS attack. (CVE-2013-0166)
+     [Steve Henson]
+
+  *) Call OCSP Stapling callback after ciphersuite has been chosen, so
+     the right response is stapled. Also change SSL_get_certificate()
+     so it returns the certificate actually sent.
+     See http://rt.openssl.org/Ticket/Display.html?id=2836.
+     (This is a backport)
+     [Rob Stradling <rob.stradling@comodo.com>]
+
+  *) Fix possible deadlock when decoding public keys.
+     [Steve Henson]
+
+ Changes between 0.9.8w and 0.9.8x [10 May 2012]
+
+  *) Sanity check record length before skipping explicit IV in DTLS
+     to fix DoS attack.
+
+     Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
+     fuzzing as a service testing platform.
+     (CVE-2012-2333)
+     [Steve Henson]
+
+  *) Initialise tkeylen properly when encrypting CMS messages.
+     Thanks to Solar Designer of Openwall for reporting this issue.
+     [Steve Henson]
+
+ Changes between 0.9.8v and 0.9.8w [23 Apr 2012]
+
+  *) The fix for CVE-2012-2110 did not take into account that the 
+     'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an
+     int in OpenSSL 0.9.8, making it still vulnerable. Fix by 
+     rejecting negative len parameter. (CVE-2012-2131)
+     [Tomas Hoger <thoger@redhat.com>]
+
+ Changes between 0.9.8u and 0.9.8v [19 Apr 2012]
+
+  *) Check for potentially exploitable overflows in asn1_d2i_read_bio
+     BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
+     in CRYPTO_realloc_clean.
+
+     Thanks to Tavis Ormandy, Google Security Team, for discovering this
+     issue and to Adam Langley <agl@chromium.org> for fixing it.
+     (CVE-2012-2110)
+     [Adam Langley (Google), Tavis Ormandy, Google Security Team]
+
+ Changes between 0.9.8t and 0.9.8u [12 Mar 2012]
+
+  *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
+     in CMS and PKCS7 code. When RSA decryption fails use a random key for
+     content decryption and always return the same error. Note: this attack
+     needs on average 2^20 messages so it only affects automated senders. The
+     old behaviour can be reenabled in the CMS code by setting the
+     CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where
+     an MMA defence is not necessary.
+     Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
+     this issue. (CVE-2012-0884)
+     [Steve Henson]
+
+  *) Fix CVE-2011-4619: make sure we really are receiving a 
+     client hello before rejecting multiple SGC restarts. Thanks to
+     Ivan Nestlerode <inestlerode@us.ibm.com> for discovering this bug.
+     [Steve Henson]
+
  Changes between 0.9.8s and 0.9.8t [18 Jan 2012]
 
   *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
@@ -1354,7 +1589,7 @@
      Development, Cisco Systems, Inc. for discovering this bug and
      preparing a fix. (CVE-2012-0050)
      [Antonio Martin]
-  
+
  Changes between 0.9.8r and 0.9.8s [4 Jan 2012]
 
   *) Nadhem Alfardan and Kenny Paterson have discovered an extension
diff --git a/src/lib/libssl/src/Configure b/src/lib/libssl/src/Configure
index cbbf4de8b2..de78469b9f 100644
--- a/src/lib/libssl/src/Configure
+++ b/src/lib/libssl/src/Configure
@@ -171,20 +171,22 @@ my %table=(
 "debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
 "debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
 "debug-ben-debug",      "gcc44:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O2 -pipe::(unknown)::::::",
+"debug-ben-debug-64",   "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-ben-macos",      "cc:$gcc_devteam_warn -arch i386 -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -DL_ENDIAN -g3 -pipe::(unknown)::-Wl,-search_paths_first::::",
 "debug-ben-macos-gcc46",        "gcc-mp-4.6:$gcc_devteam_warn -Wconversion -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -DL_ENDIAN -g3 -pipe::(unknown)::::::",
+"debug-ben-darwin64","cc:$gcc_devteam_warn -Wno-language-extension-token -Wno-extended-offsetof -arch x86_64 -O3 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 "debug-ben-no-opt",     "gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -DTERMIOS -Wall -g3::(unknown)::::::",
 "debug-ben-strict",     "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
 "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-bodo",   "gcc:$gcc_devteam_warn -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"debug-bodo",   "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 "debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll",
-"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-geoff32","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-geoff64","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
@@ -243,7 +245,7 @@ my %table=(
 "solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs::/64",
+"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
 ####
 "debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 
@@ -464,8 +466,8 @@ my %table=(
 "aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-pthread:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:${ppc64_asm}:aix64:dlfcn:aix-shared::-maix64 -shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64",
 # Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE
 # at build time. $OBJECT_MODE is respected at ./config stage!
-"aix-cc",   "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::BN_LLONG RC4_CHAR:${ppc32_asm}:aix32:dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32",
-"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:${ppc64_asm}:aix64:dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64",
+"aix-cc",   "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::BN_LLONG RC4_CHAR:${ppc32_asm}:aix32:dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32",
+"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:${ppc64_asm}:aix64:dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64",
 
 #
 # Cray T90 and similar (SDSC)
@@ -524,7 +526,7 @@ my %table=(
 # 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE'
 "VC-WIN32","cl:-W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
 # Unified CE target
-"debug-VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
+"debug-VC-WIN32","cl:-W3 -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
 "VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",
 
 # Borland C++ 4.5
diff --git a/src/lib/libssl/src/FAQ b/src/lib/libssl/src/FAQ
index bb6f7e2d29..59d135396e 100644
--- a/src/lib/libssl/src/FAQ
+++ b/src/lib/libssl/src/FAQ
@@ -83,11 +83,11 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?
 
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 1.0.1c was released on May 10th, 2012.
+OpenSSL 1.0.1e was released on Feb 11th, 2013.
 
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
-ftp://ftp.openssl.org/snapshot/>, or get it by anonymous CVS access.
+ftp://ftp.openssl.org/snapshot/>, or get it by anonymous Git access.
 
 
 * Where is the documentation?
@@ -768,6 +768,9 @@ openssl-security@openssl.org if you don't get a prompt reply at least
 acknowledging receipt then resend or mail it directly to one of the
 more active team members (e.g. Steve).
 
+Note that bugs only present in the openssl utility are not in general
+considered to be security issues. 
+
 [PROG] ========================================================================
 
 * Is OpenSSL thread-safe?
diff --git a/src/lib/libssl/src/INSTALL.W32 b/src/lib/libssl/src/INSTALL.W32
index d23c4baf62..80e538273e 100644
--- a/src/lib/libssl/src/INSTALL.W32
+++ b/src/lib/libssl/src/INSTALL.W32
@@ -29,7 +29,7 @@
   is required if you intend to utilize assembler modules. Note that NASM
   is now the only supported assembler.
 
- If you are compiling from a tarball or a CVS snapshot then the Win32 files
+ If you are compiling from a tarball or a Git snapshot then the Win32 files
  may well be not up to date. This may mean that some "tweaking" is required to
  get it all to work. See the trouble shooting section later on for if (when?)
  it goes wrong.
@@ -257,7 +257,7 @@
 
  then ms\do_XXX should not give a warning any more. However the numbers that
  get assigned by this technique may not match those that eventually get
- assigned in the CVS tree: so anything linked against this version of the
+ assigned in the Git tree: so anything linked against this version of the
  library may need to be recompiled.
 
  If you get errors about unresolved symbols there are several possible
diff --git a/src/lib/libssl/src/MacOS/GUSI_Init.cpp b/src/lib/libssl/src/MacOS/GUSI_Init.cpp
deleted file mode 100644
index d8223dba2c..0000000000
--- a/src/lib/libssl/src/MacOS/GUSI_Init.cpp
+++ /dev/null
@@ -1,62 +0,0 @@
-/**************** BEGIN GUSI CONFIGURATION ****************************
- *
- * GUSI Configuration section generated by GUSI Configurator
- * last modified: Wed Jan  5 20:33:51 2000
- *
- * This section will be overwritten by the next run of Configurator.
- */
-
-#define GUSI_SOURCE
-#include <GUSIConfig.h>
-#include <sys/cdefs.h>
-
-/* Declarations of Socket Factories */
-
-__BEGIN_DECLS
-void GUSIwithInetSockets();
-void GUSIwithLocalSockets();
-void GUSIwithMTInetSockets();
-void GUSIwithMTTcpSockets();
-void GUSIwithMTUdpSockets();
-void GUSIwithOTInetSockets();
-void GUSIwithOTTcpSockets();
-void GUSIwithOTUdpSockets();
-void GUSIwithPPCSockets();
-void GUSISetupFactories();
-__END_DECLS
-
-/* Configure Socket Factories */
-
-void GUSISetupFactories()
-{
-#ifdef GUSISetupFactories_BeginHook
-        GUSISetupFactories_BeginHook
-#endif
-        GUSIwithInetSockets();
-#ifdef GUSISetupFactories_EndHook
-        GUSISetupFactories_EndHook
-#endif
-}
-
-/* Declarations of File Devices */
-
-__BEGIN_DECLS
-void GUSIwithDConSockets();
-void GUSIwithNullSockets();
-void GUSISetupDevices();
-__END_DECLS
-
-/* Configure File Devices */
-
-void GUSISetupDevices()
-{
-#ifdef GUSISetupDevices_BeginHook
-        GUSISetupDevices_BeginHook
-#endif
-        GUSIwithNullSockets();
-#ifdef GUSISetupDevices_EndHook
-        GUSISetupDevices_EndHook
-#endif
-}
-
-/**************** END GUSI CONFIGURATION *************************/
diff --git a/src/lib/libssl/src/MacOS/GetHTTPS.src/CPStringUtils.cpp b/src/lib/libssl/src/MacOS/GetHTTPS.src/CPStringUtils.cpp
deleted file mode 100644
index 617aae2c70..0000000000
--- a/src/lib/libssl/src/MacOS/GetHTTPS.src/CPStringUtils.cpp
+++ /dev/null
@@ -1,2753 +0,0 @@
-/* ====================================================================
- * Copyright (c) 1998-1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
- 
- 
- 
- #include "CPStringUtils.hpp"
-#include "ErrorHandling.hpp"
-
-
-
-#define kNumberFormatString                     "\p########0.00#######;-########0.00#######"
-
-
-
-//      Useful utility functions which could be optimized a whole lot
-
-
-void CopyPStrToCStr(const unsigned char *thePStr,char *theCStr,const int maxCStrLength)
-{
-int             i,numPChars;
-
-
-        if (thePStr != nil && theCStr != nil && maxCStrLength > 0)
-        {
-                numPChars = thePStr[0];
-                
-                for (i = 0;;i++)
-                {
-                        if (i >= numPChars || i >= maxCStrLength - 1)
-                        {
-                                theCStr[i] = 0;
-                                
-                                break;
-                        }
-                        
-                        else
-                        {
-                                theCStr[i] = thePStr[i + 1];
-                        }
-                }
-        }
-}
-
-
-void CopyPStrToPStr(const unsigned char *theSrcPStr,unsigned char *theDstPStr,const int maxDstStrLength)
-{
-int             theMaxDstStrLength;
-
-        
-        theMaxDstStrLength = maxDstStrLength;
-        
-        
-        if (theDstPStr != nil && theSrcPStr != nil && theMaxDstStrLength > 0)
-        {
-                if (theMaxDstStrLength > 255)
-                {
-                        theMaxDstStrLength = 255;
-                }
-                
-                
-                if (theMaxDstStrLength - 1 < theSrcPStr[0])
-                {
-                        BlockMove(theSrcPStr + 1,theDstPStr + 1,theMaxDstStrLength - 1);
-                        
-                        theDstPStr[0] = theMaxDstStrLength - 1;
-                }
-                
-                else
-                {
-                        BlockMove(theSrcPStr,theDstPStr,theSrcPStr[0] + 1);
-                }
-        }
-}
-
-
-void CopyCStrToCStr(const char *theSrcCStr,char *theDstCStr,const int maxDstStrLength)
-{
-int             i;
-
-
-        if (theDstCStr != nil && theSrcCStr != nil && maxDstStrLength > 0)
-        {
-                for (i = 0;;i++)
-                {
-                        if (theSrcCStr[i] == 0 || i >= maxDstStrLength - 1)
-                        {
-                                theDstCStr[i] = 0;
-                                
-                                break;
-                        }
-                        
-                        else
-                        {
-                                theDstCStr[i] = theSrcCStr[i];
-                        }
-                }
-        }
-}
-
-
-
-void CopyCSubstrToCStr(const char *theSrcCStr,const int maxCharsToCopy,char *theDstCStr,const int maxDstStrLength)
-{
-int             i;
-
-
-        if (theDstCStr != nil && theSrcCStr != nil && maxDstStrLength > 0)
-        {
-                for (i = 0;;i++)
-                {
-                        if (theSrcCStr[i] == 0 || i >= maxDstStrLength - 1 || i >= maxCharsToCopy)
-                        {
-                                theDstCStr[i] = 0;
-                                
-                                break;
-                        }
-                        
-                        else
-                        {
-                                theDstCStr[i] = theSrcCStr[i];
-                        }
-                }
-        }
-}
-
-
-
-void CopyCSubstrToPStr(const char *theSrcCStr,const int maxCharsToCopy,unsigned char *theDstPStr,const int maxDstStrLength)
-{
-int             i;
-int             theMaxDstStrLength;
-
-        
-        theMaxDstStrLength = maxDstStrLength;
-
-        if (theDstPStr != nil && theSrcCStr != nil && theMaxDstStrLength > 0)
-        {
-                if (theMaxDstStrLength > 255)
-                {
-                        theMaxDstStrLength = 255;
-                }
-                
-                
-                for (i = 0;;i++)
-                {
-                        if (theSrcCStr[i] == 0 || i >= theMaxDstStrLength - 1 || i >= maxCharsToCopy)
-                        {
-                                theDstPStr[0] = i;
-                                
-                                break;
-                        }
-                        
-                        else
-                        {
-                                theDstPStr[i + 1] = theSrcCStr[i];
-                        }
-                }
-        }
-}
-
-
-
-void CopyCStrToPStr(const char *theSrcCStr,unsigned char *theDstPStr,const int maxDstStrLength)
-{
-int             i;
-int             theMaxDstStrLength;
-
-        
-        theMaxDstStrLength = maxDstStrLength;
-
-        if (theDstPStr != nil && theSrcCStr != nil && theMaxDstStrLength > 0)
-        {
-                if (theMaxDstStrLength > 255)
-                {
-                        theMaxDstStrLength = 255;
-                }
-                
-                
-                for (i = 0;;i++)
-                {
-                        if (i >= theMaxDstStrLength - 1 || theSrcCStr[i] == 0)
-                        {
-                                theDstPStr[0] = i;
-                                
-                                break;
-                        }
-                        
-                        else
-                        {
-                                theDstPStr[i + 1] = theSrcCStr[i];
-                        }
-                }
-        }
-}
-
-
-void ConcatPStrToCStr(const unsigned char *thePStr,char *theCStr,const int maxCStrLength)
-{
-int             i,numPChars,cStrLength;
-
-
-        if (thePStr != nil && theCStr != nil && maxCStrLength > 0)
-        {
-                for (cStrLength = 0;theCStr[cStrLength] != 0;cStrLength++)
-                {
-                
-                }
-                
-
-                numPChars = thePStr[0];
-                
-                
-                for (i = 0;;i++)
-                {
-                        if (i >= numPChars || cStrLength >= maxCStrLength - 1)
-                        {
-                                theCStr[cStrLength++] = 0;
-                                
-                                break;
-                        }
-                        
-                        else
-                        {
-                                theCStr[cStrLength++] = thePStr[i + 1];
-                        }
-                }
-        }
-}
-
-
-
-void ConcatPStrToPStr(const unsigned char *theSrcPStr,unsigned char *theDstPStr,const int maxDstStrLength)
-{
-int             theMaxDstStrLength;
-
-        
-        theMaxDstStrLength = maxDstStrLength;
-        
-        if (theSrcPStr != nil && theDstPStr != nil && theMaxDstStrLength > 0)
-        {
-                if (theMaxDstStrLength > 255)
-                {
-                        theMaxDstStrLength = 255;
-                }
-                
-                
-                if (theMaxDstStrLength - theDstPStr[0] - 1 < theSrcPStr[0])
-                {
-                        BlockMove(theSrcPStr + 1,theDstPStr + theDstPStr[0] + 1,theMaxDstStrLength - 1 - theDstPStr[0]);
-                        
-                        theDstPStr[0] = theMaxDstStrLength - 1;
-                }
-                
-                else
-                {
-                        BlockMove(theSrcPStr + 1,theDstPStr + theDstPStr[0] + 1,theSrcPStr[0]);
-                        
-                        theDstPStr[0] += theSrcPStr[0];
-                }
-        }
-}
-
-
-
-void ConcatCStrToPStr(const char *theSrcCStr,unsigned char *theDstPStr,const int maxDstStrLength)
-{
-int             i,thePStrLength;
-int             theMaxDstStrLength;
-
-        
-        theMaxDstStrLength = maxDstStrLength;
-
-        if (theSrcCStr != nil && theDstPStr != nil && theMaxDstStrLength > 0)
-        {
-                if (theMaxDstStrLength > 255)
-                {
-                        theMaxDstStrLength = 255;
-                }
-                
-                
-                thePStrLength = theDstPStr[0];
-                
-                for (i = 0;;i++)
-                {
-                        if (theSrcCStr[i] == 0 || thePStrLength >= theMaxDstStrLength - 1)
-                        {
-                                theDstPStr[0] = thePStrLength;
-                                
-                                break;
-                        }
-                        
-                        else
-                        {
-                                theDstPStr[thePStrLength + 1] = theSrcCStr[i];
-                                
-                                thePStrLength++;
-                        }
-                }
-        }
-}
-
-
-
-void ConcatCStrToCStr(const char *theSrcCStr,char *theDstCStr,const int maxCStrLength)
-{
-int             cStrLength;
-
-
-        if (theSrcCStr != nil && theDstCStr != nil && maxCStrLength > 0)
-        {
-                for (cStrLength = 0;theDstCStr[cStrLength] != 0;cStrLength++)
-                {
-                
-                }
-                
-
-                for (;;)
-                {
-                        if (*theSrcCStr == 0 || cStrLength >= maxCStrLength - 1)
-                        {
-                                theDstCStr[cStrLength++] = 0;
-                                
-                                break;
-                        }
-                        
-                        else
-                        {
-                                theDstCStr[cStrLength++] = *theSrcCStr++;
-                        }
-                }
-        }
-}
-
-
-
-void ConcatCharToCStr(const char theChar,char *theDstCStr,const int maxCStrLength)
-{
-int             cStrLength;
-
-
-        if (theDstCStr != nil && maxCStrLength > 0)
-        {
-                cStrLength = CStrLength(theDstCStr);
-                
-                if (cStrLength < maxCStrLength - 1)
-                {
-                        theDstCStr[cStrLength++] = theChar;
-                        theDstCStr[cStrLength++] = '\0';
-                }
-        }
-}
-
-
-
-void ConcatCharToPStr(const char theChar,unsigned char *theDstPStr,const int maxPStrLength)
-{
-int             pStrLength;
-
-
-        if (theDstPStr != nil && maxPStrLength > 0)
-        {
-                pStrLength = PStrLength(theDstPStr);
-                
-                if (pStrLength < maxPStrLength - 1 && pStrLength < 255)
-                {
-                        theDstPStr[pStrLength + 1] = theChar;
-                        theDstPStr[0] += 1;
-                }
-        }
-}
-
-
-
-
-int CompareCStrs(const char *theFirstCStr,const char *theSecondCStr,const Boolean ignoreCase)
-{
-int             returnValue;
-char    firstChar,secondChar;
-
-        
-        returnValue = 0;
-        
-        
-        if (theFirstCStr != nil && theSecondCStr != nil)
-        {
-                for (;;)
-                {
-                        firstChar = *theFirstCStr;
-                        secondChar = *theSecondCStr;
-                        
-                        if (ignoreCase == true)
-                        {
-                                if (firstChar >= 'A' && firstChar <= 'Z')
-                                {
-                                        firstChar = 'a' + (firstChar - 'A');
-                                }
-                                
-                                if (secondChar >= 'A' && secondChar <= 'Z')
-                                {
-                                        secondChar = 'a' + (secondChar - 'A');
-                                }
-                        }
-                        
-                        
-                        if (firstChar == 0 && secondChar != 0)
-                        {
-                                returnValue = -1;
-                                
-                                break;
-                        }
-                        
-                        else if (firstChar != 0 && secondChar == 0)
-                        {
-                                returnValue = 1;
-                                
-                                break;
-                        }
-                        
-                        else if (firstChar == 0 && secondChar == 0)
-                        {
-                                returnValue = 0;
-                                
-                                break;
-                        }
-                        
-                        else if (firstChar < secondChar)
-                        {
-                                returnValue = -1;
-                                
-                                break;
-                        }
-                        
-                        else if (firstChar > secondChar)
-                        {
-                                returnValue = 1;
-                                
-                                break;
-                        }
-                        
-                        theFirstCStr++;
-                        theSecondCStr++;
-                }
-        }
-        
-        
-        return(returnValue);
-}
-
-
-
-Boolean CStrsAreEqual(const char *theFirstCStr,const char *theSecondCStr,const Boolean ignoreCase)
-{
-        if (CompareCStrs(theFirstCStr,theSecondCStr,ignoreCase) == 0)
-        {
-                return true;
-        }
-        
-        else
-        {
-                return false;
-        }
-}
-
-
-Boolean PStrsAreEqual(const unsigned char *theFirstPStr,const unsigned char *theSecondPStr,const Boolean ignoreCase)
-{
-        if (ComparePStrs(theFirstPStr,theSecondPStr,ignoreCase) == 0)
-        {
-                return true;
-        }
-        
-        else
-        {
-                return false;
-        }
-}
-
-
-
-int ComparePStrs(const unsigned char *theFirstPStr,const unsigned char *theSecondPStr,const Boolean ignoreCase)
-{
-int             i,returnValue;
-char    firstChar,secondChar;
-
-        
-        returnValue = 0;
-        
-        
-        if (theFirstPStr != nil && theSecondPStr != nil)
-        {
-                for (i = 1;;i++)
-                {
-                        firstChar = theFirstPStr[i];
-                        secondChar = theSecondPStr[i];
-
-                        if (ignoreCase == true)
-                        {
-                                if (firstChar >= 'A' && firstChar <= 'Z')
-                                {
-                                        firstChar = 'a' + (firstChar - 'A');
-                                }
-                                
-                                if (secondChar >= 'A' && secondChar <= 'Z')
-                                {
-                                        secondChar = 'a' + (secondChar - 'A');
-                                }
-                        }
-
-
-                        if (theFirstPStr[0] < i && theSecondPStr[0] >= i)
-                        {
-                                returnValue = -1;
-                                
-                                break;
-                        }
-                        
-                        else if (theFirstPStr[0] >= i && theSecondPStr[0] < i)
-                        {
-                                returnValue = 1;
-                                
-                                break;
-                        }
-                        
-                        else if (theFirstPStr[0] < i && theSecondPStr[0] < i)
-                        {
-                                returnValue = 0;
-                                
-                                break;
-                        }
-                        
-                        else if (firstChar < secondChar)
-                        {
-                                returnValue = -1;
-                                
-                                break;
-                        }
-                        
-                        else if (firstChar > secondChar)
-                        {
-                                returnValue = 1;
-                                
-                                break;
-                        }
-                }
-        }
-        
-        
-        return(returnValue);
-}
-
-
-
-int CompareCStrToPStr(const char *theCStr,const unsigned char *thePStr,const Boolean ignoreCase)
-{
-int             returnValue;
-char    tempString[256];
-
-        
-        returnValue = 0;
-        
-        if (theCStr != nil && thePStr != nil)
-        {
-                CopyPStrToCStr(thePStr,tempString,sizeof(tempString));
-                
-                returnValue = CompareCStrs(theCStr,tempString,ignoreCase);
-        }
-        
-        
-        return(returnValue);
-}
-
-
-
-void ConcatLongIntToCStr(const long theNum,char *theCStr,const int maxCStrLength,const int numDigits)
-{
-Str255          theStr255;
-
-
-        NumToString(theNum,theStr255);
-
-
-        if (numDigits > 0)
-        {
-        int     charsToInsert;
-        
-                
-                charsToInsert = numDigits - PStrLength(theStr255);
-                
-                if (charsToInsert > 0)
-                {
-                char    tempString[256];
-                        
-                        CopyCStrToCStr("",tempString,sizeof(tempString));
-                        
-                        for (;charsToInsert > 0;charsToInsert--)
-                        {
-                                ConcatCStrToCStr("0",tempString,sizeof(tempString));
-                        }
-                        
-                        ConcatPStrToCStr(theStr255,tempString,sizeof(tempString));
-                        
-                        CopyCStrToPStr(tempString,theStr255,sizeof(theStr255));
-                }
-        }
-
-
-        ConcatPStrToCStr(theStr255,theCStr,maxCStrLength);
-}
-
-
-
-
-void ConcatLongIntToPStr(const long theNum,unsigned char *thePStr,const int maxPStrLength,const int numDigits)
-{
-Str255          theStr255;
-
-
-        NumToString(theNum,theStr255);
-
-
-        if (numDigits > 0)
-        {
-        int     charsToInsert;
-        
-                
-                charsToInsert = numDigits - PStrLength(theStr255);
-                
-                if (charsToInsert > 0)
-                {
-                char    tempString[256];
-                        
-                        CopyCStrToCStr("",tempString,sizeof(tempString));
-                        
-                        for (;charsToInsert > 0;charsToInsert--)
-                        {
-                                ConcatCStrToCStr("0",tempString,sizeof(tempString));
-                        }
-                        
-                        ConcatPStrToCStr(theStr255,tempString,sizeof(tempString));
-                        
-                        CopyCStrToPStr(tempString,theStr255,sizeof(theStr255));
-                }
-        }
-
-
-        ConcatPStrToPStr(theStr255,thePStr,maxPStrLength);
-}
-
-
-
-void CopyCStrAndConcatLongIntToCStr(const char *theSrcCStr,const long theNum,char *theDstCStr,const int maxDstStrLength)
-{
-        CopyCStrToCStr(theSrcCStr,theDstCStr,maxDstStrLength);
-        
-        ConcatLongIntToCStr(theNum,theDstCStr,maxDstStrLength);
-}
-
-
-
-void CopyLongIntToCStr(const long theNum,char *theCStr,const int maxCStrLength,const int numDigits)
-{
-Str255          theStr255;
-
-
-        NumToString(theNum,theStr255);
-
-
-        if (numDigits > 0)
-        {
-        int     charsToInsert;
-        
-                
-                charsToInsert = numDigits - PStrLength(theStr255);
-                
-                if (charsToInsert > 0)
-                {
-                char    tempString[256];
-                        
-                        CopyCStrToCStr("",tempString,sizeof(tempString));
-                        
-                        for (;charsToInsert > 0;charsToInsert--)
-                        {
-                                ConcatCStrToCStr("0",tempString,sizeof(tempString));
-                        }
-                        
-                        ConcatPStrToCStr(theStr255,tempString,sizeof(tempString));
-                        
-                        CopyCStrToPStr(tempString,theStr255,sizeof(theStr255));
-                }
-        }
-
-
-        CopyPStrToCStr(theStr255,theCStr,maxCStrLength);
-}
-
-
-
-
-
-void CopyUnsignedLongIntToCStr(const unsigned long theNum,char *theCStr,const int maxCStrLength)
-{
-char                    tempString[256];
-int                             srcCharIndex,dstCharIndex;
-unsigned long   tempNum,quotient,remainder;
-
-        
-        if (theNum == 0)
-        {
-                CopyCStrToCStr("0",theCStr,maxCStrLength);
-        }
-        
-        else
-        {
-                srcCharIndex = 0;
-                
-                tempNum = theNum;
-                
-                for (;;)
-                {
-                        if (srcCharIndex >= sizeof(tempString) - 1 || tempNum == 0)
-                        {
-                                for (dstCharIndex = 0;;)
-                                {
-                                        if (dstCharIndex >= maxCStrLength - 1 || srcCharIndex <= 0)
-                                        {
-                                                theCStr[dstCharIndex] = 0;
-                                                
-                                                break;
-                                        }
-                                        
-                                        theCStr[dstCharIndex++] = tempString[--srcCharIndex];
-                                }
-                                
-                                break;
-                        }
-                        
-
-                        quotient = tempNum / 10;
-                        
-                        remainder = tempNum - (quotient * 10);
-                        
-                        tempString[srcCharIndex] = '0' + remainder;
-                        
-                        srcCharIndex++;
-                        
-                        tempNum = quotient;
-                }
-        }
-}
-
-
-
-
-void CopyLongIntToPStr(const long theNum,unsigned char *thePStr,const int maxPStrLength,const int numDigits)
-{
-char    tempString[256];
-
-
-        CopyLongIntToCStr(theNum,tempString,sizeof(tempString),numDigits);
-        
-        CopyCStrToPStr(tempString,thePStr,maxPStrLength);
-}
-
-
-
-OSErr CopyLongIntToNewHandle(const long inTheLongInt,Handle *theHandle)
-{
-OSErr           errCode = noErr;
-char            tempString[32];
-        
-        
-        CopyLongIntToCStr(inTheLongInt,tempString,sizeof(tempString));
-        
-        errCode = CopyCStrToNewHandle(tempString,theHandle);
-
-        return(errCode);
-}
-
-
-OSErr CopyLongIntToExistingHandle(const long inTheLongInt,Handle theHandle)
-{
-OSErr           errCode = noErr;
-char            tempString[32];
-        
-        
-        CopyLongIntToCStr(inTheLongInt,tempString,sizeof(tempString));
-        
-        errCode = CopyCStrToExistingHandle(tempString,theHandle);
-
-        return(errCode);
-}
-
-
-
-
-OSErr CopyCStrToExistingHandle(const char *theCString,Handle theHandle)
-{
-OSErr   errCode = noErr;
-long    stringLength;
-
-        
-        if (theCString == nil)
-        {
-                SetErrorMessageAndBail(("CopyCStrToExistingHandle: Bad parameter, theCString == nil"));
-        }
-
-        if (theHandle == nil)
-        {
-                SetErrorMessageAndBail(("CopyCStrToExistingHandle: Bad parameter, theHandle == nil"));
-        }
-
-        if (*theHandle == nil)
-        {
-                SetErrorMessageAndBail(("CopyCStrToExistingHandle: Bad parameter, *theHandle == nil"));
-        }
-
-
-
-        stringLength = CStrLength(theCString) + 1;
-        
-        SetHandleSize(theHandle,stringLength);
-        
-        if (GetHandleSize(theHandle) < stringLength)
-        {
-                SetErrorMessageAndLongIntAndBail("CopyCStrToExistingHandle: Can't set Handle size, MemError() = ",MemError());
-        }
-        
-        
-        ::BlockMove(theCString,*theHandle,stringLength);
-        
-
-EXITPOINT:
-        
-        return(errCode);
-}
-
-
-
-
-
-OSErr CopyCStrToNewHandle(const char *theCString,Handle *theHandle)
-{
-OSErr   errCode = noErr;
-long    stringLength;
-
-        
-        if (theCString == nil)
-        {
-                SetErrorMessageAndBail(("CopyCStrToNewHandle: Bad parameter, theCString == nil"));
-        }
-
-        if (theHandle == nil)
-        {
-                SetErrorMessageAndBail(("CopyCStrToNewHandle: Bad parameter, theHandle == nil"));
-        }
-
-
-
-        stringLength = CStrLength(theCString) + 1;
-        
-        *theHandle = NewHandle(stringLength);
-        
-        if (*theHandle == nil)
-        {
-                SetErrorMessageAndLongIntAndBail("CopyCStrToNewHandle: Can't allocate Handle, MemError() = ",MemError());
-        }
-        
-        
-        ::BlockMove(theCString,**theHandle,stringLength);
-        
-
-EXITPOINT:
-        
-        return(errCode);
-}
-
-
-
-OSErr CopyPStrToNewHandle(const unsigned char *thePString,Handle *theHandle)
-{
-OSErr   errCode = noErr;
-long    stringLength;
-
-        
-        if (thePString == nil)
-        {
-                SetErrorMessageAndBail(("CopyPStrToNewHandle: Bad parameter, thePString == nil"));
-        }
-
-        if (theHandle == nil)
-        {
-                SetErrorMessageAndBail(("CopyPStrToNewHandle: Bad parameter, theHandle == nil"));
-        }
-
-
-
-        stringLength = PStrLength(thePString) + 1;
-        
-        *theHandle = NewHandle(stringLength);
-        
-        if (*theHandle == nil)
-        {
-                SetErrorMessageAndLongIntAndBail("CopyPStrToNewHandle: Can't allocate Handle, MemError() = ",MemError());
-        }
-        
-        
-        if (stringLength > 1)
-        {
-                BlockMove(thePString + 1,**theHandle,stringLength - 1);
-        }
-        
-        (**theHandle)[stringLength - 1] = 0;
-        
-
-EXITPOINT:
-        
-        return(errCode);
-}
-
-
-OSErr AppendPStrToHandle(const unsigned char *thePString,Handle theHandle,long *currentLength)
-{
-OSErr           errCode = noErr;
-char            tempString[256];
-
-        
-        CopyPStrToCStr(thePString,tempString,sizeof(tempString));
-        
-        errCode = AppendCStrToHandle(tempString,theHandle,currentLength);
-        
-
-EXITPOINT:
-        
-        return(errCode);
-}
-
-
-
-OSErr AppendCStrToHandle(const char *theCString,Handle theHandle,long *currentLength,long *maxLength)
-{
-OSErr           errCode = noErr;
-long            handleMaxLength,handleCurrentLength,stringLength,byteCount;
-
-
-        if (theCString == nil)
-        {
-                SetErrorMessageAndBail(("AppendCStrToHandle: Bad parameter, theCString == nil"));
-        }
-
-        if (theHandle == nil)
-        {
-                SetErrorMessageAndBail(("AppendCStrToHandle: Bad parameter, theHandle == nil"));
-        }
-        
-        
-        if (maxLength != nil)
-        {
-                handleMaxLength = *maxLength;
-        }
-        
-        else
-        {
-                handleMaxLength = GetHandleSize(theHandle);
-        }
-        
-        
-        if (currentLength != nil && *currentLength >= 0)
-        {
-                handleCurrentLength = *currentLength;
-        }
-        
-        else
-        {
-                handleCurrentLength = CStrLength(*theHandle);
-        }
-        
-        
-        stringLength = CStrLength(theCString);
-        
-        byteCount = handleCurrentLength + stringLength + 1;
-        
-        if (byteCount > handleMaxLength)
-        {
-                SetHandleSize(theHandle,handleCurrentLength + stringLength + 1);
-                
-                if (maxLength != nil)
-                {
-                        *maxLength = GetHandleSize(theHandle);
-                        
-                        handleMaxLength = *maxLength;
-                }
-                
-                else
-                {
-                        handleMaxLength = GetHandleSize(theHandle);
-                }
-
-                if (byteCount > handleMaxLength)
-                {
-                        SetErrorMessageAndLongIntAndBail("AppendCStrToHandle: Can't increase Handle allocation, MemError() = ",MemError());
-                }
-        }
-        
-        
-        BlockMove(theCString,*theHandle + handleCurrentLength,stringLength + 1);
-        
-        
-        if (currentLength != nil)
-        {
-                *currentLength += stringLength;
-        }
-
-
-        errCode = noErr;
-        
-        
-EXITPOINT:
-
-        return(errCode);
-}
-
-
-
-OSErr AppendCharsToHandle(const char *theChars,const int numChars,Handle theHandle,long *currentLength,long *maxLength)
-{
-OSErr           errCode = noErr;
-long            handleMaxLength,handleCurrentLength,byteCount;
-
-
-        if (theChars == nil)
-        {
-                SetErrorMessageAndBail(("AppendCharsToHandle: Bad parameter, theChars == nil"));
-        }
-
-        if (theHandle == nil)
-        {
-                SetErrorMessageAndBail(("AppendCharsToHandle: Bad parameter, theHandle == nil"));
-        }
-        
-        
-        if (maxLength != nil)
-        {
-                handleMaxLength = *maxLength;
-        }
-        
-        else
-        {
-                handleMaxLength = GetHandleSize(theHandle);
-        }
-        
-        
-        if (currentLength != nil && *currentLength >= 0)
-        {
-                handleCurrentLength = *currentLength;
-        }
-        
-        else
-        {
-                handleCurrentLength = CStrLength(*theHandle);
-        }
-        
-        
-        byteCount = handleCurrentLength + numChars + 1;
-        
-        if (byteCount > handleMaxLength)
-        {
-                SetHandleSize(theHandle,handleCurrentLength + numChars + 1);
-                
-                if (maxLength != nil)
-                {
-                        *maxLength = GetHandleSize(theHandle);
-                        
-                        handleMaxLength = *maxLength;
-                }
-                
-                else
-                {
-                        handleMaxLength = GetHandleSize(theHandle);
-                }
-
-                if (byteCount > handleMaxLength)
-                {
-                        SetErrorMessageAndLongIntAndBail("AppendCharsToHandle: Can't increase Handle allocation, MemError() = ",MemError());
-                }
-        }
-        
-        
-        BlockMove(theChars,*theHandle + handleCurrentLength,numChars);
-        
-        (*theHandle)[handleCurrentLength + numChars] = '\0';
-        
-        if (currentLength != nil)
-        {
-                *currentLength += numChars;
-        }
-
-
-        errCode = noErr;
-        
-        
-EXITPOINT:
-
-        return(errCode);
-}
-
-
-
-OSErr AppendLongIntToHandle(const long inTheLongInt,Handle theHandle,long *currentLength)
-{
-OSErr           errCode = noErr;
-char            tempString[32];
-        
-        
-        CopyLongIntToCStr(inTheLongInt,tempString,sizeof(tempString));
-        
-        errCode = AppendCStrToHandle(tempString,theHandle,currentLength);
-
-        return(errCode);
-}
-
-
-
-
-long CStrLength(const char *theCString)
-{
-long    cStrLength = 0;
-
-        
-        if (theCString != nil)
-        {
-                for (cStrLength = 0;theCString[cStrLength] != 0;cStrLength++)
-                {
-                
-                }
-        }
-        
-        
-        return(cStrLength);
-}
-
-
-
-long PStrLength(const unsigned char *thePString)
-{
-long    pStrLength = 0;
-
-        
-        if (thePString != nil)
-        {
-                pStrLength = thePString[0];
-        }
-        
-        
-        return(pStrLength);
-}
-
-
-
-
-
-void ZeroMem(void *theMemPtr,const unsigned long numBytes)
-{
-unsigned char   *theBytePtr;
-unsigned long   *theLongPtr;
-unsigned long   numSingleBytes;
-unsigned long   theNumBytes;
-
-        
-        theNumBytes = numBytes;
-        
-        if (theMemPtr != nil && theNumBytes > 0)
-        {
-                theBytePtr = (unsigned char     *) theMemPtr;
-                
-                numSingleBytes = (unsigned long) theBytePtr & 0x0003;
-                
-                while (numSingleBytes > 0)
-                {
-                        *theBytePtr++ = 0;
-                        
-                        theNumBytes--;
-                        numSingleBytes--;
-                }
-                
-
-                theLongPtr = (unsigned long     *) theBytePtr;
-                
-                while (theNumBytes >= 4)
-                {
-                        *theLongPtr++ = 0;
-                        
-                        theNumBytes -= 4;
-                }
-                
-                
-                theBytePtr = (unsigned char     *) theLongPtr;
-                
-                while (theNumBytes > 0)
-                {
-                        *theBytePtr++ = 0;
-                        
-                        theNumBytes--;
-                }
-        }
-}
-
-
-
-
-char *FindCharInCStr(const char theChar,const char *theCString)
-{
-char    *theStringSearchPtr;
-
-        
-        theStringSearchPtr = (char      *) theCString;
-        
-        if (theStringSearchPtr != nil)
-        {
-                while (*theStringSearchPtr != '\0' && *theStringSearchPtr != theChar)
-                {
-                        theStringSearchPtr++;
-                }
-                
-                if (*theStringSearchPtr == '\0')
-                {
-                        theStringSearchPtr = nil;
-                }
-        }
-        
-        return(theStringSearchPtr);
-}
-
-
-
-long FindCharOffsetInCStr(const char theChar,const char *theCString,const Boolean inIgnoreCase)
-{
-long    theOffset = -1;
-
-
-        if (theCString != nil)
-        {
-                theOffset = 0;
-                
-
-                if (inIgnoreCase)
-                {
-                char    searchChar = theChar;
-                
-                        if (searchChar >= 'a' && searchChar <= 'z')
-                        {
-                                searchChar = searchChar - 'a' + 'A';
-                        }
-                        
-                        
-                        while (*theCString != 0)
-                        {
-                        char    currentChar = *theCString;
-                        
-                                if (currentChar >= 'a' && currentChar <= 'z')
-                                {
-                                        currentChar = currentChar - 'a' + 'A';
-                                }
-                        
-                                if (currentChar == searchChar)
-                                {
-                                        break;
-                                }
-                                
-                                theCString++;
-                                theOffset++;
-                        }
-                }
-                
-                else
-                {
-                        while (*theCString != 0 && *theCString != theChar)
-                        {
-                                theCString++;
-                                theOffset++;
-                        }
-                }
-                
-                if (*theCString == 0)
-                {
-                        theOffset = -1;
-                }
-        }
-        
-        return(theOffset);
-}
-
-
-long FindCStrOffsetInCStr(const char *theCSubstring,const char *theCString,const Boolean inIgnoreCase)
-{
-long    theOffset = -1;
-
-
-        if (theCSubstring != nil && theCString != nil)
-        {
-                for (theOffset = 0;;theOffset++)
-                {
-                        if (theCString[theOffset] == 0)
-                        {
-                                theOffset = -1;
-                                
-                                goto EXITPOINT;
-                        }
-                        
-                        
-                        for (const char *tempSubstringPtr = theCSubstring,*tempCStringPtr = theCString + theOffset;;tempSubstringPtr++,tempCStringPtr++)
-                        {
-                                if (*tempSubstringPtr == 0)
-                                {
-                                        goto EXITPOINT;
-                                }
-                                
-                                else if (*tempCStringPtr == 0)
-                                {
-                                        break;
-                                }
-                        
-                        char    searchChar = *tempSubstringPtr;
-                        char    currentChar = *tempCStringPtr;
-                        
-                                if (inIgnoreCase && searchChar >= 'a' && searchChar <= 'z')
-                                {
-                                        searchChar = searchChar - 'a' + 'A';
-                                }
-                                
-                                if (inIgnoreCase && currentChar >= 'a' && currentChar <= 'z')
-                                {
-                                        currentChar = currentChar - 'a' + 'A';
-                                }
-                                
-                                if (currentChar != searchChar)
-                                {
-                                        break;
-                                }
-                        }
-                }
-                
-                theOffset = -1;
-        }
-
-
-EXITPOINT:
-        
-        return(theOffset);
-}
-
-
-
-void InsertCStrIntoCStr(const char *theSrcCStr,const int theInsertionOffset,char *theDstCStr,const int maxDstStrLength)
-{
-int             currentLength;
-int             insertLength;
-int             numCharsToInsert;
-int             numCharsToShift;
-
-        
-        if (theDstCStr != nil && theSrcCStr != nil && maxDstStrLength > 0 && theInsertionOffset < maxDstStrLength - 1)
-        {
-                currentLength = CStrLength(theDstCStr);
-                
-                insertLength = CStrLength(theSrcCStr);
-                
-
-                if (theInsertionOffset + insertLength < maxDstStrLength - 1)
-                {
-                        numCharsToInsert = insertLength;
-                }
-                
-                else
-                {
-                        numCharsToInsert = maxDstStrLength - 1 - theInsertionOffset;
-                }
-                
-
-                if (numCharsToInsert + currentLength < maxDstStrLength - 1)
-                {
-                        numCharsToShift = currentLength - theInsertionOffset;
-                }
-                
-                else
-                {
-                        numCharsToShift = maxDstStrLength - 1 - theInsertionOffset - numCharsToInsert;
-                }
-
-                
-                if (numCharsToShift > 0)
-                {
-                        BlockMove(theDstCStr + theInsertionOffset,theDstCStr + theInsertionOffset + numCharsToInsert,numCharsToShift);
-                }
-                
-                if (numCharsToInsert > 0)
-                {
-                        BlockMove(theSrcCStr,theDstCStr + theInsertionOffset,numCharsToInsert);
-                }
-                
-                theDstCStr[theInsertionOffset + numCharsToInsert + numCharsToShift] = 0;
-        }
-}
-
-
-
-void InsertPStrIntoCStr(const unsigned char *theSrcPStr,const int theInsertionOffset,char *theDstCStr,const int maxDstStrLength)
-{
-int             currentLength;
-int             insertLength;
-int             numCharsToInsert;
-int             numCharsToShift;
-
-        
-        if (theDstCStr != nil && theSrcPStr != nil && maxDstStrLength > 0 && theInsertionOffset < maxDstStrLength - 1)
-        {
-                currentLength = CStrLength(theDstCStr);
-                
-                insertLength = PStrLength(theSrcPStr);
-                
-
-                if (theInsertionOffset + insertLength < maxDstStrLength - 1)
-                {
-                        numCharsToInsert = insertLength;
-                }
-                
-                else
-                {
-                        numCharsToInsert = maxDstStrLength - 1 - theInsertionOffset;
-                }
-                
-
-                if (numCharsToInsert + currentLength < maxDstStrLength - 1)
-                {
-                        numCharsToShift = currentLength - theInsertionOffset;
-                }
-                
-                else
-                {
-                        numCharsToShift = maxDstStrLength - 1 - theInsertionOffset - numCharsToInsert;
-                }
-
-                
-                if (numCharsToShift > 0)
-                {
-                        BlockMove(theDstCStr + theInsertionOffset,theDstCStr + theInsertionOffset + numCharsToInsert,numCharsToShift);
-                }
-                
-                if (numCharsToInsert > 0)
-                {
-                        BlockMove(theSrcPStr + 1,theDstCStr + theInsertionOffset,numCharsToInsert);
-                }
-                
-                theDstCStr[theInsertionOffset + numCharsToInsert + numCharsToShift] = 0;
-        }
-}
-
-
-
-OSErr InsertCStrIntoHandle(const char *theCString,Handle theHandle,const long inInsertOffset)
-{
-OSErr   errCode;
-int             currentLength;
-int             insertLength;
-
-        
-        SetErrorMessageAndBailIfNil(theCString,"InsertCStrIntoHandle: Bad parameter, theCString == nil");
-
-        SetErrorMessageAndBailIfNil(theHandle,"InsertCStrIntoHandle: Bad parameter, theHandle == nil");
-        
-        currentLength = CStrLength(*theHandle);
-        
-        if (currentLength + 1 > ::GetHandleSize(theHandle))
-        {
-                SetErrorMessageAndBail("InsertCStrIntoHandle: Handle has been overflowed");
-        }
-        
-        if (inInsertOffset > currentLength)
-        {
-                SetErrorMessageAndBail("InsertCStrIntoHandle: Insertion offset is greater than string length");
-        }
-        
-        insertLength = CStrLength(theCString);
-        
-        ::SetHandleSize(theHandle,currentLength + 1 + insertLength);
-        
-        if (::GetHandleSize(theHandle) < currentLength + 1 + insertLength)
-        {
-                SetErrorMessageAndLongIntAndBail("InsertCStrIntoHandle: Can't expand storage for Handle, MemError() = ",MemError());
-        }
-        
-        ::BlockMove(*theHandle + inInsertOffset,*theHandle + inInsertOffset + insertLength,currentLength - inInsertOffset + 1);
-        
-        ::BlockMove(theCString,*theHandle + inInsertOffset,insertLength);
-
-
-        errCode = noErr;
-        
-        
-EXITPOINT:
-
-        return(errCode);
-}
-
-
-
-
-void CopyCStrAndInsert1LongIntIntoCStr(const char *theSrcCStr,const long theNum,char *theDstCStr,const int maxDstStrLength)
-{
-        CopyCStrAndInsertCStrLongIntIntoCStr(theSrcCStr,nil,theNum,theDstCStr,maxDstStrLength);
-}
-
-
-void CopyCStrAndInsert2LongIntsIntoCStr(const char *theSrcCStr,const long long1,const long long2,char *theDstCStr,const int maxDstStrLength)
-{
-const long      theLongInts[] = { long1,long2 };
-
-        CopyCStrAndInsertCStrsLongIntsIntoCStr(theSrcCStr,nil,theLongInts,theDstCStr,maxDstStrLength);
-}
-
-
-void CopyCStrAndInsert3LongIntsIntoCStr(const char *theSrcCStr,const long long1,const long long2,const long long3,char *theDstCStr,const int maxDstStrLength)
-{
-const long      theLongInts[] = { long1,long2,long3 };
-
-        CopyCStrAndInsertCStrsLongIntsIntoCStr(theSrcCStr,nil,theLongInts,theDstCStr,maxDstStrLength);
-}
-
-
-void CopyCStrAndInsertCStrIntoCStr(const char *theSrcCStr,const char *theInsertCStr,char *theDstCStr,const int maxDstStrLength)
-{
-const char      *theCStrs[2] = { theInsertCStr,nil };
-
-        CopyCStrAndInsertCStrsLongIntsIntoCStr(theSrcCStr,theCStrs,nil,theDstCStr,maxDstStrLength);
-}
-
-
-
-void CopyCStrAndInsertCStrLongIntIntoCStr(const char *theSrcCStr,const char *theInsertCStr,const long theNum,char *theDstCStr,const int maxDstStrLength)
-{
-const char      *theCStrs[2] = { theInsertCStr,nil };
-const long      theLongInts[1] = { theNum };
-
-        CopyCStrAndInsertCStrsLongIntsIntoCStr(theSrcCStr,theCStrs,theLongInts,theDstCStr,maxDstStrLength);
-}
-
-
-
-void CopyCStrAndInsertCStrsLongIntsIntoCStr(const char *theSrcCStr,const char **theInsertCStrs,const long *theLongInts,char *theDstCStr,const int maxDstStrLength)
-{
-int                     dstCharIndex,srcCharIndex,theMaxDstStrLength;
-int                     theCStrIndex = 0;
-int                     theLongIntIndex = 0;
-
-        
-        theMaxDstStrLength = maxDstStrLength;
-        
-        if (theDstCStr != nil && theSrcCStr != nil && theMaxDstStrLength > 0)
-        {
-                dstCharIndex = 0;
-                
-                srcCharIndex = 0;
-                
-                
-                //      Allow room for NULL at end of string
-                
-                theMaxDstStrLength--;
-                
-                
-                for (;;)
-                {
-                        //      Hit end of buffer?
-                        
-                        if (dstCharIndex >= theMaxDstStrLength)
-                        {
-                                theDstCStr[dstCharIndex++] = 0;
-                                
-                                goto EXITPOINT;
-                        }
-                        
-                        //      End of source string?
-                        
-                        else if (theSrcCStr[srcCharIndex] == 0)
-                        {
-                                theDstCStr[dstCharIndex++] = 0;
-                                
-                                goto EXITPOINT;
-                        }
-                        
-                        //      Did we find a '%s'?
-                        
-                        else if (theInsertCStrs != nil && theInsertCStrs[theCStrIndex] != nil && theSrcCStr[srcCharIndex] == '%' && theSrcCStr[srcCharIndex + 1] == 's')
-                        {
-                                //      Skip over the '%s'
-                                
-                                srcCharIndex += 2;
-                                
-                                
-                                //      Terminate the dest string and then concat the string
-                                
-                                theDstCStr[dstCharIndex] = 0;
-                                
-                                ConcatCStrToCStr(theInsertCStrs[theCStrIndex],theDstCStr,theMaxDstStrLength);
-                                
-                                dstCharIndex = CStrLength(theDstCStr);
-                                
-                                theCStrIndex++;
-                        }
-                        
-                        //      Did we find a '%ld'?
-                        
-                        else if (theLongInts != nil && theSrcCStr[srcCharIndex] == '%' && theSrcCStr[srcCharIndex + 1] == 'l' && theSrcCStr[srcCharIndex + 2] == 'd')
-                        {
-                                //      Skip over the '%ld'
-                                
-                                srcCharIndex += 3;
-                                
-                                
-                                //      Terminate the dest string and then concat the number
-                                
-                                theDstCStr[dstCharIndex] = 0;
-                                
-                                ConcatLongIntToCStr(theLongInts[theLongIntIndex],theDstCStr,theMaxDstStrLength);
-                                
-                                theLongIntIndex++;
-                                
-                                dstCharIndex = CStrLength(theDstCStr);
-                        }
-                        
-                        else
-                        {
-                                theDstCStr[dstCharIndex++] = theSrcCStr[srcCharIndex++];
-                        }
-                }
-        }
-
-
-
-EXITPOINT:
-
-        return;
-}
-
-
-
-
-
-OSErr CopyCStrAndInsertCStrLongIntIntoHandle(const char *theSrcCStr,const char *theInsertCStr,const long theNum,Handle *theHandle)
-{
-OSErr   errCode;
-long    byteCount;
-
-        
-        if (theHandle != nil)
-        {
-                byteCount = CStrLength(theSrcCStr) + CStrLength(theInsertCStr) + 32;
-                
-                *theHandle = NewHandle(byteCount);
-                
-                if (*theHandle == nil)
-                {
-                        SetErrorMessageAndLongIntAndBail("CopyCStrAndInsertCStrLongIntIntoHandle: Can't allocate Handle, MemError() = ",MemError());
-                }
-                
-                
-                HLock(*theHandle);
-                
-                CopyCStrAndInsertCStrLongIntIntoCStr(theSrcCStr,theInsertCStr,theNum,**theHandle,byteCount);
-                
-                HUnlock(*theHandle);
-        }
-        
-        errCode = noErr;
-        
-        
-EXITPOINT:
-
-        return(errCode);
-}
-
-
-
-
-
-OSErr CopyIndexedWordToCStr(char *theSrcCStr,int whichWord,char *theDstCStr,int maxDstCStrLength)
-{
-OSErr           errCode;
-char            *srcCharPtr,*dstCharPtr;
-int                     wordCount;
-int                     byteCount;
-
-
-        if (theSrcCStr == nil)
-        {
-                SetErrorMessageAndBail(("CopyIndexedWordToCStr: Bad parameter, theSrcCStr == nil"));
-        }
-        
-        if (theDstCStr == nil)
-        {
-                SetErrorMessageAndBail(("CopyIndexedWordToCStr: Bad parameter, theDstCStr == nil"));
-        }
-        
-        if (whichWord < 0)
-        {
-                SetErrorMessageAndBail(("CopyIndexedWordToCStr: Bad parameter, whichWord < 0"));
-        }
-        
-        if (maxDstCStrLength <= 0)
-        {
-                SetErrorMessageAndBail(("CopyIndexedWordToCStr: Bad parameter, maxDstCStrLength <= 0"));
-        }
-
-        
-        *theDstCStr = '\0';
-        
-        srcCharPtr = theSrcCStr;
-
-        while (*srcCharPtr == ' ' || *srcCharPtr == '\t')
-        {
-                srcCharPtr++;
-        }
-        
-
-        for (wordCount = 0;wordCount < whichWord;wordCount++)
-        {
-                while (*srcCharPtr != ' ' && *srcCharPtr != '\t' && *srcCharPtr != '\r' && *srcCharPtr != '\n' && *srcCharPtr != '\0')
-                {
-                        srcCharPtr++;
-                }
-                
-                if (*srcCharPtr == '\r' || *srcCharPtr == '\n' || *srcCharPtr == '\0')
-                {
-                        errCode = noErr;
-                        
-                        goto EXITPOINT;
-                }
-
-                while (*srcCharPtr == ' ' || *srcCharPtr == '\t')
-                {
-                        srcCharPtr++;
-                }
-                
-                if (*srcCharPtr == '\r' || *srcCharPtr == '\n' || *srcCharPtr == '\0')
-                {
-                        errCode = noErr;
-                        
-                        goto EXITPOINT;
-                }
-        }
-
-
-        dstCharPtr = theDstCStr;
-        byteCount = 0;
-        
-        
-        for(;;)
-        {
-                if (byteCount >= maxDstCStrLength - 1 || *srcCharPtr == '\0' || *srcCharPtr == ' ' || *srcCharPtr == '\t' || *srcCharPtr == '\r' || *srcCharPtr == '\n')
-                {
-                        *dstCharPtr = '\0';
-                        break;
-                }
-                
-                *dstCharPtr++ = *srcCharPtr++;
-                
-                byteCount++;
-        }
-
-
-        errCode = noErr;
-
-
-EXITPOINT:
-
-        return(errCode);
-}
-
-
-
-
-
-OSErr CopyIndexedWordToNewHandle(char *theSrcCStr,int whichWord,Handle *outTheHandle)
-{
-OSErr           errCode;
-char            *srcCharPtr;
-int                     wordCount;
-int                     byteCount;
-
-
-        if (theSrcCStr == nil)
-        {
-                SetErrorMessageAndBail(("CopyIndexedWordToNewHandle: Bad parameter, theSrcCStr == nil"));
-        }
-        
-        if (outTheHandle == nil)
-        {
-                SetErrorMessageAndBail(("CopyIndexedWordToNewHandle: Bad parameter, outTheHandle == nil"));
-        }
-        
-        if (whichWord < 0)
-        {
-                SetErrorMessageAndBail(("CopyIndexedWordToNewHandle: Bad parameter, whichWord < 0"));
-        }
-
-        
-        *outTheHandle = nil;
-        
-
-        srcCharPtr = theSrcCStr;
-
-        while (*srcCharPtr == ' ' || *srcCharPtr == '\t')
-        {
-                srcCharPtr++;
-        }
-        
-
-        for (wordCount = 0;wordCount < whichWord;wordCount++)
-        {
-                while (*srcCharPtr != ' ' && *srcCharPtr != '\t' && *srcCharPtr != '\r' && *srcCharPtr != '\n' && *srcCharPtr != '\0')
-                {
-                        srcCharPtr++;
-                }
-                
-                if (*srcCharPtr == '\r' || *srcCharPtr == '\n' || *srcCharPtr == '\0')
-                {
-                        break;
-                }
-
-                while (*srcCharPtr == ' ' || *srcCharPtr == '\t')
-                {
-                        srcCharPtr++;
-                }
-                
-                if (*srcCharPtr == '\r' || *srcCharPtr == '\n' || *srcCharPtr == '\0')
-                {
-                        break;
-                }
-        }
-
-
-        for (byteCount = 0;;byteCount++)
-        {
-                if (srcCharPtr[byteCount] == ' ' || srcCharPtr[byteCount] == '\t' || srcCharPtr[byteCount] == '\r' || srcCharPtr[byteCount] == '\n' || srcCharPtr[byteCount] == '\0')
-                {
-                        break;
-                }
-        }
-
-        
-        *outTheHandle = NewHandle(byteCount + 1);
-        
-        if (*outTheHandle == nil)
-        {
-                SetErrorMessageAndLongIntAndBail("CopyIndexedWordToNewHandle: Can't allocate Handle, MemError() = ",MemError());
-        }
-        
-        
-        ::BlockMove(srcCharPtr,**outTheHandle,byteCount);
-        
-        (**outTheHandle)[byteCount] = '\0';
-
-        errCode = noErr;
-
-
-EXITPOINT:
-
-        return(errCode);
-}
-
-
-
-OSErr CopyIndexedLineToCStr(const char *theSrcCStr,int inWhichLine,int *lineEndIndex,Boolean *gotLastLine,char *theDstCStr,const int maxDstCStrLength)
-{
-OSErr           errCode;
-int                     theCurrentLine;
-int                     theCurrentLineOffset;
-int                     theEOSOffset;
-
-
-        if (theSrcCStr == nil)
-        {
-                SetErrorMessageAndBail(("CopyIndexedLineToCStr: Bad parameter, theSrcCStr == nil"));
-        }
-        
-        if (theDstCStr == nil)
-        {
-                SetErrorMessageAndBail(("CopyIndexedLineToCStr: Bad parameter, theDstCStr == nil"));
-        }
-        
-        if (inWhichLine < 0)
-        {
-                SetErrorMessageAndBail(("CopyIndexedLineToCStr: Bad parameter, inWhichLine < 0"));
-        }
-        
-        if (maxDstCStrLength <= 0)
-        {
-                SetErrorMessageAndBail(("CopyIndexedLineToCStr: Bad parameter, maxDstCStrLength <= 0"));
-        }
-        
-        
-        if (gotLastLine != nil)
-        {
-                *gotLastLine = false;
-        }
-
-        
-        *theDstCStr = 0;
-        
-        theCurrentLineOffset = 0;
-        
-        theCurrentLine = 0;
-        
-        
-        while (theCurrentLine < inWhichLine)
-        {
-                while (theSrcCStr[theCurrentLineOffset] != '\r' && theSrcCStr[theCurrentLineOffset] != 0)
-                {
-                        theCurrentLineOffset++;
-                }
-                
-                if (theSrcCStr[theCurrentLineOffset] == 0)
-                {
-                        break;
-                }
-                
-                theCurrentLineOffset++;
-                theCurrentLine++;
-        }
-                
-        if (theSrcCStr[theCurrentLineOffset] == 0)
-        {
-                SetErrorMessageAndLongIntAndBail("CopyIndexedLineToCStr: Too few lines in source text, can't get line ",inWhichLine);
-        }
-
-
-        theEOSOffset = FindCharOffsetInCStr('\r',theSrcCStr + theCurrentLineOffset);
-        
-        if (theEOSOffset >= 0)
-        {
-                CopyCSubstrToCStr(theSrcCStr + theCurrentLineOffset,theEOSOffset,theDstCStr,maxDstCStrLength);
-                
-                if (gotLastLine != nil)
-                {
-                        *gotLastLine = false;
-                }
-        
-                if (lineEndIndex != nil)
-                {
-                        *lineEndIndex = theEOSOffset;
-                }
-        }
-        
-        else
-        {
-                theEOSOffset = CStrLength(theSrcCStr + theCurrentLineOffset);
-
-                CopyCSubstrToCStr(theSrcCStr + theCurrentLineOffset,theEOSOffset,theDstCStr,maxDstCStrLength);
-                
-                if (gotLastLine != nil)
-                {
-                        *gotLastLine = true;
-                }
-        
-                if (lineEndIndex != nil)
-                {
-                        *lineEndIndex = theEOSOffset;
-                }
-        }
-        
-
-        errCode = noErr;
-
-
-EXITPOINT:
-
-        return(errCode);
-}
-
-
-
-OSErr CopyIndexedLineToNewHandle(const char *theSrcCStr,int inWhichLine,Handle *outNewHandle)
-{
-OSErr           errCode;
-int                     theCurrentLine;
-int                     theCurrentLineOffset;
-int                     byteCount;
-
-
-        SetErrorMessageAndBailIfNil(theSrcCStr,"CopyIndexedLineToNewHandle: Bad parameter, theSrcCStr == nil");
-        SetErrorMessageAndBailIfNil(outNewHandle,"CopyIndexedLineToNewHandle: Bad parameter, outNewHandle == nil");
-        
-        if (inWhichLine < 0)
-        {
-                SetErrorMessageAndBail(("CopyIndexedLineToNewHandle: Bad parameter, inWhichLine < 0"));
-        }
-        
-
-        theCurrentLineOffset = 0;
-        
-        theCurrentLine = 0;
-        
-        
-        while (theCurrentLine < inWhichLine)
-        {
-                while (theSrcCStr[theCurrentLineOffset] != '\r' && theSrcCStr[theCurrentLineOffset] != '\0')
-                {
-                        theCurrentLineOffset++;
-                }
-                
-                if (theSrcCStr[theCurrentLineOffset] == '\0')
-                {
-                        break;
-                }
-                
-                theCurrentLineOffset++;
-                theCurrentLine++;
-        }
-                
-        if (theSrcCStr[theCurrentLineOffset] == '\0')
-        {
-                SetErrorMessageAndLongIntAndBail("CopyIndexedLineToNewHandle: Too few lines in source text, can't get line #",inWhichLine);
-        }
-
-        
-        byteCount = 0;
-        
-        while (theSrcCStr[theCurrentLineOffset + byteCount] != '\r' && theSrcCStr[theCurrentLineOffset + byteCount] != '\0')
-        {
-                byteCount++;
-        }
-                
-        
-        *outNewHandle = NewHandle(byteCount + 1);
-        
-        if (*outNewHandle == nil)
-        {
-                SetErrorMessageAndLongIntAndBail("CopyIndexedLineToNewHandle: Can't allocate Handle, MemError() = ",MemError());
-        }
-        
-        ::BlockMove(theSrcCStr + theCurrentLineOffset,**outNewHandle,byteCount);
-        
-        (**outNewHandle)[byteCount] = '\0';
-
-        errCode = noErr;
-
-
-EXITPOINT:
-
-        return(errCode);
-}
-
-
-
-
-OSErr CountDigits(const char *inCStr,int *outNumIntegerDigits,int *outNumFractDigits)
-{
-OSErr   errCode = noErr;
-int             numIntDigits = 0;
-int             numFractDigits = 0;
-int     digitIndex = 0;
-
-        
-        SetErrorMessageAndBailIfNil(inCStr,"CountDigits: Bad parameter, theSrcCStr == nil");
-        SetErrorMessageAndBailIfNil(outNumIntegerDigits,"CountDigits: Bad parameter, outNumIntegerDigits == nil");
-        SetErrorMessageAndBailIfNil(outNumFractDigits,"CountDigits: Bad parameter, outNumFractDigits == nil");
-        
-        digitIndex = 0;
-        
-        while (inCStr[digitIndex] >= '0' && inCStr[digitIndex] <= '9')
-        {
-                digitIndex++;
-                numIntDigits++;
-        }
-        
-        if (inCStr[digitIndex] == '.')
-        {
-                digitIndex++;
-                
-                while (inCStr[digitIndex] >= '0' && inCStr[digitIndex] <= '9')
-                {
-                        digitIndex++;
-                        numFractDigits++;
-                }
-        }
-        
-        *outNumIntegerDigits = numIntDigits;
-        
-        *outNumFractDigits = numFractDigits;
-        
-        errCode = noErr;
-        
-EXITPOINT:
-
-        return(errCode);
-}
-
-
-
-OSErr ExtractIntFromCStr(const char *theSrcCStr,int *outInt,Boolean skipLeadingSpaces)
-{
-OSErr           errCode;
-int                     theCharIndex;
-
-
-        if (theSrcCStr == nil)
-        {
-                SetErrorMessageAndBail(("ExtractIntFromCStr: Bad parameter, theSrcCStr == nil"));
-        }
-        
-        if (outInt == nil)
-        {
-                SetErrorMessageAndBail(("ExtractIntFromCStr: Bad parameter, outInt == nil"));
-        }       
-
-        
-        *outInt = 0;
-        
-        theCharIndex = 0;
-        
-        if (skipLeadingSpaces == true)
-        {
-                while (theSrcCStr[theCharIndex] == ' ')
-                {
-                        theCharIndex++;
-                }
-        }
-        
-        if (theSrcCStr[theCharIndex] < '0' || theSrcCStr[theCharIndex] > '9')
-        {
-                SetErrorMessageAndBail(("ExtractIntFromCStr: Bad parameter, theSrcCStr contains a bogus numeric representation"));
-        }
-
-
-        while (theSrcCStr[theCharIndex] >= '0' && theSrcCStr[theCharIndex] <= '9')
-        {
-                *outInt = (*outInt * 10) + (theSrcCStr[theCharIndex] - '0');
-                
-                theCharIndex++;
-        }
-        
-
-        errCode = noErr;
-
-
-EXITPOINT:
-
-        return(errCode);
-}
-
-
-
-OSErr ExtractIntFromPStr(const unsigned char *theSrcPStr,int *outInt,Boolean skipLeadingSpaces)
-{
-OSErr           errCode;
-char            theCStr[256];
-
-
-        if (theSrcPStr == nil)
-        {
-                SetErrorMessageAndBail(("ExtractIntFromPStr: Bad parameter, theSrcPStr == nil"));
-        }
-        
-        if (outInt == nil)
-        {
-                SetErrorMessageAndBail(("ExtractIntFromPStr: Bad parameter, outInt == nil"));
-        }
-        
-        
-        CopyPStrToCStr(theSrcPStr,theCStr,sizeof(theCStr));
-        
-        
-        errCode = ExtractIntFromCStr(theCStr,outInt,skipLeadingSpaces);
-
-
-EXITPOINT:
-
-        return(errCode);
-}
-
-
-
-int CountOccurencesOfCharInCStr(const char inChar,const char *inSrcCStr)
-{
-int             theSrcCharIndex;
-int             numOccurrences = -1;
-
-
-        if (inSrcCStr != nil && inChar != '\0')
-        {
-                numOccurrences = 0;
-                
-                for (theSrcCharIndex = 0;inSrcCStr[theSrcCharIndex] != '\0';theSrcCharIndex++)
-                {
-                        if (inSrcCStr[theSrcCharIndex] == inChar)
-                        {
-                                numOccurrences++;
-                        }
-                }
-        }
-        
-        return(numOccurrences);
-}
-
-
-int CountWordsInCStr(const char *inSrcCStr)
-{
-int             numWords = -1;
-
-
-        if (inSrcCStr != nil)
-        {
-                numWords = 0;
-                
-                //      Skip lead spaces
-                
-                while (*inSrcCStr == ' ')
-                {
-                        inSrcCStr++;
-                }
-
-                while (*inSrcCStr != '\0')
-                {
-                        numWords++;
-
-                        while (*inSrcCStr != ' ' && *inSrcCStr != '\0')
-                        {
-                                inSrcCStr++;
-                        }
-                        
-                        while (*inSrcCStr == ' ')
-                        {
-                                inSrcCStr++;
-                        }
-                }
-        }
-        
-        return(numWords);
-}
-
-
-
-
-void ConvertCStrToUpperCase(char *theSrcCStr)
-{
-char            *theCharPtr;
-
-
-        if (theSrcCStr != nil)
-        {
-                theCharPtr = theSrcCStr;
-                
-                while (*theCharPtr != 0)
-                {
-                        if (*theCharPtr >= 'a' && *theCharPtr <= 'z')
-                        {
-                                *theCharPtr = *theCharPtr - 'a' + 'A';
-                        }
-                        
-                        theCharPtr++;
-                }
-        }
-}
-
-
-
-
-
-
-
-void ExtractCStrItemFromCStr(const char *inSrcCStr,const char inItemDelimiter,const int inItemNumber,Boolean *foundItem,char *outDstCharPtr,const int inDstCharPtrMaxLength,const Boolean inTreatMultipleDelimsAsSingleDelim)
-{
-int             theItem;
-int             theSrcCharIndex;
-int             theDstCharIndex;
-
-
-        if (foundItem != nil)
-        {
-                *foundItem = false;
-        }
-        
-        
-        if (outDstCharPtr != nil && inDstCharPtrMaxLength > 0 && inItemNumber >= 0 && inItemDelimiter != 0)
-        {
-                *outDstCharPtr = 0;
-                
-
-                theSrcCharIndex = 0;
-                
-                for (theItem = 0;theItem < inItemNumber;theItem++)
-                {
-                        while (inSrcCStr[theSrcCharIndex] != inItemDelimiter && inSrcCStr[theSrcCharIndex] != '\0')
-                        {
-                                theSrcCharIndex++;
-                        }
-                        
-                        if (inSrcCStr[theSrcCharIndex] == inItemDelimiter)
-                        {
-                                theSrcCharIndex++;
-                                
-                                if (inTreatMultipleDelimsAsSingleDelim)
-                                {
-                                        while (inSrcCStr[theSrcCharIndex] == inItemDelimiter)
-                                        {
-                                                theSrcCharIndex++;
-                                        }
-                                }
-                        }
-                        
-                        
-                        if (inSrcCStr[theSrcCharIndex] == '\0')
-                        {
-                                goto EXITPOINT;
-                        }
-                }
-                
-
-                if (foundItem != nil)
-                {
-                        *foundItem = true;
-                }
-                
-                
-                theDstCharIndex = 0;
-                
-                for (;;)
-                {
-                        if (inSrcCStr[theSrcCharIndex] == 0 || inSrcCStr[theSrcCharIndex] == inItemDelimiter || theDstCharIndex >= inDstCharPtrMaxLength - 1)
-                        {
-                                outDstCharPtr[theDstCharIndex] = 0;
-                                
-                                break;
-                        }
-                        
-                        outDstCharPtr[theDstCharIndex++] = inSrcCStr[theSrcCharIndex++];
-                }
-        }
-        
-        
-EXITPOINT:
-
-        return;
-}
-
-
-
-OSErr ExtractCStrItemFromCStrIntoNewHandle(const char *inSrcCStr,const char inItemDelimiter,const int inItemNumber,Boolean *foundItem,Handle *outNewHandle,const Boolean inTreatMultipleDelimsAsSingleDelim)
-{
-OSErr   errCode;
-int             theItem;
-int             theSrcCharIndex;
-int             theItemLength;
-
-
-        if (inSrcCStr == nil)
-        {
-                SetErrorMessage("ExtractCStrItemFromCStrIntoNewHandle: Bad parameter, inSrcCStr == nil");
-                errCode = kGenericError;
-                goto EXITPOINT;
-        }
-        
-        if (outNewHandle == nil)
-        {
-                SetErrorMessage("ExtractCStrItemFromCStrIntoNewHandle: Bad parameter, outNewHandle == nil");
-                errCode = kGenericError;
-                goto EXITPOINT;
-        }
-        
-        if (foundItem == nil)
-        {
-                SetErrorMessage("ExtractCStrItemFromCStrIntoNewHandle: Bad parameter, foundItem == nil");
-                errCode = kGenericError;
-                goto EXITPOINT;
-        }
-        
-        if (inItemNumber < 0)
-        {
-                SetErrorMessage("ExtractCStrItemFromCStrIntoNewHandle: Bad parameter, inItemNumber < 0");
-                errCode = kGenericError;
-                goto EXITPOINT;
-        }
-        
-        if (inItemDelimiter == 0)
-        {
-                SetErrorMessage("ExtractCStrItemFromCStrIntoNewHandle: Bad parameter, inItemDelimiter == 0");
-                errCode = kGenericError;
-                goto EXITPOINT;
-        }
-
-
-        *foundItem = false;
-        
-        theSrcCharIndex = 0;
-        
-        for (theItem = 0;theItem < inItemNumber;theItem++)
-        {
-                while (inSrcCStr[theSrcCharIndex] != inItemDelimiter && inSrcCStr[theSrcCharIndex] != '\0')
-                {
-                        theSrcCharIndex++;
-                }
-                
-                if (inSrcCStr[theSrcCharIndex] == inItemDelimiter)
-                {
-                        theSrcCharIndex++;
-                        
-                        if (inTreatMultipleDelimsAsSingleDelim)
-                        {
-                                while (inSrcCStr[theSrcCharIndex] == inItemDelimiter)
-                                {
-                                        theSrcCharIndex++;
-                                }
-                        }
-                }
-                
-                
-                if (inSrcCStr[theSrcCharIndex] == '\0')
-                {
-                        errCode = noErr;
-                        
-                        goto EXITPOINT;
-                }
-        }
-        
-
-        *foundItem = true;
-        
-        
-        for (theItemLength = 0;;theItemLength++)
-        {
-                if (inSrcCStr[theSrcCharIndex + theItemLength] == 0 || inSrcCStr[theSrcCharIndex + theItemLength] == inItemDelimiter)
-                {
-                        break;
-                }
-        }
-        
-
-        *outNewHandle = NewHandle(theItemLength + 1);
-        
-        if (*outNewHandle == nil)
-        {
-                SetErrorMessageAndLongIntAndBail("ExtractCStrItemFromCStrIntoNewHandle: Can't allocate Handle, MemError() = ",MemError());
-        }
-        
-        
-        BlockMove(inSrcCStr + theSrcCharIndex,**outNewHandle,theItemLength);
-        
-        (**outNewHandle)[theItemLength] = 0;
-        
-        errCode = noErr;
-        
-        
-EXITPOINT:
-
-        return(errCode);
-}
-
-
-
-
-
-
-OSErr ExtractFloatFromCStr(const char *inCString,extended80 *outFloat)
-{
-OSErr                           errCode;
-Str255                          theStr255;
-Handle                          theNumberPartsTableHandle = nil;
-long                            theNumberPartsOffset,theNumberPartsLength;
-FormatResultType        theFormatResultType;
-NumberParts                     theNumberPartsTable;
-NumFormatStringRec      theNumFormatStringRec;
-
-
-        if (inCString == nil)
-        {
-                SetErrorMessage("ExtractFloatFromCStr: Bad parameter, inCString == nil");
-                errCode = kGenericError;
-                goto EXITPOINT;
-        }
-
-        if (outFloat == nil)
-        {
-                SetErrorMessage("ExtractFloatFromCStr: Bad parameter, outFloat == nil");
-                errCode = kGenericError;
-                goto EXITPOINT;
-        }
-        
-        
-//      GetIntlResourceTable(smRoman,smNumberPartsTable,&theNumberPartsTableHandle,&theNumberPartsOffset,&theNumberPartsLength);
-
-        GetIntlResourceTable(GetScriptManagerVariable(smSysScript),smNumberPartsTable,&theNumberPartsTableHandle,&theNumberPartsOffset,&theNumberPartsLength);  
-        
-        if (theNumberPartsTableHandle == nil)
-        {
-                SetErrorMessage("ExtractFloatFromCStr: Can't get number parts table for converting string representations to/from numeric representations");
-                errCode = kGenericError;
-                goto EXITPOINT;
-        }
-        
-        if (theNumberPartsLength > sizeof(theNumberPartsTable))
-        {
-                SetErrorMessage("ExtractFloatFromCStr: Number parts table has bad length");
-                errCode = kGenericError;
-                goto EXITPOINT;
-        }
-        
-
-        BlockMove(*theNumberPartsTableHandle + theNumberPartsOffset,&theNumberPartsTable,theNumberPartsLength);
-        
-        
-        theFormatResultType = (FormatResultType) StringToFormatRec(kNumberFormatString,&theNumberPartsTable,&theNumFormatStringRec);
-        
-        if (theFormatResultType != fFormatOK)
-        {
-                SetErrorMessage("ExtractFloatFromCStr: StringToFormatRec() != fFormatOK");
-                errCode = kGenericError;
-                goto EXITPOINT;
-        }
-
-        
-        CopyCStrToPStr(inCString,theStr255,sizeof(theStr255));
-
-
-        theFormatResultType = (FormatResultType) StringToExtended(theStr255,&theNumFormatStringRec,&theNumberPartsTable,outFloat);
-        
-        if (theFormatResultType != fFormatOK && theFormatResultType != fBestGuess)
-        {
-                SetErrorMessageAndLongIntAndBail("ExtractFloatFromCStr: StringToExtended() = ",theFormatResultType);
-        }
-
-        
-        errCode = noErr;
-        
-
-EXITPOINT:
-        
-        return(errCode);
-}
-
-
-
-OSErr CopyFloatToCStr(const extended80 *theFloat,char *theCStr,const int maxCStrLength,const int inMaxNumIntDigits,const int inMaxNumFractDigits)
-{
-OSErr                           errCode;
-Str255                          theStr255;
-Handle                          theNumberPartsTableHandle = nil;
-long                            theNumberPartsOffset,theNumberPartsLength;
-FormatResultType        theFormatResultType;
-NumberParts                     theNumberPartsTable;
-NumFormatStringRec      theNumFormatStringRec;
-
-
-        if (theCStr == nil)
-        {
-                SetErrorMessage("CopyFloatToCStr: Bad parameter, theCStr == nil");
-                errCode = kGenericError;
-                goto EXITPOINT;
-        }
-
-        if (theFloat == nil)
-        {
-                SetErrorMessage("CopyFloatToCStr: Bad parameter, theFloat == nil");
-                errCode = kGenericError;
-                goto EXITPOINT;
-        }
-        
-
-//      GetIntlResourceTable(smRoman,smNumberPartsTable,&theNumberPartsTableHandle,&theNumberPartsOffset,&theNumberPartsLength);
-
-        GetIntlResourceTable(GetScriptManagerVariable(smSysScript),smNumberPartsTable,&theNumberPartsTableHandle,&theNumberPartsOffset,&theNumberPartsLength);  
-        
-        if (theNumberPartsTableHandle == nil)
-        {
-                SetErrorMessage("CopyFloatToCStr: Can't get number parts table for converting string representations to/from numeric representations");
-                errCode = kGenericError;
-                goto EXITPOINT;
-        }
-        
-        if (theNumberPartsLength > sizeof(theNumberPartsTable))
-        {
-                SetErrorMessage("CopyFloatToCStr: Number parts table has bad length");
-                errCode = kGenericError;
-                goto EXITPOINT;
-        }
-        
-        
-        BlockMove(*theNumberPartsTableHandle + theNumberPartsOffset,&theNumberPartsTable,theNumberPartsLength);
-        
-        
-        if (inMaxNumIntDigits >= 0 || inMaxNumFractDigits >= 0)
-        {
-        char    numberFormat[64];
-        int             numberFormatLength = 0;
-        
-                for (int i = 0;i < inMaxNumIntDigits && numberFormatLength < sizeof(numberFormat) - 1;i++)
-                {
-                        numberFormat[numberFormatLength++] = '0';
-                }
-                
-                if (inMaxNumFractDigits > 0 && numberFormatLength < sizeof(numberFormat) - 1)
-                {
-                        numberFormat[numberFormatLength++] = '.';
-                        
-                        for (int i = 0;i < inMaxNumFractDigits && numberFormatLength < sizeof(numberFormat) - 1;i++)
-                        {
-                                numberFormat[numberFormatLength++] = '0';
-                        }
-                }
-
-                
-                if (numberFormatLength < sizeof(numberFormat) - 1)
-                {
-                        numberFormat[numberFormatLength++] = ';';
-                }
-                
-                if (numberFormatLength < sizeof(numberFormat) - 1)
-                {
-                        numberFormat[numberFormatLength++] = '-';
-                }
-                
-
-                for (int i = 0;i < inMaxNumIntDigits && numberFormatLength < sizeof(numberFormat) - 1;i++)
-                {
-                        numberFormat[numberFormatLength++] = '0';
-                }
-                
-                if (inMaxNumFractDigits > 0 && numberFormatLength < sizeof(numberFormat) - 1)
-                {
-                        numberFormat[numberFormatLength++] = '.';
-                        
-                        for (int i = 0;i < inMaxNumFractDigits && numberFormatLength < sizeof(numberFormat) - 1;i++)
-                        {
-                                numberFormat[numberFormatLength++] = '0';
-                        }
-                }
-                
-                numberFormat[numberFormatLength] = '\0';
-
-
-        Str255  tempStr255;
-        
-                CopyCStrToPStr(numberFormat,tempStr255,sizeof(tempStr255));
-                
-                theFormatResultType = (FormatResultType) StringToFormatRec(tempStr255,&theNumberPartsTable,&theNumFormatStringRec);
-        }
-        
-        else
-        {
-                theFormatResultType = (FormatResultType) StringToFormatRec(kNumberFormatString,&theNumberPartsTable,&theNumFormatStringRec);
-        }
-        
-        if (theFormatResultType != fFormatOK)
-        {
-                SetErrorMessage("CopyFloatToCStr: StringToFormatRec() != fFormatOK");
-                errCode = kGenericError;
-                goto EXITPOINT;
-        }
-
-
-        theFormatResultType = (FormatResultType) ExtendedToString(theFloat,&theNumFormatStringRec,&theNumberPartsTable,theStr255);
-        
-        if (theFormatResultType != fFormatOK)
-        {
-                SetErrorMessage("CopyFloatToCStr: ExtendedToString() != fFormatOK");
-                errCode = kGenericError;
-                goto EXITPOINT;
-        }
-
-        
-        CopyPStrToCStr(theStr255,theCStr,maxCStrLength);
-        
-        errCode = noErr;
-        
-
-EXITPOINT:
-        
-        return(errCode);
-}
-
-
-
-
-
-void SkipWhiteSpace(char **ioSrcCharPtr,const Boolean inStopAtEOL)
-{
-        if (ioSrcCharPtr != nil && *ioSrcCharPtr != nil)
-        {
-                if (inStopAtEOL)
-                {
-                        while ((**ioSrcCharPtr == ' ' || **ioSrcCharPtr == '\t') && **ioSrcCharPtr != '\r' && **ioSrcCharPtr != '\n')
-                        {
-                                *ioSrcCharPtr++;
-                        }
-                }
-                
-                else
-                {
-                        while (**ioSrcCharPtr == ' ' || **ioSrcCharPtr == '\t')
-                        {
-                                *ioSrcCharPtr++;
-                        }
-                }
-        }
-}
diff --git a/src/lib/libssl/src/MacOS/GetHTTPS.src/CPStringUtils.hpp b/src/lib/libssl/src/MacOS/GetHTTPS.src/CPStringUtils.hpp
deleted file mode 100644
index 5045c41019..0000000000
--- a/src/lib/libssl/src/MacOS/GetHTTPS.src/CPStringUtils.hpp
+++ /dev/null
@@ -1,104 +0,0 @@
-#pragma once
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-void CopyPStrToCStr(const unsigned char *thePStr,char *theCStr,const int maxCStrLength);
-void CopyPStrToPStr(const unsigned char *theSrcPStr,unsigned char *theDstPStr,const int maxDstStrLength);
-void CopyCStrToCStr(const char *theSrcCStr,char *theDstCStr,const int maxDstStrLength);
-void CopyCStrToPStr(const char *theSrcCStr,unsigned char *theDstPStr,const int maxDstStrLength);
-void ConcatPStrToCStr(const unsigned char *thePStr,char *theCStr,const int maxCStrLength);
-void ConcatPStrToPStr(const unsigned char *theSrcPStr,unsigned char *theDstPStr,const int maxDstStrLength);
-void ConcatCStrToPStr(const char *theSrcCStr,unsigned char *theDstPStr,const int maxDstStrLength);
-void ConcatCStrToCStr(const char *theSrcCStr,char *theDstCStr,const int maxCStrLength);
-
-void ConcatCharToCStr(const char theChar,char *theDstCStr,const int maxCStrLength);
-void ConcatCharToPStr(const char theChar,unsigned char *theDstPStr,const int maxPStrLength);
-
-int ComparePStrs(const unsigned char *theFirstPStr,const unsigned char *theSecondPStr,const Boolean ignoreCase = true);
-int CompareCStrs(const char *theFirstCStr,const char *theSecondCStr,const Boolean ignoreCase = true);
-int CompareCStrToPStr(const char *theCStr,const unsigned char *thePStr,const Boolean ignoreCase = true);
-
-Boolean CStrsAreEqual(const char *theFirstCStr,const char *theSecondCStr,const Boolean ignoreCase = true);
-Boolean PStrsAreEqual(const unsigned char *theFirstCStr,const unsigned char *theSecondCStr,const Boolean ignoreCase = true);
-
-void CopyLongIntToCStr(const long theNum,char *theCStr,const int maxCStrLength,const int numDigits = -1);
-void CopyUnsignedLongIntToCStr(const unsigned long theNum,char *theCStr,const int maxCStrLength);
-void ConcatLongIntToCStr(const long theNum,char *theCStr,const int maxCStrLength,const int numDigits = -1);
-void CopyCStrAndConcatLongIntToCStr(const char *theSrcCStr,const long theNum,char *theDstCStr,const int maxDstStrLength);
-
-void CopyLongIntToPStr(const long theNum,unsigned char *thePStr,const int maxPStrLength,const int numDigits = -1);
-void ConcatLongIntToPStr(const long theNum,unsigned char *thePStr,const int maxPStrLength,const int numDigits = -1);
-
-long CStrLength(const char *theCString);
-long PStrLength(const unsigned char *thePString);
-
-OSErr CopyCStrToExistingHandle(const char *theCString,Handle theHandle);
-OSErr CopyLongIntToExistingHandle(const long inTheLongInt,Handle theHandle);
-
-OSErr CopyCStrToNewHandle(const char *theCString,Handle *theHandle);
-OSErr CopyPStrToNewHandle(const unsigned char *thePString,Handle *theHandle);
-OSErr CopyLongIntToNewHandle(const long inTheLongInt,Handle *theHandle);
-
-OSErr AppendCStrToHandle(const char *theCString,Handle theHandle,long *currentLength = nil,long *maxLength = nil);
-OSErr AppendCharsToHandle(const char *theChars,const int numChars,Handle theHandle,long *currentLength = nil,long *maxLength = nil);
-OSErr AppendPStrToHandle(const unsigned char *thePString,Handle theHandle,long *currentLength = nil);
-OSErr AppendLongIntToHandle(const long inTheLongInt,Handle theHandle,long *currentLength = nil);
-
-void ZeroMem(void *theMemPtr,const unsigned long numBytes);
-
-char *FindCharInCStr(const char theChar,const char *theCString);
-long FindCharOffsetInCStr(const char theChar,const char *theCString,const Boolean inIgnoreCase = false);
-long FindCStrOffsetInCStr(const char *theCSubstring,const char *theCString,const Boolean inIgnoreCase = false);
-
-void CopyCSubstrToCStr(const char *theSrcCStr,const int maxCharsToCopy,char *theDstCStr,const int maxDstStrLength);
-void CopyCSubstrToPStr(const char *theSrcCStr,const int maxCharsToCopy,unsigned char *theDstPStr,const int maxDstStrLength);
-
-void InsertCStrIntoCStr(const char *theSrcCStr,const int theInsertionOffset,char *theDstCStr,const int maxDstStrLength);
-void InsertPStrIntoCStr(const unsigned char *theSrcPStr,const int theInsertionOffset,char *theDstCStr,const int maxDstStrLength);
-OSErr InsertCStrIntoHandle(const char *theCString,Handle theHandle,const long inInsertOffset);
-
-void CopyCStrAndInsertCStrIntoCStr(const char *theSrcCStr,const char *theInsertCStr,char *theDstCStr,const int maxDstStrLength);
-
-void CopyCStrAndInsertCStrsLongIntsIntoCStr(const char *theSrcCStr,const char **theInsertCStrs,const long *theLongInts,char *theDstCStr,const int maxDstStrLength);
-
-void CopyCStrAndInsert1LongIntIntoCStr(const char *theSrcCStr,const long theNum,char *theDstCStr,const int maxDstStrLength);
-void CopyCStrAndInsert2LongIntsIntoCStr(const char *theSrcCStr,const long long1,const long long2,char *theDstCStr,const int maxDstStrLength);
-void CopyCStrAndInsert3LongIntsIntoCStr(const char *theSrcCStr,const long long1,const long long2,const long long3,char *theDstCStr,const int maxDstStrLength);
-
-void CopyCStrAndInsertCStrLongIntIntoCStr(const char *theSrcCStr,const char *theInsertCStr,const long theNum,char *theDstCStr,const int maxDstStrLength);
-OSErr CopyCStrAndInsertCStrLongIntIntoHandle(const char *theSrcCStr,const char *theInsertCStr,const long theNum,Handle *theHandle);
-
-
-OSErr CopyIndexedWordToCStr(char *theSrcCStr,int whichWord,char *theDstCStr,int maxDstCStrLength);
-OSErr CopyIndexedWordToNewHandle(char *theSrcCStr,int whichWord,Handle *outTheHandle);
-
-OSErr CopyIndexedLineToCStr(const char *theSrcCStr,int inWhichLine,int *lineEndIndex,Boolean *gotLastLine,char *theDstCStr,const int maxDstCStrLength);
-OSErr CopyIndexedLineToNewHandle(const char *theSrcCStr,int inWhichLine,Handle *outNewHandle);
-
-OSErr ExtractIntFromCStr(const char *theSrcCStr,int *outInt,Boolean skipLeadingSpaces = true);
-OSErr ExtractIntFromPStr(const unsigned char *theSrcPStr,int *outInt,Boolean skipLeadingSpaces = true);
-
-
-void ConvertCStrToUpperCase(char *theSrcCStr);
-
-
-int CountOccurencesOfCharInCStr(const char inChar,const char *inSrcCStr);
-int CountWordsInCStr(const char *inSrcCStr);
-
-OSErr CountDigits(const char *inCStr,int *outNumIntegerDigits,int *outNumFractDigits);
-
-void ExtractCStrItemFromCStr(const char *inSrcCStr,const char inItemDelimiter,const int inItemNumber,Boolean *foundItem,char *outDstCharPtr,const int inDstCharPtrMaxLength,const Boolean inTreatMultipleDelimsAsSingleDelim = false);
-OSErr ExtractCStrItemFromCStrIntoNewHandle(const char *inSrcCStr,const char inItemDelimiter,const int inItemNumber,Boolean *foundItem,Handle *outNewHandle,const Boolean inTreatMultipleDelimsAsSingleDelim = false);
-
-
-OSErr ExtractFloatFromCStr(const char *inCString,extended80 *outFloat);
-OSErr CopyFloatToCStr(const extended80 *theFloat,char *theCStr,const int maxCStrLength,const int inMaxNumIntDigits = -1,const int inMaxNumFractDigits = -1);
-
-void SkipWhiteSpace(char **ioSrcCharPtr,const Boolean inStopAtEOL = false);
-
-
-#ifdef __cplusplus
-}
-#endif
diff --git a/src/lib/libssl/src/MacOS/GetHTTPS.src/ErrorHandling.cpp b/src/lib/libssl/src/MacOS/GetHTTPS.src/ErrorHandling.cpp
deleted file mode 100644
index 80b6a675f4..0000000000
--- a/src/lib/libssl/src/MacOS/GetHTTPS.src/ErrorHandling.cpp
+++ /dev/null
@@ -1,170 +0,0 @@
-/* ====================================================================
- * Copyright (c) 1998-1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
- 
- 
- 
- #include "ErrorHandling.hpp"
-#include "CPStringUtils.hpp"
-
-#ifdef __EXCEPTIONS_ENABLED__
-        #include "CMyException.hpp"
-#endif
-
-
-static char                                     gErrorMessageBuffer[512];
-
-char                                            *gErrorMessage = gErrorMessageBuffer;
-int                                                     gErrorMessageMaxLength = sizeof(gErrorMessageBuffer);
-
-
-
-void SetErrorMessage(const char *theErrorMessage)
-{
-        if (theErrorMessage != nil)
-        {
-                CopyCStrToCStr(theErrorMessage,gErrorMessage,gErrorMessageMaxLength);
-        }
-}
-
-
-void SetErrorMessageAndAppendLongInt(const char *theErrorMessage,const long theLongInt)
-{
-        if (theErrorMessage != nil)
-        {
-                CopyCStrAndConcatLongIntToCStr(theErrorMessage,theLongInt,gErrorMessage,gErrorMessageMaxLength);
-        }
-}
-
-void SetErrorMessageAndCStrAndLongInt(const char *theErrorMessage,const char * theCStr,const long theLongInt)
-{
-        if (theErrorMessage != nil)
-        {
-                CopyCStrAndInsertCStrLongIntIntoCStr(theErrorMessage,theCStr,theLongInt,gErrorMessage,gErrorMessageMaxLength);
-        }
-
-}
-
-void SetErrorMessageAndCStr(const char *theErrorMessage,const char * theCStr)
-{
-        if (theErrorMessage != nil)
-        {
-                CopyCStrAndInsertCStrLongIntIntoCStr(theErrorMessage,theCStr,-1,gErrorMessage,gErrorMessageMaxLength);
-        }
-}
-
-
-void AppendCStrToErrorMessage(const char *theErrorMessage)
-{
-        if (theErrorMessage != nil)
-        {
-                ConcatCStrToCStr(theErrorMessage,gErrorMessage,gErrorMessageMaxLength);
-        }
-}
-
-
-void AppendLongIntToErrorMessage(const long theLongInt)
-{
-        ConcatLongIntToCStr(theLongInt,gErrorMessage,gErrorMessageMaxLength);
-}
-
-
-
-char *GetErrorMessage(void)
-{
-        return gErrorMessage;
-}
-
-
-OSErr GetErrorMessageInNewHandle(Handle *inoutHandle)
-{
-OSErr           errCode;
-
-
-        errCode = CopyCStrToNewHandle(gErrorMessage,inoutHandle);
-        
-        return(errCode);
-}
-
-
-OSErr GetErrorMessageInExistingHandle(Handle inoutHandle)
-{
-OSErr           errCode;
-
-
-        errCode = CopyCStrToExistingHandle(gErrorMessage,inoutHandle);
-        
-        return(errCode);
-}
-
-
-
-OSErr AppendErrorMessageToHandle(Handle inoutHandle)
-{
-OSErr           errCode;
-
-
-        errCode = AppendCStrToHandle(gErrorMessage,inoutHandle,nil);
-        
-        return(errCode);
-}
-
-
-#ifdef __EXCEPTIONS_ENABLED__
-
-void ThrowErrorMessageException(void)
-{
-        ThrowDescriptiveException(gErrorMessage);
-}
-
-#endif
diff --git a/src/lib/libssl/src/MacOS/GetHTTPS.src/ErrorHandling.hpp b/src/lib/libssl/src/MacOS/GetHTTPS.src/ErrorHandling.hpp
deleted file mode 100644
index fbfbe786b7..0000000000
--- a/src/lib/libssl/src/MacOS/GetHTTPS.src/ErrorHandling.hpp
+++ /dev/null
@@ -1,147 +0,0 @@
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef kGenericError
-        #define kGenericError           -1
-#endif
-
-extern char     *gErrorMessage;
-
-
-void SetErrorMessage(const char *theErrorMessage);
-void SetErrorMessageAndAppendLongInt(const char *theErrorMessage,const long theLongInt);
-void SetErrorMessageAndCStrAndLongInt(const char *theErrorMessage,const char * theCStr,const long theLongInt);
-void SetErrorMessageAndCStr(const char *theErrorMessage,const char * theCStr);
-void AppendCStrToErrorMessage(const char *theErrorMessage);
-void AppendLongIntToErrorMessage(const long theLongInt);
-
-
-char *GetErrorMessage(void);
-OSErr GetErrorMessageInNewHandle(Handle *inoutHandle);
-OSErr GetErrorMessageInExistingHandle(Handle inoutHandle);
-OSErr AppendErrorMessageToHandle(Handle inoutHandle);
-
-
-#ifdef __EXCEPTIONS_ENABLED__
-        void ThrowErrorMessageException(void);
-#endif
-
-
-
-//      A bunch of evil macros that would be unnecessary if I were always using C++ !
-
-#define SetErrorMessageAndBailIfNil(theArg,theMessage)                                                          \
-{                                                                                                                                                                       \
-        if (theArg == nil)                                                                                                                              \
-        {                                                                                                                                                               \
-                SetErrorMessage(theMessage);                                                                                            \
-                errCode = kGenericError;                                                                                                        \
-                goto EXITPOINT;                                                                                                                         \
-        }                                                                                                                                                               \
-}
-
-
-#define SetErrorMessageAndBail(theMessage)                                                                                      \
-{                                                                                                                                                                       \
-                SetErrorMessage(theMessage);                                                                                            \
-                errCode = kGenericError;                                                                                                        \
-                goto EXITPOINT;                                                                                                                         \
-}
-
-
-#define SetErrorMessageAndLongIntAndBail(theMessage,theLongInt)                                         \
-{                                                                                                                                                                       \
-                SetErrorMessageAndAppendLongInt(theMessage,theLongInt);                                         \
-                errCode = kGenericError;                                                                                                        \
-                goto EXITPOINT;                                                                                                                         \
-}
-
-
-#define SetErrorMessageAndLongIntAndBailIfError(theErrCode,theMessage,theLongInt)       \
-{                                                                                                                                                                       \
-        if (theErrCode != noErr)                                                                                                                \
-        {                                                                                                                                                               \
-                SetErrorMessageAndAppendLongInt(theMessage,theLongInt);                                         \
-                errCode = theErrCode;                                                                                                           \
-                goto EXITPOINT;                                                                                                                         \
-        }                                                                                                                                                               \
-}
-
-
-#define SetErrorMessageCStrLongIntAndBailIfError(theErrCode,theMessage,theCStr,theLongInt)      \
-{                                                                                                                                                                       \
-        if (theErrCode != noErr)                                                                                                                \
-        {                                                                                                                                                               \
-                SetErrorMessageAndCStrAndLongInt(theMessage,theCStr,theLongInt);                        \
-                errCode = theErrCode;                                                                                                           \
-                goto EXITPOINT;                                                                                                                         \
-        }                                                                                                                                                               \
-}
-
-
-#define SetErrorMessageAndCStrAndBail(theMessage,theCStr)                                                       \
-{                                                                                                                                                                       \
-        SetErrorMessageAndCStr(theMessage,theCStr);                                                                             \
-        errCode = kGenericError;                                                                                                                \
-        goto EXITPOINT;                                                                                                                                 \
-}
-
-
-#define SetErrorMessageAndBailIfError(theErrCode,theMessage)                                            \
-{                                                                                                                                                                       \
-        if (theErrCode != noErr)                                                                                                                \
-        {                                                                                                                                                               \
-                SetErrorMessage(theMessage);                                                                                            \
-                errCode = theErrCode;                                                                                                           \
-                goto EXITPOINT;                                                                                                                         \
-        }                                                                                                                                                               \
-}
-
-
-#define SetErrorMessageAndLongIntAndBailIfNil(theArg,theMessage,theLongInt)                     \
-{                                                                                                                                                                       \
-        if (theArg == nil)                                                                                                                              \
-        {                                                                                                                                                               \
-                SetErrorMessageAndAppendLongInt(theMessage,theLongInt);                                         \
-                errCode = kGenericError;                                                                                                        \
-                goto EXITPOINT;                                                                                                                         \
-        }                                                                                                                                                               \
-}
-
-
-#define BailIfError(theErrCode)                                                                                                         \
-{                                                                                                                                                                       \
-        if ((theErrCode) != noErr)                                                                                                              \
-        {                                                                                                                                                               \
-                goto EXITPOINT;                                                                                                                         \
-        }                                                                                                                                                               \
-}
-
-
-#define SetErrCodeAndBail(theErrCode)                                                                                           \
-{                                                                                                                                                                       \
-        errCode = theErrCode;                                                                                                                   \
-                                                                                                                                                                        \
-        goto EXITPOINT;                                                                                                                                 \
-}
-
-
-#define SetErrorCodeAndMessageAndBail(theErrCode,theMessage)                                            \
-{                                                                                                                                                                       \
-        SetErrorMessage(theMessage);                                                                                                    \
-        errCode = theErrCode;                                                                                                                   \
-        goto EXITPOINT;                                                                                                                                 \
-}
-
-
-#define BailNow()                                                                                                                                       \
-{                                                                                                                                                                       \
-        errCode = kGenericError;                                                                                                                \
-        goto EXITPOINT;                                                                                                                                 \
-}
-
-
-#ifdef __cplusplus
-}
-#endif
diff --git a/src/lib/libssl/src/MacOS/GetHTTPS.src/GetHTTPS.cpp b/src/lib/libssl/src/MacOS/GetHTTPS.src/GetHTTPS.cpp
deleted file mode 100644
index 3a5e3f0186..0000000000
--- a/src/lib/libssl/src/MacOS/GetHTTPS.src/GetHTTPS.cpp
+++ /dev/null
@@ -1,209 +0,0 @@
-/*
- *      An demo illustrating how to retrieve a URI from a secure HTTP server.
- *
- *      Author:         Roy Wood
- *      Date:           September 7, 1999
- *      Comments:       This relies heavily on my MacSockets library.
- *                              This project is also set up so that it expects the OpenSSL source folder (0.9.4 as I write this)
- *                              to live in a folder called "OpenSSL-0.9.4" in this project's parent folder.  For example:
- *
- *                                      Macintosh HD:
- *                                              Development:
- *                                                      OpenSSL-0.9.4:
- *                                                              (OpenSSL sources here)
- *                                                      OpenSSL Example:
- *                                                              (OpenSSL example junk here)
- *
- *
- *                              Also-- before attempting to compile this, make sure the aliases in "OpenSSL-0.9.4:include:openssl" 
- *                              are installed!  Use the AppleScript applet in the "openssl-0.9.4" folder to do this!
- */
-/* modified to seed the PRNG */
-/* modified to use CRandomizer for seeding */
-
-
-//      Include some funky libs I've developed over time
-
-#include "CPStringUtils.hpp"
-#include "ErrorHandling.hpp"
-#include "MacSocket.h"
-#include "Randomizer.h"
-
-//      We use the OpenSSL implementation of SSL....
-//      This was a lot of work to finally get going, though you wouldn't know it by the results!
-
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-
-#include <timer.h>
-
-//      Let's try grabbing some data from here:
-
-#define kHTTPS_DNS              "www.apache-ssl.org"
-#define kHTTPS_Port             443
-#define kHTTPS_URI              "/"
-
-
-//      Forward-declare this
-
-OSErr MyMacSocket_IdleWaitCallback(void *inUserRefPtr);
-
-//      My idle-wait callback.  Doesn't do much, does it?  Silly cooperative multitasking.
-
-OSErr MyMacSocket_IdleWaitCallback(void *inUserRefPtr)
-{
-#pragma unused(inUserRefPtr)
-
-EventRecord             theEvent;
-        ::EventAvail(everyEvent,&theEvent);
-        
-        CRandomizer *randomizer = (CRandomizer*)inUserRefPtr;
-        if (randomizer)
-                randomizer->PeriodicAction();
-
-        return(noErr);
-}
-
-
-//      Finally!
-
-void main(void)
-{
-        OSErr                           errCode;
-        int                                     theSocket = -1;
-        int                                     theTimeout = 30;
-
-        SSL_CTX                         *ssl_ctx = nil;
-        SSL                                     *ssl = nil;
-
-        char                            tempString[256];
-        UnsignedWide            microTickCount;
-
-
-        CRandomizer randomizer;
-        
-        printf("OpenSSL Demo by Roy Wood, roy@centricsystems.ca\n\n");
-        
-        BailIfError(errCode = MacSocket_Startup());
-
-
-
-        //      Create a socket-like object
-        
-        BailIfError(errCode = MacSocket_socket(&theSocket,false,theTimeout * 60,MyMacSocket_IdleWaitCallback,&randomizer));
-
-        
-        //      Set up the connect string and try to connect
-        
-        CopyCStrAndInsertCStrLongIntIntoCStr("%s:%ld",kHTTPS_DNS,kHTTPS_Port,tempString,sizeof(tempString));
-        
-        printf("Connecting to %s....\n",tempString);
-
-        BailIfError(errCode = MacSocket_connect(theSocket,tempString));
-        
-        
-        //      Init SSL stuff
-        
-        SSL_load_error_strings();
-        
-        SSLeay_add_ssl_algorithms();
-        
-        
-        //      Pick the SSL method
-        
-//      ssl_ctx = SSL_CTX_new(SSLv2_client_method());
-        ssl_ctx = SSL_CTX_new(SSLv23_client_method());
-//      ssl_ctx = SSL_CTX_new(SSLv3_client_method());
-                        
-
-        //      Create an SSL thingey and try to negotiate the connection
-        
-        ssl = SSL_new(ssl_ctx);
-        
-        SSL_set_fd(ssl,theSocket);
-        
-        errCode = SSL_connect(ssl);
-        
-        if (errCode < 0)
-        {
-                SetErrorMessageAndLongIntAndBail("OpenSSL: Can't initiate SSL connection, SSL_connect() = ",errCode);
-        }
-        
-        //      Request the URI from the host
-        
-        CopyCStrToCStr("GET ",tempString,sizeof(tempString));
-        ConcatCStrToCStr(kHTTPS_URI,tempString,sizeof(tempString));
-        ConcatCStrToCStr(" HTTP/1.0\r\n\r\n",tempString,sizeof(tempString));
-
-        
-        errCode = SSL_write(ssl,tempString,CStrLength(tempString));
-        
-        if (errCode < 0)
-        {
-                SetErrorMessageAndLongIntAndBail("OpenSSL: Error writing data via ssl, SSL_write() = ",errCode);
-        }
-        
-
-        for (;;)
-        {
-        char    tempString[256];
-        int             bytesRead;
-                
-
-                //      Read some bytes and dump them to the console
-                
-                bytesRead = SSL_read(ssl,tempString,sizeof(tempString) - 1);
-                
-                if (bytesRead == 0 && MacSocket_RemoteEndIsClosing(theSocket))
-                {
-                        break;
-                }
-                
-                else if (bytesRead < 0)
-                {
-                        SetErrorMessageAndLongIntAndBail("OpenSSL: Error reading data via ssl, SSL_read() = ",bytesRead);
-                }
-                
-                
-                tempString[bytesRead] = '\0';
-                
-                printf("%s", tempString);
-        }
-        
-        printf("\n\n\n");
-        
-        //      All done!
-        
-        errCode = noErr;
-        
-        
-EXITPOINT:
-
-        //      Clean up and go home
-        
-        if (theSocket >= 0)
-        {
-                MacSocket_close(theSocket);
-        }
-        
-        if (ssl != nil)
-        {
-                SSL_free(ssl);
-        }
-        
-        if (ssl_ctx != nil)
-        {
-                SSL_CTX_free(ssl_ctx);
-        }
-        
-        
-        if (errCode != noErr)
-        {
-                printf("An error occurred:\n");
-                
-                printf("%s",GetErrorMessage());
-        }
-        
-        
-        MacSocket_Shutdown();
-}
diff --git a/src/lib/libssl/src/MacOS/GetHTTPS.src/MacSocket.cpp b/src/lib/libssl/src/MacOS/GetHTTPS.src/MacSocket.cpp
deleted file mode 100644
index c95d804d5d..0000000000
--- a/src/lib/libssl/src/MacOS/GetHTTPS.src/MacSocket.cpp
+++ /dev/null
@@ -1,1607 +0,0 @@
-/*
- *      A simple socket-like package.  
- *      This could undoubtedly be improved, since it does polling and busy-waiting.  
- *      At least it uses asynch I/O and implements timeouts!
- *
- *      Other funkiness includes the use of my own (possibly brain-damaged) error-handling infrastructure.
- *
- *      -Roy Wood (roy@centricsystems.ca)
- *
- */
-
-
-/* ====================================================================
- * Copyright (c) 1998-1999 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
- 
-
-
-
-
-#include "MacSocket.h"
-
-#include <Threads.h>
-
-#include <OpenTransport.h>
-#include <OpenTpTInternet.h>
-#include <OpenTptClient.h>
-
-
-
-#include "CPStringUtils.hpp"
-#include "ErrorHandling.hpp"
-
-
-//      #define MACSOCKET_DEBUG         1
-
-#ifdef MACSOCKET_DEBUG
-        #include <stdio.h>
-#endif
-
-
-
-extern int errno;
-
-
-#define kMaxNumSockets                  4
-
-
-struct SocketStruct
-{
-        Boolean                                         mIsInUse;
-
-        Boolean                                         mEndpointIsBound;
-
-        Boolean                                         mLocalEndIsConnected;
-        Boolean                                         mRemoteEndIsConnected;
-
-        Boolean                                         mReceivedTOpenComplete;
-        Boolean                                         mReceivedTBindComplete;
-        Boolean                                         mReceivedTConnect;
-        Boolean                                         mReceivedTListen;
-        Boolean                                         mReceivedTPassCon;
-        Boolean                                         mReceivedTDisconnect;
-        Boolean                                         mReceivedTOrdRel;
-        Boolean                                         mReceivedTDisconnectComplete;
-        
-        long                                            mTimeoutTicks;
-        long                                            mOperationStartTicks;
-        
-        MacSocket_IdleWaitCallback      mIdleWaitCallback;
-        void                                            *mUserRefPtr;
-        
-        OTEventCode                                     mExpectedCode;
-        OTResult                                        mAsyncOperationResult;
-        
-        EndpointRef                                     mEndPointRef;
-        TBind                                           *mBindRequestedAddrInfo;
-        TBind                                           *mAssignedAddrInfo;
-        TCall                                           *mRemoteAddrInfo;
-        
-        Boolean                                         mReadyToReadData;
-        Boolean                                         mReadyToWriteData;
-        
-        Ptr                                                     mReadBuffer;
-        Ptr                                                     mWriteBuffer;
-        
-        int                                                     mLastError;
-        char                                            mErrMessage[256];
-};
-
-typedef struct SocketStruct     SocketStruct;
-
-
-static SocketStruct                     sSockets[kMaxNumSockets];
-static Boolean                          sSocketsSetup = false;
-
-
-
-
-static OSErr MyBusyWait(SocketStruct *ioSocket,Boolean returnImmediatelyOnError,OTResult *outOTResult,Boolean *inAsyncOperationCompleteFlag);
-
-static pascal void OTNonYieldingNotifier(void *contextPtr,OTEventCode code,OTResult result,void *cookie);
-
-static Boolean  SocketIndexIsValid(const int inSocketNum);
-
-static void InitSocket(SocketStruct *ioSocket);
-
-static void PrepareForAsyncOperation(SocketStruct *ioSocket,const OTEventCode inExpectedCode);
-
-static Boolean TimeoutElapsed(const SocketStruct *inSocket);
-
-static OSStatus NegotiateIPReuseAddrOption(EndpointRef inEndpoint,const Boolean inEnableReuseIP);
-
-
-
-void MacSocket_GetSocketErrorInfo(const int inSocketNum,int *outSocketErrCode,char *outSocketErrString,const int inSocketErrStringMaxLength)
-{
-        if (outSocketErrCode != nil)
-        {
-                *outSocketErrCode = -1;
-        }
-        
-        if (outSocketErrString != nil)
-        {
-                CopyCStrToCStr("",outSocketErrString,inSocketErrStringMaxLength);
-        }
-        
-        
-        if (SocketIndexIsValid(inSocketNum))
-        {
-        SocketStruct    *theSocketStruct = &(sSockets[inSocketNum]);
-        
-                
-                if (outSocketErrCode != nil)
-                {
-                        *outSocketErrCode = theSocketStruct->mLastError;
-                }
-
-                if (outSocketErrString != nil)
-                {
-                        CopyCStrToCStr(theSocketStruct->mErrMessage,outSocketErrString,inSocketErrStringMaxLength);
-                }
-        }
-}
-
-
-void MacSocket_SetUserRefPtr(const int inSocketNum,void *inNewRefPtr)
-{
-        if (SocketIndexIsValid(inSocketNum))
-        {
-        SocketStruct    *theSocketStruct = &(sSockets[inSocketNum]);
-
-                theSocketStruct->mUserRefPtr = inNewRefPtr;
-        }
-}
-
-
-
-void MacSocket_GetLocalIPAndPort(const int inSocketNum,char *outIPAndPort,const int inIPAndPortLength)
-{
-        if (outIPAndPort != nil && SocketIndexIsValid(inSocketNum))
-        {
-        char                    tempString[256];
-        SocketStruct    *theSocketStruct = &(sSockets[inSocketNum]);
-        
-                
-                CopyCStrToCStr("",tempString,sizeof(tempString));
-
-                if (theSocketStruct->mAssignedAddrInfo != nil)
-                {
-                InetAddress             *theInetAddress = (InetAddress *) theSocketStruct->mAssignedAddrInfo->addr.buf;
-                InetHost                theInetHost = theInetAddress->fHost;
-                        
-                        if (theInetHost == 0)
-                        {
-                        InetInterfaceInfo       theInetInterfaceInfo;
-                                
-                                if (::OTInetGetInterfaceInfo(&theInetInterfaceInfo,kDefaultInetInterface) == noErr)
-                                {
-                                        theInetHost = theInetInterfaceInfo.fAddress;
-                                }
-                        }
-                
-                        ::OTInetHostToString(theInetHost,tempString);
-                        
-                        ConcatCStrToCStr(":",tempString,sizeof(tempString));
-                        ConcatLongIntToCStr(theInetAddress->fPort,tempString,sizeof(tempString));
-                }
-                
-                CopyCStrToCStr(tempString,outIPAndPort,inIPAndPortLength);
-        }
-}
-
-
-
-void MacSocket_GetRemoteIPAndPort(const int inSocketNum,char *outIPAndPort,const int inIPAndPortLength)
-{
-        if (outIPAndPort != nil && SocketIndexIsValid(inSocketNum))
-        {
-        char                    tempString[256];
-        SocketStruct    *theSocketStruct = &(sSockets[inSocketNum]);
-        
-                
-                CopyCStrToCStr("",tempString,sizeof(tempString));
-
-                if (theSocketStruct->mRemoteAddrInfo != nil)
-                {
-                InetAddress             *theInetAddress = (InetAddress *) theSocketStruct->mRemoteAddrInfo->addr.buf;
-                InetHost                theInetHost = theInetAddress->fHost;
-                        
-                        if (theInetHost == 0)
-                        {
-                        InetInterfaceInfo       theInetInterfaceInfo;
-                                
-                                if (::OTInetGetInterfaceInfo(&theInetInterfaceInfo,kDefaultInetInterface) == noErr)
-                                {
-                                        theInetHost = theInetInterfaceInfo.fAddress;
-                                }
-                        }
-                
-                        ::OTInetHostToString(theInetHost,tempString);
-                        
-                        ConcatCStrToCStr(":",tempString,sizeof(tempString));
-                        ConcatLongIntToCStr(theInetAddress->fPort,tempString,sizeof(tempString));
-                }
-                
-                CopyCStrToCStr(tempString,outIPAndPort,inIPAndPortLength);
-        }
-}
-
-
-
-Boolean MacSocket_RemoteEndIsClosing(const int inSocketNum)
-{
-Boolean         theResult = false;
-
-        if (SocketIndexIsValid(inSocketNum))
-        {
-        SocketStruct    *theSocketStruct = &(sSockets[inSocketNum]);
-
-                theResult = theSocketStruct->mReceivedTOrdRel;
-        }
-
-        return(theResult);
-}
-
-
-
-Boolean MacSocket_ListenCompleted(const int inSocketNum)
-{
-Boolean         theResult = false;
-
-        if (SocketIndexIsValid(inSocketNum))
-        {
-        SocketStruct    *theSocketStruct = &(sSockets[inSocketNum]);
-
-                theResult = theSocketStruct->mReceivedTPassCon;
-        }
-
-        return(theResult);
-}
-
-
-
-Boolean MacSocket_RemoteEndIsOpen(const int inSocketNum)
-{
-        if (SocketIndexIsValid(inSocketNum))
-        {
-        SocketStruct    *theSocketStruct = &(sSockets[inSocketNum]);
-        
-                return(theSocketStruct->mRemoteEndIsConnected);
-        }
-        
-        else
-        {
-                return(false);
-        }
-}
-
-
-
-Boolean MacSocket_LocalEndIsOpen(const int inSocketNum)
-{
-        if (SocketIndexIsValid(inSocketNum))
-        {
-        SocketStruct    *theSocketStruct = &(sSockets[inSocketNum]);
-        
-                return(theSocketStruct->mLocalEndIsConnected);
-        }
-        
-        else
-        {
-                return(false);
-        }
-}
-
-
-
-static Boolean TimeoutElapsed(const SocketStruct *inSocket)
-{
-Boolean         timeIsUp = false;
-
-        if (inSocket != nil && inSocket->mTimeoutTicks > 0 && ::TickCount() > inSocket->mOperationStartTicks + inSocket->mTimeoutTicks)
-        {
-                timeIsUp = true;
-        }
-        
-        
-        return(timeIsUp);
-}
-
-
-
-static Boolean SocketIndexIsValid(const int inSocketNum)
-{
-        if (inSocketNum >= 0 && inSocketNum < kMaxNumSockets && sSockets[inSocketNum].mEndPointRef != kOTInvalidEndpointRef)
-        {
-                return(true);
-        }
-        
-        else
-        {
-                return(false);
-        }
-}
-
-
-
-static void InitSocket(SocketStruct *ioSocket)
-{
-        ioSocket->mIsInUse = false;
-        
-        ioSocket->mEndpointIsBound = false;
-        
-        ioSocket->mLocalEndIsConnected = false;
-        ioSocket->mRemoteEndIsConnected = false;
-        
-        ioSocket->mReceivedTOpenComplete = false;
-        ioSocket->mReceivedTBindComplete = false;
-        ioSocket->mReceivedTConnect = false;
-        ioSocket->mReceivedTListen = false;
-        ioSocket->mReceivedTPassCon = false;
-        ioSocket->mReceivedTDisconnect = false;
-        ioSocket->mReceivedTOrdRel = false;
-        ioSocket->mReceivedTDisconnectComplete = false;
-        
-        ioSocket->mTimeoutTicks = 30 * 60;
-        ioSocket->mOperationStartTicks = -1;
-        
-        ioSocket->mIdleWaitCallback = nil;
-        ioSocket->mUserRefPtr = nil;
-        
-        ioSocket->mExpectedCode = 0;
-        ioSocket->mAsyncOperationResult = noErr;
-        
-        ioSocket->mEndPointRef = kOTInvalidEndpointRef;
-        
-        ioSocket->mBindRequestedAddrInfo = nil;
-        ioSocket->mAssignedAddrInfo = nil;
-        ioSocket->mRemoteAddrInfo = nil;
-        
-        ioSocket->mReadyToReadData = false;
-        ioSocket->mReadyToWriteData = true;
-        
-        ioSocket->mReadBuffer = nil;
-        ioSocket->mWriteBuffer = nil;
-
-        ioSocket->mLastError = noErr;
-        CopyCStrToCStr("",ioSocket->mErrMessage,sizeof(ioSocket->mErrMessage));
-}
-
-
-
-static void PrepareForAsyncOperation(SocketStruct *ioSocket,const OTEventCode inExpectedCode)
-{
-        ioSocket->mOperationStartTicks = ::TickCount();
-        
-        ioSocket->mAsyncOperationResult = noErr;
-        
-        ioSocket->mExpectedCode = inExpectedCode;
-}
-
-
-//      The wait function....
-
-static OSErr MyBusyWait(SocketStruct *ioSocket,Boolean returnImmediatelyOnError,OTResult *outOTResult,Boolean *inAsyncOperationCompleteFlag)
-{
-OSErr           errCode = noErr;
-OTResult        theOTResult = noErr;
-
-        
-        SetErrorMessageAndBailIfNil(ioSocket,"MyBusyWait: Bad parameter, ioSocket = nil");
-        SetErrorMessageAndBailIfNil(inAsyncOperationCompleteFlag,"MyBusyWait: Bad parameter, inAsyncOperationCompleteFlag = nil");
-        
-        for (;;) 
-        {
-                if (*inAsyncOperationCompleteFlag)
-                {
-                        theOTResult = ioSocket->mAsyncOperationResult;
-                        
-                        break;
-                }
-                
-                if (ioSocket->mIdleWaitCallback != nil)
-                {
-                        theOTResult = (*(ioSocket->mIdleWaitCallback))(ioSocket->mUserRefPtr);
-                        
-                        if (theOTResult != noErr && returnImmediatelyOnError)
-                        {
-                                break;
-                        }
-                }
-                
-                if (TimeoutElapsed(ioSocket))
-                {
-                        theOTResult = kMacSocket_TimeoutErr;
-                        
-                        break;
-                }
-        }
-
-
-EXITPOINT:
-        
-        if (outOTResult != nil)
-        {
-                *outOTResult = theOTResult;
-        }
-        
-        return(errCode);
-}
-
-
-
-//      I used to do thread switching, but stopped.  It could easily be rolled back in though....
-
-static pascal void OTNonYieldingNotifier(void *contextPtr,OTEventCode code,OTResult result,void *cookie)
-{
-SocketStruct *theSocketStruct = (SocketStruct *) contextPtr;
-        
-        if (theSocketStruct != nil)
-        {
-                if (theSocketStruct->mExpectedCode != 0 && code == theSocketStruct->mExpectedCode)
-                {
-                        theSocketStruct->mAsyncOperationResult = result;
-                        
-                        theSocketStruct->mExpectedCode = 0;
-                }
-                
-                
-                switch (code) 
-                {
-                        case T_OPENCOMPLETE:
-                        {
-                                theSocketStruct->mReceivedTOpenComplete = true;
-                                
-                                theSocketStruct->mEndPointRef = (EndpointRef) cookie;
-                                
-                                break;
-                        }
-
-                        
-                        case T_BINDCOMPLETE:
-                        {
-                                theSocketStruct->mReceivedTBindComplete = true;
-                                
-                                break;
-                        }
-                        
-
-                        case T_CONNECT:
-                        {
-                                theSocketStruct->mReceivedTConnect = true;
-
-                                theSocketStruct->mLocalEndIsConnected = true;
-                                
-                                theSocketStruct->mRemoteEndIsConnected = true;
-
-                                break;
-                        }
-                        
-
-                        case T_LISTEN:
-                        {
-                                theSocketStruct->mReceivedTListen = true;
-                                
-                                break;
-                        }
-                        
-
-                        case T_PASSCON:
-                        {
-                                theSocketStruct->mReceivedTPassCon = true;
-                                
-                                theSocketStruct->mLocalEndIsConnected = true;
-                                
-                                theSocketStruct->mRemoteEndIsConnected = true;
-
-                                break;
-                        }
-
-
-                        case T_DATA:
-                        {
-                                theSocketStruct->mReadyToReadData = true;
-                                
-                                break;
-                        }
-                        
-                        case T_GODATA:
-                        {
-                                theSocketStruct->mReadyToWriteData = true;
-                                
-                                break;
-                        }
-                        
-                        case T_DISCONNECT:
-                        {
-                                theSocketStruct->mReceivedTDisconnect = true;
-                                
-                                theSocketStruct->mRemoteEndIsConnected = false;
-                                
-                                theSocketStruct->mLocalEndIsConnected = false;
-                                
-                                ::OTRcvDisconnect(theSocketStruct->mEndPointRef,nil);
-                                
-                                break;
-                        }
-
-                        case T_ORDREL:
-                        {
-                                theSocketStruct->mReceivedTOrdRel = true;
-                                
-                                //      We can still write data, so don't clear mRemoteEndIsConnected
-                                
-                                ::OTRcvOrderlyDisconnect(theSocketStruct->mEndPointRef);
-                                
-                                break;
-                        }
-                        
-                        case T_DISCONNECTCOMPLETE:
-                        {
-                                theSocketStruct->mReceivedTDisconnectComplete = true;
-                                
-                                theSocketStruct->mRemoteEndIsConnected = false;
-                                
-                                theSocketStruct->mLocalEndIsConnected = false;
-                                
-                                break;
-                        }
-                }
-        }
-/*
-T_LISTEN OTListen
-T_CONNECT OTRcvConnect
-T_DATA OTRcv, OTRcvUData
-T_DISCONNECT OTRcvDisconnect
-T_ORDREL OTRcvOrderlyDisconnect
-T_GODATA OTSnd, OTSndUData, OTLook
-T_PASSCON none
-
-T_EXDATA OTRcv
-T_GOEXDATA OTSnd, OTLook
-T_UDERR OTRcvUDErr
-*/
-}
-
-
-
-//      Initialize the main socket data structure
-
-OSErr MacSocket_Startup(void)
-{
-        if (!sSocketsSetup)
-        {
-                for (int i = 0;i < kMaxNumSockets;i++)
-                {
-                        InitSocket(&(sSockets[i]));
-                }
-
-                ::InitOpenTransport();
-                
-                sSocketsSetup = true;
-        }
-        
-        
-        return(noErr);
-}
-
-
-
-//      Cleanup before exiting
-
-OSErr MacSocket_Shutdown(void)
-{
-        if (sSocketsSetup)
-        {
-                for (int i = 0;i < kMaxNumSockets;i++)
-                {
-                SocketStruct *theSocketStruct = &(sSockets[i]);
-                
-                        if (theSocketStruct->mIsInUse)
-                        {
-                                if (theSocketStruct->mEndPointRef != kOTInvalidEndpointRef)
-                                {
-                                OTResult        theOTResult;
-                                
-                                
-                                        //      Since we're killing the endpoint, I don't bother to send the disconnect (sorry!)
-
-/*
-                                        if (theSocketStruct->mLocalEndIsConnected)
-                                        {
-                                                //      This is an abortive action, so we do a hard disconnect instead of an OTSndOrderlyDisconnect
-                                                
-                                                theOTResult = ::OTSndDisconnect(theSocketStruct->mEndPointRef, nil);
-                                                
-                                                //      Now we have to watch for T_DISCONNECTCOMPLETE event
-                                                
-                                                theSocketStruct->mLocalEndIsConnected = false;
-                                        }
-*/                                      
-                                        
-                                        theOTResult = ::OTCloseProvider(theSocketStruct->mEndPointRef);
-                                        
-                                        
-                                        theSocketStruct->mEndPointRef = kOTInvalidEndpointRef;
-                                }
-                                
-                                if (theSocketStruct->mBindRequestedAddrInfo != nil)
-                                {
-                                        ::OTFree((void *) theSocketStruct->mBindRequestedAddrInfo,T_BIND);
-                                        
-                                        theSocketStruct->mBindRequestedAddrInfo = nil;
-                                }
-                                
-                                if (theSocketStruct->mAssignedAddrInfo != nil)
-                                {
-                                        ::OTFree((void *) theSocketStruct->mAssignedAddrInfo,T_BIND);
-                                        
-                                        theSocketStruct->mAssignedAddrInfo = nil;
-                                }
-                                
-                                if (theSocketStruct->mRemoteAddrInfo != nil)
-                                {
-                                        ::OTFree((void *) theSocketStruct->mRemoteAddrInfo,T_CALL);
-                                        
-                                        theSocketStruct->mRemoteAddrInfo = nil;
-                                }
-                                
-                                
-                        }
-                }
-                
-                ::CloseOpenTransport();
-
-                sSocketsSetup = false;
-        }
-        
-        return(noErr);
-}
-
-
-
-
-
-
-//      Allocate a socket
-
-OSErr MacSocket_socket(int *outSocketNum,const Boolean inDoThreadSwitching,const long inTimeoutTicks,MacSocket_IdleWaitCallback inIdleWaitCallback,void *inUserRefPtr)
-{
-//      Gotta roll support back in for threads eventually.....
-
-#pragma unused(inDoThreadSwitching)
-
-
-OSErr   errCode = noErr;
-
-        
-        SetErrorMessageAndBailIfNil(outSocketNum,"MacSocket_socket: Bad parameter, outSocketNum == nil");
-        
-        *outSocketNum = -1;
-        
-        
-        //      Find an unused socket
-        
-        for (int i = 0;i < kMaxNumSockets;i++)
-        {
-                if (sSockets[i].mIsInUse == false)
-                {
-                OTResult                theOTResult;
-                SocketStruct    *theSocketStruct = &(sSockets[i]);
-                
-                        
-                        InitSocket(theSocketStruct);
-                        
-                        theSocketStruct->mIdleWaitCallback = inIdleWaitCallback;
-                        theSocketStruct->mUserRefPtr = inUserRefPtr;
-                        
-                        theSocketStruct->mTimeoutTicks = inTimeoutTicks;
-                        
-
-                        //      Set up OT endpoint
-                        
-                        PrepareForAsyncOperation(theSocketStruct,T_OPENCOMPLETE);
-                        
-                        theOTResult = ::OTAsyncOpenEndpoint(OTCreateConfiguration(kTCPName),0,nil,OTNonYieldingNotifier,(void *) theSocketStruct);
-                        
-                        SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_socket: Can't create OT endpoint, OTAsyncOpenEndpoint() = ",theOTResult);
-                        
-                        BailIfError(MyBusyWait(theSocketStruct,false,&theOTResult,&(theSocketStruct->mReceivedTOpenComplete)));
-                                                                                                                                                                                
-                        SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_socket: Can't create OT endpoint, OTAsyncOpenEndpoint() = ",theOTResult);
-                        
-                        
-                        *outSocketNum = i;
-                        
-                        errCode = noErr;
-                        
-                        theSocketStruct->mIsInUse = true;
-                        
-                        break;
-                }
-                
-                else if (i == kMaxNumSockets - 1)
-                {
-                        SetErrorMessageAndBail("MacSocket_socket: No sockets available");
-                }
-        }
-
-
-EXITPOINT:
-        
-        errno = errCode;
-        
-        return(errCode);
-}
-
-
-
-
-OSErr MacSocket_listen(const int inSocketNum,const int inPortNum)
-{
-OSErr                   errCode = noErr;
-SocketStruct    *theSocketStruct = nil;
-
-
-        if (!SocketIndexIsValid(inSocketNum))
-        {
-                SetErrorMessageAndBail("MacSocket_listen: Invalid socket number specified");
-        }
-
-
-        theSocketStruct = &(sSockets[inSocketNum]);
-
-
-OTResult                theOTResult;
-        
-        
-        if (theSocketStruct->mBindRequestedAddrInfo == nil)
-        {
-                theSocketStruct->mBindRequestedAddrInfo = (TBind *) ::OTAlloc(theSocketStruct->mEndPointRef,T_BIND,T_ADDR,&theOTResult);
-                                                                                                                                                                        
-                SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_listen: Can't allocate OT T_BIND structure, OTAlloc() = ",theOTResult);
-                SetErrorMessageAndBailIfNil(theSocketStruct->mBindRequestedAddrInfo,"MacSocket_listen: Can't allocate OT T_BIND structure, OTAlloc() returned nil");
-        }
-        
-        if (theSocketStruct->mAssignedAddrInfo == nil)
-        {
-                theSocketStruct->mAssignedAddrInfo = (TBind *) ::OTAlloc(theSocketStruct->mEndPointRef,T_BIND,T_ADDR,&theOTResult);
-                                                                                                                                                                        
-                SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_listen: Can't allocate OT T_BIND structure, OTAlloc() = ",theOTResult);
-                SetErrorMessageAndBailIfNil(theSocketStruct->mAssignedAddrInfo,"MacSocket_listen: Can't allocate OT T_BIND structure, OTAlloc() returned nil");
-        }
-        
-        if (theSocketStruct->mRemoteAddrInfo == nil)
-        {
-                theSocketStruct->mRemoteAddrInfo = (TCall *) ::OTAlloc(theSocketStruct->mEndPointRef,T_CALL,T_ADDR,&theOTResult);
-                                                                                                                                                                        
-                SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_listen: Can't allocate OT T_CALL structure, OTAlloc() = ",theOTResult);
-                SetErrorMessageAndBailIfNil(theSocketStruct->mRemoteAddrInfo,"MacSocket_listen: Can't allocate OT T_CALL structure, OTAlloc() returned nil");
-        }
-        
-
-        if (!theSocketStruct->mEndpointIsBound)
-        {
-        InetInterfaceInfo       theInetInterfaceInfo;
-                
-                theOTResult = ::OTInetGetInterfaceInfo(&theInetInterfaceInfo,kDefaultInetInterface);
-                                                                                                                                                                        
-                SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_listen: Can't determine OT interface info, OTInetGetInterfaceInfo() = ",theOTResult);
-
-
-        InetAddress     *theInetAddress = (InetAddress *) theSocketStruct->mBindRequestedAddrInfo->addr.buf;
-                
-//              theInetAddress->fAddressType = AF_INET;
-//              theInetAddress->fPort = inPortNum;
-//              theInetAddress->fHost = theInetInterfaceInfo.fAddress;
-                
-                ::OTInitInetAddress(theInetAddress,inPortNum,theInetInterfaceInfo.fAddress);
-
-                theSocketStruct->mBindRequestedAddrInfo->addr.len = sizeof(InetAddress);
-                
-                theSocketStruct->mBindRequestedAddrInfo->qlen = 1;
-                
-                
-                theOTResult = ::OTSetSynchronous(theSocketStruct->mEndPointRef);
-                                                                                                                                                                        
-                SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_listen: Can't set OT endpoint mode, OTSetSynchronous() = ",theOTResult);
-                
-                theOTResult = NegotiateIPReuseAddrOption(theSocketStruct->mEndPointRef,true);
-                                                                                                                                                                        
-                SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_listen: Can't set OT IP address reuse flag, NegotiateIPReuseAddrOption() = ",theOTResult);
-                
-                theOTResult = ::OTSetAsynchronous(theSocketStruct->mEndPointRef);
-                                                                                                                                                                        
-                SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_listen: Can't set OT endpoint mode, OTSetAsynchronous() = ",theOTResult);
-
-                
-                PrepareForAsyncOperation(theSocketStruct,T_BINDCOMPLETE);
-                                
-                theOTResult = ::OTBind(theSocketStruct->mEndPointRef,theSocketStruct->mBindRequestedAddrInfo,theSocketStruct->mAssignedAddrInfo);
-                                                                                                                                                                        
-                SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_listen: Can't bind OT endpoint, OTBind() = ",theOTResult);
-                
-                BailIfError(MyBusyWait(theSocketStruct,false,&theOTResult,&(theSocketStruct->mReceivedTBindComplete)));
-                                                                                                                                                                        
-                SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_listen: Can't bind OT endpoint, OTBind() = ",theOTResult);
-                
-                
-                theSocketStruct->mEndpointIsBound = true;
-        }
-
-
-        PrepareForAsyncOperation(theSocketStruct,T_LISTEN);
-
-        theOTResult = ::OTListen(theSocketStruct->mEndPointRef,theSocketStruct->mRemoteAddrInfo);
-        
-        if (theOTResult == noErr)
-        {
-                PrepareForAsyncOperation(theSocketStruct,T_PASSCON);
-                
-                theOTResult = ::OTAccept(theSocketStruct->mEndPointRef,theSocketStruct->mEndPointRef,theSocketStruct->mRemoteAddrInfo);
-                
-                SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_listen: Can't begin OT accept, OTAccept() = ",theOTResult);
-                
-                BailIfError(MyBusyWait(theSocketStruct,false,&theOTResult,&(theSocketStruct->mReceivedTPassCon)));
-                                                                                                                                                                        
-                SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_listen: Can't accept OT connection, OTAccept() = ",theOTResult);
-        }
-        
-        else if (theOTResult == kOTNoDataErr)
-        {
-                theOTResult = noErr;
-        }
-        
-        else
-        {
-                SetErrorMessageAndLongIntAndBail("MacSocket_listen: Can't begin OT listen, OTListen() = ",theOTResult);
-        }
-
-
-        errCode = noErr;
-
-
-EXITPOINT:
-        
-        if (theSocketStruct != nil)
-        {
-                theSocketStruct->mLastError = noErr;
-                
-                CopyCStrToCStr("",theSocketStruct->mErrMessage,sizeof(theSocketStruct->mErrMessage));
-
-                if (errCode != noErr)
-                {
-                        theSocketStruct->mLastError = errCode;
-                        
-                        CopyCStrToCStr(GetErrorMessage(),theSocketStruct->mErrMessage,sizeof(theSocketStruct->mErrMessage));
-                }
-        }
-        
-        errno = errCode;
-        
-        return(errCode);
-}
-
-
-
-
-OSErr MacSocket_connect(const int inSocketNum,char *inTargetAddressAndPort)
-{
-OSErr                   errCode = noErr;
-SocketStruct    *theSocketStruct = nil;
-
-
-        if (!SocketIndexIsValid(inSocketNum))
-        {
-                SetErrorMessageAndBail("MacSocket_connect: Invalid socket number specified");
-        }
-
-        theSocketStruct = &(sSockets[inSocketNum]);
-
-        if (theSocketStruct->mEndpointIsBound)
-        {
-                SetErrorMessageAndBail("MacSocket_connect: Socket previously bound");
-        }
-
-        
-OTResult                theOTResult;
-
-        theSocketStruct->mBindRequestedAddrInfo = (TBind *) ::OTAlloc(theSocketStruct->mEndPointRef,T_BIND,T_ADDR,&theOTResult);
-                                                                                                                                                                
-        SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_connect: Can't allocate OT T_BIND structure, OTAlloc() = ",theOTResult);
-        SetErrorMessageAndBailIfNil(theSocketStruct->mBindRequestedAddrInfo,"MacSocket_connect: Can't allocate OT T_BIND structure, OTAlloc() returned nil");
-        
-
-        theSocketStruct->mAssignedAddrInfo = (TBind *) ::OTAlloc(theSocketStruct->mEndPointRef,T_BIND,T_ADDR,&theOTResult);
-                                                                                                                                                                
-        SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_connect: Can't allocate OT T_BIND structure, OTAlloc() = ",theOTResult);
-        SetErrorMessageAndBailIfNil(theSocketStruct->mAssignedAddrInfo,"MacSocket_connect: Can't allocate OT T_BIND structure, OTAlloc() returned nil");
-
-
-        theSocketStruct->mRemoteAddrInfo = (TCall *) ::OTAlloc(theSocketStruct->mEndPointRef,T_CALL,T_ADDR,&theOTResult);
-                                                                                                                                                                
-        SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_connect: Can't allocate OT T_CALL structure, OTAlloc() = ",theOTResult);
-        SetErrorMessageAndBailIfNil(theSocketStruct->mRemoteAddrInfo,"MacSocket_connect: Can't allocate OT T_CALL structure, OTAlloc() returned nil");
-
-        
-        PrepareForAsyncOperation(theSocketStruct,T_BINDCOMPLETE);
-
-        theOTResult = ::OTBind(theSocketStruct->mEndPointRef,nil,theSocketStruct->mAssignedAddrInfo);
-                                                                                                                                                                
-        SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_connect: Can't bind OT endpoint, OTBind() = ",theOTResult);
-        
-        BailIfError(MyBusyWait(theSocketStruct,false,&theOTResult,&(theSocketStruct->mReceivedTBindComplete)));
-                                                                                                                                                                
-        SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_connect: Can't bind OT endpoint, OTBind() = ",theOTResult);
-        
-        theSocketStruct->mEndpointIsBound = true;
-        
-
-TCall           sndCall;
-DNSAddress      hostDNSAddress;
-        
-        //      Set up target address
-        
-        sndCall.addr.buf = (UInt8 *) &hostDNSAddress;
-        sndCall.addr.len = ::OTInitDNSAddress(&hostDNSAddress,inTargetAddressAndPort);
-        sndCall.opt.buf = nil;
-        sndCall.opt.len = 0;
-        sndCall.udata.buf = nil;
-        sndCall.udata.len = 0;
-        sndCall.sequence = 0;
-                
-        //      Connect!
-        
-        PrepareForAsyncOperation(theSocketStruct,T_CONNECT);
-
-        theOTResult = ::OTConnect(theSocketStruct->mEndPointRef,&sndCall,nil);
-        
-        if (theOTResult == kOTNoDataErr)
-        {
-                theOTResult = noErr;
-        }
-                                                                                                
-        SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_connect: Can't connect OT endpoint, OTConnect() = ",theOTResult);
-        
-        BailIfError(MyBusyWait(theSocketStruct,false,&theOTResult,&(theSocketStruct->mReceivedTConnect)));
-        
-        if (theOTResult == kMacSocket_TimeoutErr)
-        {
-                SetErrorMessageAndBail("MacSocket_connect: Can't connect OT endpoint, OTConnect() = kMacSocket_TimeoutErr");
-        }
-        
-        else
-        {
-                SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_connect: Can't connect OT endpoint, OTConnect() = ",theOTResult);
-        }
-
-        theOTResult = ::OTRcvConnect(theSocketStruct->mEndPointRef,nil);
-                                                                                                
-        SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_connect: Can't complete connect on OT endpoint, OTRcvConnect() = ",theOTResult);
-
-
-        errCode = noErr;
-
-
-#ifdef MACSOCKET_DEBUG
-        printf("MacSocket_connect: connect completed\n");
-#endif
-
-EXITPOINT:
-        
-        if (theSocketStruct != nil)
-        {
-                theSocketStruct->mLastError = noErr;
-                
-                CopyCStrToCStr("",theSocketStruct->mErrMessage,sizeof(theSocketStruct->mErrMessage));
-
-                if (errCode != noErr)
-                {
-                        theSocketStruct->mLastError = errCode;
-                        
-                        CopyCStrToCStr(GetErrorMessage(),theSocketStruct->mErrMessage,sizeof(theSocketStruct->mErrMessage));
-                }
-        }
-        
-        errno = errCode;
-        
-        return(errCode);
-}
-
-
-
-
-//      Close a connection
-
-OSErr MacSocket_close(const int inSocketNum)
-{
-OSErr                   errCode = noErr;
-SocketStruct    *theSocketStruct = nil;
-
-
-        if (!SocketIndexIsValid(inSocketNum))
-        {
-                SetErrorMessageAndBail("MacSocket_close: Invalid socket number specified");
-        }
-
-
-        theSocketStruct = &(sSockets[inSocketNum]);
-        
-        if (theSocketStruct->mEndPointRef != kOTInvalidEndpointRef)
-        {
-        OTResult                theOTResult = noErr;
-        
-                //      Try to play nice
-                
-                if (theSocketStruct->mReceivedTOrdRel)
-                {
-                        //      Already did an OTRcvOrderlyDisconnect() in the notifier
-                
-                        if (theSocketStruct->mLocalEndIsConnected)
-                        {
-                                theOTResult = ::OTSndOrderlyDisconnect(theSocketStruct->mEndPointRef);
-                                
-                                theSocketStruct->mLocalEndIsConnected = false;
-                        }
-                }
-                
-                else if (theSocketStruct->mLocalEndIsConnected)
-                {
-                        theOTResult = ::OTSndOrderlyDisconnect(theSocketStruct->mEndPointRef);
-                        
-                        theSocketStruct->mLocalEndIsConnected = false;
-                        
-                        //      Wait for other end to hang up too!
-                        
-//                      PrepareForAsyncOperation(theSocketStruct,T_ORDREL);
-//
-//                      errCode = MyBusyWait(theSocketStruct,false,&theOTResult,&(theSocketStruct->mReceivedTOrdRel));
-                }
-                
-                
-                if (theOTResult != noErr)
-                {
-                        ::OTCloseProvider(theSocketStruct->mEndPointRef);
-                }
-                
-                else
-                {
-                        theOTResult = ::OTCloseProvider(theSocketStruct->mEndPointRef);
-                }
-
-                theSocketStruct->mEndPointRef = kOTInvalidEndpointRef;
-                
-                errCode = theOTResult;
-        }
-
-
-        theSocketStruct->mIsInUse = false;
-
-        
-EXITPOINT:
-        
-        if (theSocketStruct != nil)
-        {
-                theSocketStruct->mLastError = noErr;
-                
-                CopyCStrToCStr("",theSocketStruct->mErrMessage,sizeof(theSocketStruct->mErrMessage));
-
-                if (errCode != noErr)
-                {
-                        theSocketStruct->mLastError = errCode;
-                        
-                        CopyCStrToCStr(GetErrorMessage(),theSocketStruct->mErrMessage,sizeof(theSocketStruct->mErrMessage));
-                }
-        }
-
-        errno = errCode;
-                
-        return(errCode);
-}
-
-
-
-
-//      Receive some bytes
-
-int MacSocket_recv(const int inSocketNum,void *outBuff,int outBuffLength,const Boolean inBlock)
-{
-OSErr                   errCode = noErr;
-int                             totalBytesRead = 0;
-SocketStruct    *theSocketStruct = nil;
-
-        
-        SetErrorMessageAndBailIfNil(outBuff,"MacSocket_recv: Bad parameter, outBuff = nil");
-        
-        if (outBuffLength <= 0)
-        {
-                SetErrorMessageAndBail("MacSocket_recv: Bad parameter, outBuffLength <= 0");
-        }
-        
-        if (!SocketIndexIsValid(inSocketNum))
-        {
-                SetErrorMessageAndBail("MacSocket_recv: Invalid socket number specified");
-        }
-
-        theSocketStruct = &(sSockets[inSocketNum]);
-
-        if (!theSocketStruct->mLocalEndIsConnected)
-        {
-                SetErrorMessageAndBail("MacSocket_recv: Socket not connected");
-        }
-
-        if (theSocketStruct->mReceivedTOrdRel)
-        {
-                totalBytesRead = 0;
-                
-                goto EXITPOINT;
-        }
-
-        
-        PrepareForAsyncOperation(theSocketStruct,0);
-        
-        for (;;)
-        {
-        int                     bytesRead;
-        OTResult        theOTResult;
-        
-        
-                theOTResult = ::OTRcv(theSocketStruct->mEndPointRef,(void *) ((unsigned long) outBuff + (unsigned long) totalBytesRead),outBuffLength - totalBytesRead,nil);
-                
-                if (theOTResult >= 0)
-                {
-                        bytesRead = theOTResult;
-                        
-#ifdef MACSOCKET_DEBUG
-        printf("MacSocket_recv: read %d bytes in part\n",bytesRead);
-#endif
-                }
-                
-                else if (theOTResult == kOTNoDataErr)
-                {
-                        bytesRead = 0;
-                }
-                
-                else
-                {
-                        SetErrorMessageAndLongIntAndBail("MacSocket_recv: Can't receive OT data, OTRcv() = ",theOTResult);
-                }
-                
-                
-                totalBytesRead += bytesRead;
-                
-                
-                if (totalBytesRead <= 0)
-                {
-                        if (theSocketStruct->mReceivedTOrdRel)
-                        {
-                                break;
-                        }
-                        
-                        //      This seems pretty stupid to me now.  Maybe I'll delete this blocking garbage.
-                        
-                        if (inBlock)
-                        {
-                                if (TimeoutElapsed(theSocketStruct))
-                                {
-                                        SetErrorCodeAndMessageAndBail(kMacSocket_TimeoutErr,"MacSocket_recv: Receive operation timed-out");
-                                }
-                                
-                                if (theSocketStruct->mIdleWaitCallback != nil)
-                                {
-                                        theOTResult = (*(theSocketStruct->mIdleWaitCallback))(theSocketStruct->mUserRefPtr);
-                                        
-                                        SetErrorMessageAndBailIfError(theOTResult,"MacSocket_recv: User cancelled operation");
-                                }
-                                
-                                continue;
-                        }
-                }
-                
-                
-                break;
-        }
-        
-        errCode = noErr;
-
-
-#ifdef MACSOCKET_DEBUG
-        printf("MacSocket_recv: read %d bytes in total\n",totalBytesRead);
-#endif
-        
-        
-EXITPOINT:
-        
-        if (theSocketStruct != nil)
-        {
-                theSocketStruct->mLastError = noErr;
-                
-                CopyCStrToCStr("",theSocketStruct->mErrMessage,sizeof(theSocketStruct->mErrMessage));
-
-                if (errCode != noErr)
-                {
-                        theSocketStruct->mLastError = errCode;
-                        
-                        CopyCStrToCStr(GetErrorMessage(),theSocketStruct->mErrMessage,sizeof(theSocketStruct->mErrMessage));
-                }
-        }
-
-        errno = errCode;
-        
-        return(totalBytesRead);
-}
-
-
-
-//      Send some bytes
-
-int MacSocket_send(const int inSocketNum,const void *inBuff,int inBuffLength)
-{
-OSErr                   errCode = noErr;
-int                             bytesSent = 0;
-SocketStruct    *theSocketStruct = nil;
-
-
-        SetErrorMessageAndBailIfNil(inBuff,"MacSocket_send: Bad parameter, inBuff = nil");
-        
-        if (inBuffLength <= 0)
-        {
-                SetErrorMessageAndBail("MacSocket_send: Bad parameter, inBuffLength <= 0");
-        }
-
-        if (!SocketIndexIsValid(inSocketNum))
-        {
-                SetErrorMessageAndBail("MacSocket_send: Invalid socket number specified");
-        }
-        
-
-        theSocketStruct = &(sSockets[inSocketNum]);
-        
-        if (!theSocketStruct->mLocalEndIsConnected)
-        {
-                SetErrorMessageAndBail("MacSocket_send: Socket not connected");
-        }
-
-
-OTResult                theOTResult;
-        
-
-        PrepareForAsyncOperation(theSocketStruct,0);
-
-        while (bytesSent < inBuffLength)
-        {
-                if (theSocketStruct->mIdleWaitCallback != nil)
-                {
-                        theOTResult = (*(theSocketStruct->mIdleWaitCallback))(theSocketStruct->mUserRefPtr);
-                        
-                        SetErrorMessageAndBailIfError(theOTResult,"MacSocket_send: User cancelled");
-                }
-
-
-                theOTResult = ::OTSnd(theSocketStruct->mEndPointRef,(void *) ((unsigned long) inBuff + bytesSent),inBuffLength - bytesSent,0);
-                
-                if (theOTResult >= 0)
-                {
-                        bytesSent += theOTResult;
-                        
-                        theOTResult = noErr;
-                        
-                        //      Reset timer....
-                        
-                        PrepareForAsyncOperation(theSocketStruct,0);
-                }
-                
-                if (theOTResult == kOTFlowErr)
-                {
-                        if (TimeoutElapsed(theSocketStruct))
-                        {
-                                SetErrorCodeAndMessageAndBail(kMacSocket_TimeoutErr,"MacSocket_send: Send timed-out")
-                        }
-
-                        theOTResult = noErr;
-                }
-                                                                                                        
-                SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_send: Can't send OT data, OTSnd() = ",theOTResult);
-        }
-
-        
-        errCode = noErr;
-
-#ifdef MACSOCKET_DEBUG
-        printf("MacSocket_send: sent %d bytes\n",bytesSent);
-#endif
-        
-        
-EXITPOINT:
-        
-        if (theSocketStruct != nil)
-        {
-                theSocketStruct->mLastError = noErr;
-                
-                CopyCStrToCStr("",theSocketStruct->mErrMessage,sizeof(theSocketStruct->mErrMessage));
-
-                if (errCode != noErr)
-                {
-                        theSocketStruct->mLastError = errCode;
-                        
-                        CopyCStrToCStr(GetErrorMessage(),theSocketStruct->mErrMessage,sizeof(theSocketStruct->mErrMessage));
-                }
-        }
-        
-        if (errCode != noErr)
-        {
-                ::SysBeep(1);
-        }
-        
-        errno = errCode;
-        
-        return(bytesSent);
-}
-
-
-
-
-
-static OSStatus NegotiateIPReuseAddrOption(EndpointRef inEndpoint,const Boolean inEnableReuseIP)
-{
-OSStatus        errCode;
-UInt8           buf[kOTFourByteOptionSize];
-TOption*        theOTOption;
-TOptMgmt        theOTRequest;
-TOptMgmt        theOTResult;
-        
-
-        if (!OTIsSynchronous(inEndpoint))
-        {
-                SetErrorMessageAndBail("NegotiateIPReuseAddrOption: Open Transport endpoint is not synchronous");
-        }
-        
-        theOTRequest.opt.buf = buf;
-        theOTRequest.opt.len = sizeof(buf);
-        theOTRequest.flags = T_NEGOTIATE;
-
-        theOTResult.opt.buf = buf;
-        theOTResult.opt.maxlen = kOTFourByteOptionSize;
-
-
-        theOTOption = (TOption *) buf;
-        
-        theOTOption->level = INET_IP;
-        theOTOption->name = IP_REUSEADDR;
-        theOTOption->len = kOTFourByteOptionSize;
-        theOTOption->status = 0;
-        *((UInt32 *) (theOTOption->value)) = inEnableReuseIP;
-
-        errCode = ::OTOptionManagement(inEndpoint,&theOTRequest,&theOTResult);
-        
-        if (errCode == kOTNoError)
-        {
-                if (theOTOption->status != T_SUCCESS)
-                {
-                        errCode = theOTOption->status;
-                }
-                
-                else
-                {
-                        errCode = kOTNoError;
-                }
-        }
-                                
-
-EXITPOINT:
-        
-        errno = errCode;
-        
-        return(errCode);
-}
-
-
-
-
-
-//      Some rough notes....
-
-
-
-//      OTAckSends(ep);
-//      OTAckSends(ep) // enable AckSend option
-//      ......
-//      buf = OTAllocMem( nbytes); // Allocate nbytes of memory from OT
-//      OTSnd(ep, buf, nbytes, 0); // send a packet
-//      ......
-//      NotifyProc( .... void* theParam) // Notifier Proc
-//      case T_MEMORYRELEASED: // process event
-//      OTFreeMem( theParam); // free up memory
-//      break;
-
-
-
-/*
-struct InetInterfaceInfo
-{
-        InetHost                fAddress;
-        InetHost                fNetmask;
-        InetHost                fBroadcastAddr;
-        InetHost                fDefaultGatewayAddr;
-        InetHost                fDNSAddr;
-        UInt16                  fVersion;
-        UInt16                  fHWAddrLen;
-        UInt8*                  fHWAddr;
-        UInt32                  fIfMTU;
-        UInt8*                  fReservedPtrs[2];
-        InetDomainName  fDomainName;
-        UInt32                  fIPSecondaryCount;
-        UInt8                   fReserved[252];                 
-};
-typedef struct InetInterfaceInfo InetInterfaceInfo;
-
-
-
-((InetAddress *) addr.buf)->fHost
-
-struct TBind
-{
-        TNetbuf addr;
-        OTQLen  qlen;
-};
-
-typedef struct TBind    TBind;
-
-struct TNetbuf
-{
-        size_t  maxlen;
-        size_t  len;
-        UInt8*  buf;
-};
-
-typedef struct TNetbuf  TNetbuf;
-
-        
-        struct InetAddress
-{
-                OTAddressType   fAddressType;   // always AF_INET
-                InetPort                fPort;                  // Port number 
-                InetHost                fHost;                  // Host address in net byte order
-                UInt8                   fUnused[8];             // Traditional unused bytes
-};
-typedef struct InetAddress InetAddress;
-*/
-
-
-
-/*
-static pascal void Notifier(void* context, OTEventCode event, OTResult result, void* cookie)
-{
-EPInfo* epi = (EPInfo*) context;
-
-        switch (event)
-        {
-                case T_LISTEN:
-                {
-                        DoListenAccept();
-                        return;
-                }
-                
-                case T_ACCEPTCOMPLETE:
-                {
-                        if (result != kOTNoError)
-                                DBAlert1("Notifier: T_ACCEPTCOMPLETE - result %d",result);
-                        return;
-                }
-                
-                case T_PASSCON:
-                {
-                        if (result != kOTNoError)
-                        {
-                                DBAlert1("Notifier: T_PASSCON result %d", result);
-                                return;
-                        }
-
-                        OTAtomicAdd32(1, &gCntrConnections);
-                        OTAtomicAdd32(1, &gCntrTotalConnections);
-                        OTAtomicAdd32(1, &gCntrIntervalConnects);
-                        
-                        if ( OTAtomicSetBit(&epi->stateFlags, kPassconBit) != 0 )
-                        {
-                                ReadData(epi);
-                        }
-                        
-                        return;
-                }
-                
-                case T_DATA:
-                {
-                        if ( OTAtomicSetBit(&epi->stateFlags, kPassconBit) != 0 )
-                        {
-                                ReadData(epi);
-                        }
-                        
-                        return;
-                }
-                
-                case T_GODATA:
-                {
-                        SendData(epi);
-                        return;
-                }
-                
-                case T_DISCONNECT:
-                {
-                        DoRcvDisconnect(epi);
-                        return;
-                }
-                
-                case T_DISCONNECTCOMPLETE:
-                {
-                        if (result != kOTNoError)
-                                DBAlert1("Notifier: T_DISCONNECT_COMPLETE result %d",result);
-                                
-                        return;
-                }
-                
-                case T_MEMORYRELEASED:
-                {
-                        OTAtomicAdd32(-1, &epi->outstandingSends);
-                        return;
-                }
-                
-                default:
-                {
-                        DBAlert1("Notifier: unknown event <%x>", event);
-                        return;
-                }
-        }
-}
-*/
diff --git a/src/lib/libssl/src/MacOS/GetHTTPS.src/MacSocket.h b/src/lib/libssl/src/MacOS/GetHTTPS.src/MacSocket.h
deleted file mode 100644
index ad59dc9e4f..0000000000
--- a/src/lib/libssl/src/MacOS/GetHTTPS.src/MacSocket.h
+++ /dev/null
@@ -1,103 +0,0 @@
-#pragma once
-
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
-
-enum
-{
-        kMacSocket_TimeoutErr = -2
-};
-
-
-//      Since MacSocket does busy waiting, I do a callback while waiting
-
-typedef OSErr (*MacSocket_IdleWaitCallback)(void *);
-
-
-//      Call this before anything else!
-
-OSErr MacSocket_Startup(void);
-
-
-//      Call this to cleanup before quitting
-
-OSErr MacSocket_Shutdown(void);
-
-
-//      Call this to allocate a "socket" (reference number is returned in outSocketNum)
-//      Note that inDoThreadSwitching is pretty much irrelevant right now, since I ignore it
-//      The inTimeoutTicks parameter is applied during reads/writes of data
-//      The inIdleWaitCallback parameter specifies a callback which is called during busy-waiting periods
-//      The inUserRefPtr parameter is passed back to the idle-wait callback
-
-OSErr MacSocket_socket(int *outSocketNum,const Boolean inDoThreadSwitching,const long inTimeoutTicks,MacSocket_IdleWaitCallback inIdleWaitCallback,void *inUserRefPtr);
-
-
-//      Call this to connect to an IP/DNS address
-//      Note that inTargetAddressAndPort is in "IP:port" format-- e.g. 10.1.1.1:123
-
-OSErr MacSocket_connect(const int inSocketNum,char *inTargetAddressAndPort);
-
-
-//      Call this to listen on a port
-//      Since this a low-performance implementation, I allow a maximum of 1 (one!) incoming request when I listen
-
-OSErr MacSocket_listen(const int inSocketNum,const int inPortNum);
-
-
-//      Call this to close a socket
-
-OSErr MacSocket_close(const int inSocketNum);
-
-
-//      Call this to receive data on a socket
-//      Most parameters' purpose are obvious-- except maybe "inBlock" which controls whether I wait for data or return immediately
-
-int MacSocket_recv(const int inSocketNum,void *outBuff,int outBuffLength,const Boolean inBlock);
-
-
-//      Call this to send data on a socket
-
-int MacSocket_send(const int inSocketNum,const void *inBuff,int inBuffLength);
-
-
-//      If zero bytes were read in a call to MacSocket_recv(), it may be that the remote end has done a half-close
-//      This function will let you check whether that's true or not
-
-Boolean MacSocket_RemoteEndIsClosing(const int inSocketNum);
-
-
-//      Call this to see if the listen has completed after a call to MacSocket_listen()
-
-Boolean MacSocket_ListenCompleted(const int inSocketNum);
-
-
-//      These really aren't very useful anymore
-
-Boolean MacSocket_LocalEndIsOpen(const int inSocketNum);
-Boolean MacSocket_RemoteEndIsOpen(const int inSocketNum);
-
-
-//      You may wish to change the userRefPtr for a socket callback-- use this to do it
-
-void MacSocket_SetUserRefPtr(const int inSocketNum,void *inNewRefPtr);
-
-
-//      Call these to get the socket's IP:port descriptor
-
-void MacSocket_GetLocalIPAndPort(const int inSocketNum,char *outIPAndPort,const int inIPAndPortLength);
-void MacSocket_GetRemoteIPAndPort(const int inSocketNum,char *outIPAndPort,const int inIPAndPortLength);
-
-
-//      Call this to get error info from a socket
-
-void MacSocket_GetSocketErrorInfo(const int inSocketNum,int *outSocketErrCode,char *outSocketErrString,const int inSocketErrStringMaxLength);
-
-
-#ifdef __cplusplus
-}
-#endif
diff --git a/src/lib/libssl/src/MacOS/OpenSSL.mcp.hqx b/src/lib/libssl/src/MacOS/OpenSSL.mcp.hqx
deleted file mode 100644
index c357ea5af9..0000000000
--- a/src/lib/libssl/src/MacOS/OpenSSL.mcp.hqx
+++ /dev/null
@@ -1,4940 +0,0 @@
-(This file must be converted with BinHex 4.0)
-
-:#dp`C@j68d`ZE@0`!%e08(*$9dP&!!!!!jeU!!!!!0U2Bfp[E!!!!!-!!!%S!!1
-%3J!$K@S!!"J!!!!"!!%#!3!!!!!!!!!!!%0[C'9ABA*bD@pb)&"bEfTPBh3!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"(CA4)9&4
-38b"38%-k4'9LG@GRCA)J8R9ZG'PYC3"(CA4)9&438b"38%-k8fpeFQ0P)&4bC@9
-c!%GPG%K89&"6)&"33cT$GA0dEfdJ5f9jGfpbC(-!4f9d5&488&-J8&"$1N&MBf9
-cFb"3BA4SF`"(CA4)9&438b"38%-k9'&bCf9d)&0PG(4TEQGc!%GPG%K89&"6)&"
-33cT'D@aP)%eKF("TEQGc!%GPG%K89&"6)&"33cT#G@PXC#"&H(4bBA-!4f9d5&4
-88&-J8&"$1N4PBR9RCf9b)&4KFQGPG!"(CA4)9&438b"38%-k0MK,)%0[C'9(C@i
-!4f9d5&488&-J8&"$1MBi5b"%DA0KFh0PE@*XCA)!4f9d5&488&-J8&"$1MBi5b"
-(E'pLB@`J6h"dD@eTHQ9b!%GPG%K89&"6)&"33cSf1%XJ6'PZDf9b!%GPG%K89&"
-6)&"33cSf1%XJ8(*[DQ9MG!"(CA4)9&438b"38%-k3bp$+bXJ3fpYF'PXCA)!4f9
-d5&488&-J8&"$1N-[3bXV)&GKFQjTEQGc!%GPG%K89&"6)&"33cT$4Ndf1%X!4f9
-d5&488&-J8&"$1NeKBdp6)%ePFQGP)&"KEQ9X!%GPG%K89&"6)&"33cT38%-J3fp
-NC8GPEJ"(CA4)9&438b"38%-k8&"$)%4TFf&cFf9YBQaPFJ"(CA4)9&438b"38%-
-k8&"$)%GXEf*KE#"2F(4TE@PkCA)!4f9d5&488&-J8&"$1P"33b"-D@jVCA)!4f9
-d5&488&-J8&"$1P"33b"348B!4f9d5&488&-J8&"$1P"33b"3FQpUC@0d!%GPG%K
-89&"6)&"33cT38%0"FfdJ8'&ZC@`!4f9d5&488&-J8&"$1P*PHL"$Efe`D@aPFJ"
-2F'9Z8e0-)&"33cT%C@*eCfGPFL"5G@jdD@eP!%p`C@j68d`J8&"$1P0[GA*MC5"
-8FQ9PF`"2F'9Z8e0-)&"33cT$GA0dEfdJ5f9jGfpbC(-!6h"PEP066#"38%-k3@0
-MCA0c)&"KG'Kc!%p`C@j68d`J8&"$1P4KFQGPG#"6CA4dD@jRF`"2F'9Z8e0-)&"
-33cT'D@aP)%eKF("TEQGc!%p`C@j68d`J8&"$1N*eD@aN)%9iG(*KF`"2F'9Z8e0
--)&"33cT%C@*eCfGPFL"8BA*RCA3!6h"PEP066#"38%-k0MK,)%0[C'9(C@i!6h"
-PEP066#"38%-k0MK,)%4TFf&cFf9YBQaPFJ"2F'9Z8e0-)&"33cSf1%XJ4fa[BQ&
-X)%p`G'PYDATPFJ"2F'9Z8e0-)&"33cSf1%XJ6'PZDf9b!%p`C@j68d`J8&"$1MB
-i5b"3FQpUC@0d!%p`C@j68d`J8&"$1N-[3bXV)%0[EA"TE'9b!%p`C@j68d`J8&"
-$1N-[3bXV)&GKFQjTEQGc!%p`C@j68d`J8&"$1N0'66Bi5`"2F'9Z8e0-)&"33cT
-0B@028b"0CA*RC5"3B@jPE!"2F'9Z8e0-)&"33cT38%-J3fpNC8GPEJ"2F'9Z8e0
--)&"33cT38%-J4'PcBA0cC@eLE'9b!%p`C@j68d`J8&"$1P"33b"(E'pLB@`J6h"
-dD@eTHQ9b!%p`C@j68d`J8&"$1P"33b"-D@jVCA)!6h"PEP066#"38%-k8&"$)&"
-&4J"2F'9Z8e0-)&"33cT38%-J8(*[DQ9MG!"2F'9Z8e0-)&"33cT38%0"FfdJ8'&
-ZC@`!6h"PEP066#"38%-k8Q9k)%0[EA"TE'9b!%GPG%K89&"6)$Bi5cT%C@*eCfG
-PFL"5G@jdD@eP!%GPG%K89&"6)$Bi5cT6Eh9bBf8J9(*PCA-!4f9d5&488&-J0MK
-,1N0eFh4[E5",CAPhEh*NF`"(CA4)9&438b!f1%Xk3@0MCA0c)&"KG'Kc!%GPG%K
-89&"6)$Bi5cT8BA*RCA3J8f9dG'PZCh-!4f9d5&488&-J0MK,1NCTE'8J6@&`F'P
-ZCh-!4f9d5&488&-J0MK,1N*eD@aN)%9iG(*KF`"(CA4)9&438b!f1%Xk4'9LG@G
-RCA)J9'&bCf9d!%GPG%K89&"6)$Bi5cSf1%XJ3fpNC8GPEJ"(CA4)9&438b!f1%X
-k0MK,)%4TFf&cFf9YBQaPFJ"(CA4)9&438b!f1%Xk0MK,)%GXEf*KE#"2F(4TE@P
-kCA)!4f9d5&488&-J0MK,1MBi5b"-D@jVCA)!4f9d5&488&-J0MK,1MBi5b"3FQp
-UC@0d!%GPG%K89&"6)$Bi5cT$,d-V+b"$Efe`D@aPFJ"(CA4)9&438b!f1%Xk3bp
-$+bXJ9f&bEQPZCh-!4f9d5&488&-J0MK,1N0'66Bi5`"(CA4)9&438b!f1%Xk6@&
-M6e-J6@9bCf8J8'&ZC@`!4f9d5&488&-J0MK,1P"33b"$Ef4P4f9Z!%GPG%K89&"
-6)$Bi5cT38%-J4'PcBA0cC@eLE'9b!%GPG%K89&"6)$Bi5cT38%-J4fa[BQ&X)%p
-`G'PYDATPFJ"(CA4)9&438b!f1%Xk8&"$)%aTEQYPFJ"(CA4)9&438b!f1%Xk8&"
-$)&"&4J"(CA4)9&438b!f1%Xk8&"$)&"bEfTPBh3!4f9d5&488&-J0MK,1P"33d&
-cE5"3B@jPE!"(CA4)9&438b!f1%Xk8Q9k)%0[EA"TE'9b!%aTBP066#!f1%Xk4'9
-LG@GRCA)J8R9ZG'PYC3"-D@*68d`J0MK,1P0[GA*MC5"8FQ9PF`"-D@*68d`J0MK
-,1N0eFh4[E5",CAPhEh*NF`"-D@*68d`J0MK,1N&MBf9cFb"3BA4SF`"-D@*68d`
-J0MK,1P4KFQGPG#"6CA4dD@jRF`"-D@*68d`J0MK,1NCTE'8J6@&`F'PZCh-!6'P
-L8e0-)$Bi5cT#G@PXC#"&H(4bBA-!6'PL8e0-)$Bi5cT%C@*eCfGPFL"8BA*RCA3
-!6'PL8e0-)$Bi5cSf1%XJ3fpNC8GPEJ"-D@*68d`J0MK,1MBi5b"%DA0KFh0PE@*
-XCA)!6'PL8e0-)$Bi5cSf1%XJ4fa[BQ&X)%p`G'PYDATPFJ"-D@*68d`J0MK,1MB
-i5b"-D@jVCA)!6'PL8e0-)$Bi5cSf1%XJ8(*[DQ9MG!"-D@*68d`J0MK,1N-[3bX
-V)%0[EA"TE'9b!%aTBP066#!f1%Xk3bp$+bXJ9f&bEQPZCh-!6'PL8e0-)$Bi5cT
-$4Ndf1%X!6'PL8e0-)$Bi5cT0B@028b"0CA*RC5"3B@jPE!"-D@*68d`J0MK,1P"
-33b"$Ef4P4f9Z!%aTBP066#!f1%Xk8&"$)%4TFf&cFf9YBQaPFJ"-D@*68d`J0MK
-,1P"33b"(E'pLB@`J6h"dD@eTHQ9b!%aTBP066#!f1%Xk8&"$)%aTEQYPFJ"-D@*
-68d`J0MK,1P"33b"348B!6'PL8e0-)$Bi5cT38%-J8(*[DQ9MG!"-D@*68d`J0MK
-,1P"33d&cE5"3B@jPE!"-D@*68d`J0MK,1P*PHL"$Efe`D@aPFJ"2F'9Z8e0-)$B
-iDcT%C@*eCfGPFL"5G@jdD@eP!%p`C@j68d`J0MKV1P0[GA*MC5"8FQ9PF`"2F'9
-Z8e0-)$BiDcT$GA0dEfdJ5f9jGfpbC(-!6h"PEP066#!f1'Xk3@0MCA0c)&"KG'K
-c!%p`C@j68d`J0MKV1P4KFQGPG#"6CA4dD@jRF`"2F'9Z8e0-)$BiDcT'D@aP)%e
-KF("TEQGc!%p`C@j68d`J0MKV1N*eD@aN)%9iG(*KF`"2F'9Z8e0-)$BiDcT%C@*
-eCfGPFL"8BA*RCA3!6h"PEP066#!f1'Xk0MK,)%0[C'9(C@i!6h"PEP066#!f1'X
-k0MK,)%4TFf&cFf9YBQaPFJ"2F'9Z8e0-)$BiDcSf1%XJ4fa[BQ&X)%p`G'PYDAT
-PFJ"2F'9Z8e0-)$BiDcSf1%XJ6'PZDf9b!%p`C@j68d`J0MKV1MBi5b"3FQpUC@0
-d!%p`C@j68d`J0MKV1N-[3bXV)%0[EA"TE'9b!%p`C@j68d`J0MKV1N-[3bXV)&G
-KFQjTEQGc!%p`C@j68d`J0MKV1N0'66Bi5`"2F'9Z8e0-)$BiDcT0B@028b"0CA*
-RC5"3B@jPE!"2F'9Z8e0-)$BiDcT38%-J3fpNC8GPEJ"2F'9Z8e0-)$BiDcT38%-
-J4'PcBA0cC@eLE'9b!%p`C@j68d`J0MKV1P"33b"(E'pLB@`J6h"dD@eTHQ9b!%p
-`C@j68d`J0MKV1P"33b"-D@jVCA)!6h"PEP066#!f1'Xk8&"$)&"&4J"2F'9Z8e0
--)$BiDcT38%-J8(*[DQ9MG!"2F'9Z8e0-)$BiDcT38%0"FfdJ8'&ZC@`!6h"PEP0
-66#!f1'Xk8Q9k)%0[EA"TE'9b!%aTBP066#"38%-k4'9LG@GRCA)J8R9ZG'PYC3"
--D@*68d`J8&"$1P0[GA*MC5"8FQ9PF`"-D@*68d`J8&"$1N0eFh4[E5",CAPhEh*
-NF`"-D@*68d`J8&"$1N&MBf9cFb"3BA4SF`"-D@*68d`J8&"$1P4KFQGPG#"6CA4
-dD@jRF`"-D@*68d`J8&"$1NCTE'8J6@&`F'PZCh-!6'PL8e0-)&"33cT#G@PXC#"
-&H(4bBA-!6'PL8e0-)&"33cT%C@*eCfGPFL"8BA*RCA3!6'PL8e0-)&"33cSf1%X
-J3fpNC8GPEJ"-D@*68d`J8&"$1MBi5b"%DA0KFh0PE@*XCA)!6'PL8e0-)&"33cS
-f1%XJ4fa[BQ&X)%p`G'PYDATPFJ"-D@*68d`J8&"$1MBi5b"-D@jVCA)!6'PL8e0
--)&"33cSf1%XJ8(*[DQ9MG!"-D@*68d`J8&"$1N-[3bXV)%0[EA"TE'9b!%aTBP0
-66#"38%-k3bp$+bXJ9f&bEQPZCh-!6'PL8e0-)&"33cT$4Ndf1%X!6'PL8e0-)&"
-33cT0B@028b"0CA*RC5"3B@jPE!"-D@*68d`J8&"$1P"33b"$Ef4P4f9Z!%aTBP0
-66#"38%-k8&"$)%4TFf&cFf9YBQaPFJ"-D@*68d`J8&"$1P"33b"(E'pLB@`J6h"
-dD@eTHQ9b!%aTBP066#"38%-k8&"$)%aTEQYPFJ"-D@*68d`J8&"$1P"33b"348B
-!6'PL8e0-)&"33cT38%-J8(*[DQ9MG!"-D@*68d`J8&"$1P"33d&cE5"3B@jPE!"
--D@*68d`J8&"$1P*PHL"$Efe`D@aPFJ"-D@*$FRP`G'mJ8&"$1N4PBR9RCf9b)&*
-eER4TE@8!6'PL3h*jF(4[)&"33cT6Eh9bBf8J9(*PCA-!6'PL3h*jF(4[)&"33cT
-$GA0dEfdJ5f9jGfpbC(-!6'PL3h*jF(4[)&"33cT"Bf0PFh-J8'&dD(-!6'PL3h*
-jF(4[)&"33cT8BA*RCA3J8f9dG'PZCh-!6'PL3h*jF(4[)&"33cT'D@aP)%eKF("
-TEQGc!%aTBN0bHA"dEb"38%-k3R9TE'3J4AKdFQ&c!%aTBN0bHA"dEb"38%-k4'9
-LG@GRCA)J9'&bCf9d!%aTBN0bHA"dEb"38%-k0MK,)%0[C'9(C@i!6'PL3h*jF(4
-[)&"33cSf1%XJ4'PcBA0cC@eLE'9b!%aTBN0bHA"dEb"38%-k0MK,)%GXEf*KE#"
-2F(4TE@PkCA)!6'PL3h*jF(4[)&"33cSf1%XJ6'PZDf9b!%aTBN0bHA"dEb"38%-
-k0MK,)&"bEfTPBh3!6'PL3h*jF(4[)&"33cT$,d-V+b"$Efe`D@aPFJ"-D@*$FRP
-`G'mJ8&"$1N-[3bXV)&GKFQjTEQGc!%aTBN0bHA"dEb"38%-k3dC00MK,!%aTBN0
-bHA"dEb"38%-k6@&M6e-J6@9bCf8J8'&ZC@`!6'PL3h*jF(4[)&"33cT38%-J3fp
-NC8GPEJ"-D@*$FRP`G'mJ8&"$1P"33b"%DA0KFh0PE@*XCA)!6'PL3h*jF(4[)&"
-33cT38%-J4fa[BQ&X)%p`G'PYDATPFJ"-D@*$FRP`G'mJ8&"$1P"33b"-D@jVCA)
-!6'PL3h*jF(4[)&"33cT38%-J8%9'!%aTBN0bHA"dEb"38%-k8&"$)&"bEfTPBh3
-!6'PL3h*jF(4[)&"33cT38%0"FfdJ8'&ZC@`!6'PL3h*jF(4[)&"33cT5CASJ3fp
-YF'PXCA)!6'PL3h*jF(4[)$Bi5cT%C@*eCfGPFL"5G@jdD@eP!%aTBN0bHA"dEb!
-f1%Xk8fpeFQ0P)&4bC@9c!%aTBN0bHA"dEb!f1%Xk3h9cG'pY)%YPHAG[FQ4c!%a
-TBN0bHA"dEb!f1%Xk3@0MCA0c)&"KG'Kc!%aTBN0bHA"dEb!f1%Xk9'&bCf9d)&0
-PG(4TEQGc!%aTBN0bHA"dEb!f1%Xk4QPXC5"0BA"`D@jRF`"-D@*$FRP`G'mJ0MK
-,1N*eD@aN)%9iG(*KF`"-D@*$FRP`G'mJ0MK,1N4PBR9RCf9b)&4KFQGPG!"-D@*
-$FRP`G'mJ0MK,1MBi5b"$Ef4P4f9Z!%aTBN0bHA"dEb!f1%Xk0MK,)%4TFf&cFf9
-YBQaPFJ"-D@*$FRP`G'mJ0MK,1MBi5b"(E'pLB@`J6h"dD@eTHQ9b!%aTBN0bHA"
-dEb!f1%Xk0MK,)%aTEQYPFJ"-D@*$FRP`G'mJ0MK,1MBi5b"3FQpUC@0d!%aTBN0
-bHA"dEb!f1%Xk3bp$+bXJ3fpYF'PXCA)!6'PL3h*jF(4[)$Bi5cT$,d-V+b"ABA*
-ZD@jRF`"-D@*$FRP`G'mJ0MK,1N0'66Bi5`"-D@*$FRP`G'mJ0MK,1NeKBdp6)%e
-PFQGP)&"KEQ9X!%aTBN0bHA"dEb!f1%Xk8&"$)%0[C'9(C@i!6'PL3h*jF(4[)$B
-i5cT38%-J4'PcBA0cC@eLE'9b!%aTBN0bHA"dEb!f1%Xk8&"$)%GXEf*KE#"2F(4
-TE@PkCA)!6'PL3h*jF(4[)$Bi5cT38%-J6'PZDf9b!%aTBN0bHA"dEb!f1%Xk8&"
-$)&"&4J"-D@*$FRP`G'mJ0MK,1P"33b"3FQpUC@0d!%aTBN0bHA"dEb!f1%Xk8&"
-$3A0Y)&"KEQ9X!%aTBN0bHA"dEb!f1%Xk8Q9k)%0[EA"TE'9b!&"bEfTPBh3J4QP
-XC5"-DA0d!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!3!!!!!!!!!H!!!!!J!!!!!!!!!i!!!!!`!!!!!!!!"9!!!!"!!!!!!!!!"[!!!
-!"3!!!!!!!!#-!!!!"J!!!!!!!!#R!!!!"`!!!!!!!!$"!!!!#!!!!!!!!!$H!!!
-!#3!!!!!!!!$h!!!!#J!!!!!!!!%9!!!!#`!!!!!!!!%h!!!!$!!!!!!!!!&2!!!
-!$3!!!!!!!!&S!!!!$J!!!!!!!!'%!!!!$`!!!!!!!!'J!!!!%!!!!!!!!!'d!!!
-!%3!!!!!!!!(6!!!!%J!!!!!!!!(X!!!!%`!!!!!!!!)+!!!!&!!!!!!!!!)X!!!
-!&3!!!!!!!!*%!!!!&J!!!!!!!!*C!!!!&`!!!!!!!!*b!!!!'!!!!!!!!!+-!!!
-!'3!!!!!!!!+Q!!!!'J!!!!!!!!,$!!!!'`!!!!!!!!,F!!!!(!!!!!!!!!,i!!!
-!(3!!!!!!!!-4!!!!(J!!!!!!!!-Y!!!!(`!!!!!!!!0(!!!!)!!!!!!!!!0J!!!
-!)3!!!!!!!!0m!!!!)J!!!!!!!!18!!!!)`!!!!!!!!1a!!!!*!!!!!!!!!25!!!
-!*3!!!!!!!!2T!!!!*J!!!!!!!!3"!!!!*`!!!!!!!!3F!!!!+!!!!!!!!!3h!!!
-!+3!!!!!!!!4+!!!!+J!!!!!!!!4S!!!!+`!!!!!!!!5!!!!!,!!!!!!!!!5G!!!
-!,3!!!!!!!!5q!!!!,J!!!!!!!!69!!!!,`!!!!!!!!6T!!!!-!!!!!!!!!8"!!!
-!-3!!!!!!!!8D!!!!-J!!!!!!!!8c!!!!-`!!!!!!!!94!!!!0!!!!!!!!!9V!!!
-!03!!!!!!!!@)!!!!0J!!!!!!!!@L!!!!0`!!!!!!!!@r!!!!1!!!!!!!!!AD!!!
-!13!!!!!!!!Ad!!!!1J!!!!!!!!B4!!!!1`!!!!!!!!BU!!!!2!!!!!!!!!C)!!!
-!23!!!!!!!!CU!!!!2J!!!!!!!!D#!!!!2`!!!!!!!!DE!!!!3!!!!!!!!!Dh!!!
-!33!!!!!!!!E6!!!!3J!!!!!!!!ER!!!!3`!!!!!!!!F'!!!!4!!!!!!!!!FI!!!
-!43!!!!!!!!Fp!!!!4J!!!!!!!!GI!!!!4`!!!!!!!!Gh!!!!5!!!!!!!!!H-!!!
-!53!!!!!!!!HP!!!!5J!!!!!!!!Hr!!!!5`!!!!!!!!IC!!!!6!!!!!!!!!Ie!!!
-!63!!!!!!!!J0!!!!6J!!!!!!!!JS!!!!6`!!!!!!!!K!!!!!8!!!!!!!!!KE!!!
-!83!!!!!!!!Kd!!!!8J!!!!!!!!L-!!!!8`!!!!!!!!LR!!!!9!!!!!!!!!Lq!!!
-!93!!!!!!!!MD!!!!9J!!!!!!!!Mk!!!!9`!!!!!!!!N3!!!!@!!!!!!!!!NR!!!
-!@3!!!!!!!!P"!!!!@J!!!!!!!!PE!!!!@`!!!!!!!!PY!!!!A!!!!!!!!!Q+!!!
-!A3!!!!!!!!QK!!!!AJ!!!!!!!!Qp!!!!A`!!!!!!!!RG!!!!B!!!!!!!!!Rc!!!
-!B3!!!!!!!!S'!!!!BJ!!!!!!!!SG!!!!B`!!!!!!!!Se!!!!C!!!!!!!!!T0!!!
-!C3!!!!!!!!TU!!!!CJ!!!!!!!!U$!!!!C`!!!!!!!!UI!!!!D!!!!!!!!!Ui!!!
-!D3!!!!!!!!V8!!!!DJ!!!!!!!!VZ!!!!D`!!!!!!!!X(!!!!E!!!!!!!!!XM!!!
-!E3!!!!!!!!Xl!!!!EJ!!!!!!!!YB!!!!E`!!!!!!!!Yj!!!!F!!!!!!!!!Z3!!!
-!!(%!!!!!!!!,U!!!!()!!!!!!!!,``!!!(-!!!!!!!!,hJ!!!(3!!!!!!!!,m3!
-!!(8!!!!!!!!-$`!!!(B!!!!!!!!-*`!!!(F!!!!!!!!-4!!!!(J!!!!!!!!-C3!
-!!(N!!!!!!!!-I!!!!(S!!!!!!!!-N!!!!!"l!!!!!!!!$+J!!!"m!!!!!!!!$-%
-!!!"p!!!!!!!!$0S!!!"q!!!!!!!!$2B!!!"r!!!!!!!!$3i!!!#!!!!!!!!!$5N
-!!!#"!!!!!!!!$8%!!!##!!!!!!!!$9`!!!#$!!!!!!!!$A8!!!#%!!!!!!!!$Bd
-!!!#&!!!!!!!!$DJ!!!#'!!!!!!!!$Em!!!#(!!!!!!!!$GX!!!#)!!!!!!!!$IX
-!!!#*!!!!!!!!$K%!!!#+!!!!!!!!$LJ!!!#,!!!!!!!!$N)!!!#-!!!!!!!!$P`
-!!!#0!!!!!!!!$Qi!!!#1!!!!!!!!$SX!!!#2!!!!!!!!$U)!!!#3!!!!!!!!!!k
-q!!!!N3!!!!!!!!lH!!!!NJ!!!!!!!!ld!!!!N`!!!!!!!!m(!!!!P!!!!!!!!!m
-H!!!!P3!!!!!!!!mf!!!!PJ!!!!!!!!p1!!!!P`!!!!!!!!pY!!!!Q!!!!!!!!!q
-)!!!!Q3!!!!!!!!qQ!!!!QJ!!!!!!!!r"!!!!Q`!!!!!!!!rI!!!!R!!!!!!!!!r
-l!!!!R3!!!!!!!"!@!!!!RJ!!!!!!!"!d!!!!R`!!!!!!!""1!!!!S!!!!!!!!""
-Y!!!!S3!!!!!!!"#3!!!!!+)!!!!!!!!3U3!!!+-!!!!!!!!3``!!!+3!!!!!!!!
-3i!!!!+8!!!!!!!!3r3!!!+B!!!!!!!!4%J!!!+F!!!!!!!!4-J!!!+J!!!!!!!!
-46!!!!+N!!!!!!!!4D`!!!+S!!!!!!!!4MJ!!!+X!!!!!!!!4T`!!!+`!!!!!!!!
-4[3!!!+d!!!!!!!!4e`!!!+i!!!!!!!!4mJ!!!+m!!!!!!!!5$3!!!,!!!!!!!!!
-5,!!!!,%!!!!!!!!54`!!!,)!!!!!!!!5C3!!!,-!!!!!!!!5J!!!!,3!!!!!!!!
-5RJ!!!,8!!!!!!!!5ZJ!!!,B!!!!!!!!5e3!!!,F!!!!!!!!5m`!!!,J!!!!!!!!
-6$3!!!,N!!!!!!!!6,!!!!,S!!!!!!!!66`!!!,X!!!!!!!!6D!!!!,`!!!!!!!!
-6JJ!!!,d!!!!!!!!6R`!!!,i!!!!!!!!6[!!!!,m!!!!!!!!6d3!!!-!!!!!!!!!
-6m3!!!-%!!!!!!!!8#`!!!-)!!!!!!!!8+J!!!--!!!!!!!!863!!!-3!!!!!!!!
-8CJ!!!-8!!!!!!!!8I!!!!-B!!!!!!!!8PJ!!!-F!!!!!!!!8X3!!!-J!!!!!!!!
-8c!!!!-N!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!1J!!!$X!!!!m!!!!23!!!$i!!!!e!!!!1!!!!$m!!!"!!!!!33!!!$3!!!!b!!!
-!13!!!$F!!!"#!!!!3`!!!%3!!!"&!!!!4J!!!%F!!!")!!!!53!!!%S!!!!c!!!
-!0J!!!!J!!!!*!!!!#J!!!!X!!!!-!!!!!`!!!!B!!!!0!!!!$J!!!!m!!!!#!!!
-!!!!!!!F!!!!&!!!!%!!!!"%!!!!5!!!!%`!!!"3!!!!9!!!!&J!!!"F!!!!B!!!
-!!3!!!!3!!!#h!!!!Z!!!!,N!!!#k!!!!Z`!!!,)!!!#e!!!![!!!!,d!!!#q!!!
-!X3!!!+m!!!#f!!!!Y!!!!,m!!!$!!!!!`3!!!-)!!!$$!!!!a!!!!-8!!!$'!!!
-!a`!!!,!!!!#c!!!!RJ!!!*m!!!#J!!!!S3!!!+)!!!#C!!!!R!!!!+-!!!#N!!!
-!T3!!!*J!!!#@!!!!R3!!!*X!!!#Q!!!!T`!!!+J!!!#T!!!!UJ!!!+X!!!#X!!!
-!V3!!!+i!!!#A!!!!QJ!!!&-!!!"8!!!!93!!!&B!!!"A!!!!6J!!!&%!!!"B!!!
-!@3!!!&S!!!"0!!!!5`!!!&)!!!"3!!!!@`!!!&`!!!"G!!!!AJ!!!&m!!!"J!!!
-!B3!!!')!!!"M!!!!6!!!!%m!!!#&!!!!KJ!!!)F!!!#)!!!!L3!!!)!!!!#$!!!
-!LJ!!!)X!!!#-!!!!I`!!!(d!!!#%!!!!JJ!!!)d!!!#1!!!!M`!!!*!!!!!!N3!
-!!*)!!!#6!!!!P!!!!*8!!!"q!!!!J3!!!'`!!!"Y!!!!EJ!!!'m!!!"`!!!!C`!
-!!'S!!!"a!!!!FJ!!!(-!!!"Q!!!!C!!!!'X!!!"T!!!!G!!!!(8!!!"f!!!!G`!
-!!(J!!!"j!!!!HJ!!!(X!!!"m!!!!C3!!!'J!!!!K!!!!)J!!!#-!!!!N!!!!*3!
-!!"`!!!!I!!!!*J!!!#F!!!!S!!!!'`!!!"N!!!!J!!!!(J!!!#N!!!!U!!!!+`!
-!!#`!!!!Y!!!!,J!!!#m!!!!`!!!!-3!!!"S!!!!G!!!!b!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!690-)%-Z8&"$,NaTBJ"*ER4
-PFQCKBf9-D@)!6@&dD%aTBJ"08d`J8R9ZG'PYC9"33bj-D@)!6h"PEP4`G%PZCA4
-38%-ZE`"2F'9Z9("d5@jdCA*ZCA4-D@)!6h"PEP4bB@jcF'pbG%9iG'j38%-ZE`"
-2F'9Z9(*KER0`Eh*d6'PL!&4SFQ9KC(0-D@)!BQP[Ah0cE#jM!(-b-epME'jd,Q-
-!Fc)cAfaTBLjM!(-b-epYCA4S,Q-!Fc)cAh"VG#jM!(-b-epcFRCb,Q-!Fc*IBfa
-ZG#jM!(-bAf9ZBbjM!(-bAfaTBLjM!(-bAfePG'JZB`"c-Pp`Dh3ZB`"c-PpcFRC
-b,Q-!Fc0IBQpdD#jM!(-cAf0XER3ZB`"c-epPEQ-ZB`"c-epXD@)ZB`"c-epYCA4
-S,Q-!Fc0IF'Yd,Q-!Fc0IFh*fFLjM!(0cE&pKE'Gc,Q-!Fh0XAf&cEM%ZB`"cFfa
-IBf9bG#jM!(0cE&pMDA"S,Q-!Fh0XAf9bFLjM!(0cE&pPFR)b,Q-!Fh0XAfaTBLj
-M!(0cE&pbFf%ZB`"cFfaIFf9cFbjM!(0cE&pcG'&d,Q-!Fh0XAh4iG#jM!(3aAf0
-XER3ZB`"d-9pPEQ-ZB`"d-9pXD@)ZB`"d-9pYCA4S,Q-!G$&IFh*fFLjM!'&cEM&
-ICA*b,Q-!BA0Z-9pXD@)ZB`"KFfiaAh"KFLjM!'&cEPp`B@0V,Q-!B9pLDA4cG()
-ZB`"KAf*YF#jM!'&IBQp[E#jM!'&IBRPdCA-ZB`"KAf3bD9pQF#jM!'&IC'PRCA0
-d,Q-!B9pNGA!ZB`"KAf9ZG@dZB`"KAfGPER4Y,Q-!B9pSC()ZB`"KAfNbC&pQF#j
-M!'&ID@jd,Q-!B9pYCA4S,Q-!B9p[BQTPBh3ZB`"KAfpMG'9d,Q-!B9p`FQPZG#j
-M!'&IFf9d,Q-!B9pcD@GZ,Q-!B9pdD@eP,Q-!B9pdHA"P,Q-!B9peG'0dE5jM!'&
-IGA4Q1#jM!'&IGQ9bD@Cj,Q-!B9pfDA-ZB`"N-QPIC'K`,Q-!C$*TAf4cBA!ZB`"
-N-QPIF()ZB`"N-QPIF(8ZB`"N-QPIFPp`FLjM!'3bD9pbAh"e,Q-!C$*TAh0IF()
-ZB`"N-QPIFep`G5jM!'9fF&pKFfia,Q-!CPpPER9Y,Q-!CPpTER3ZB`"QAh0dFQP
-ZCbjM!'NbC&pND(!ZB`"T-Q4IC(0KF#jM!'NbC&p`FLjM!'NbC&p`G5jM!'NbC&p
-bAh"b,Q-!D6*NAh*IF(8ZB`"T-Q4IFep`FLjM!'NbC&pcAh"e,Q-!ER0cCA%ZB`"
-ZAh"VCANZB`"`09p`BQ8ZB`"`09p`BQ9f-LjM!(!hAf4RFh3ZB`"`0epPEQ-ZB`"
-`0epPEQ0IBbjM!(!hAf9fF#jM!(!hAfPIFbjM!(!hAfaTBLjM!(!hAh*PBfP`,Q-
-!F$GIFfPREQ3ZB`"`0epcD@GZD5jM!(!hAh0IC5jM!(!iAh"VCANZB`"dAf0bE#j
-M!(4IF'YPH5jM!(4IFQ9a,Q-!G&pi06!j,Q-!H&pKE'G[FLjM!(KIBA4dFQPL,Q-
-!H&pMD@jQ,Q-!H&pMFQ`ZB`"iAf9iG'9Z,Q-!H&pTEQC[,Q-!H&pZB@eP,Q-!H&p
-`Df9j,Q-!H&p`G@*VCANZB`"iAh*PF5jM!(KIFfPR,Q-!H&pcF'YT,Q-!H&pfB@`
-ZB`"iAhJe-$NZB`"LCPpMCQ)f0#jM!'*QAf9MBLjM!'*QAf9ZBbjM!'*QAfpQBMB
-d,Q-!BQCIFfYPH5jM!'*TEepPFR)ZB`"LD@pIE'PL,Q-!BR0cAh0[BfXZB`"LEPp
-KC'3ZB`"LEPpKFfdZB`"LEPpLE'PZC#jM!'*ZAf4TGLjM!'*ZAf9bFLjM!'*ZAf9
-iF#jM!'*ZAf9iF$)ZB`"LEPpRBf3ZB`"LEPpXD@)ZB`"LEPpYEfjd,Q-!BQjIEA"
-T,Q-!BQjIEA9X,Q-!BQjIF(*TE@8ZB`"LEPp`FQPZG#jM!'*ZAh*KEQ3ZB`"LEPp
-bC@0`,Q-!BQjIFfKTCR3ZB`"LEPpcFA)ZB`"LEPphEh*N,Q-!BR9QCQ9b,Q-!BR9
-QAf9bFLjM!'0IBfCL0M3ZB`"MAf9MBLjM!'0IC@jM,Q-!Bep[CQ)f0#jM!'0IFfY
-PH5jM!'0[EA"IE'PL,Q-!BepbE'8ZB`"MAhTXD@)ZB`"MEfjQ,Q-!BfpZCPpPFR)
-ZB`"MBQ0IBfYcE5jM!'0LBepPEQ-ZB`"MCQ)f0'9NC5jM!'0QBMBdC@jM,Q-!BfC
-LAf9ZBbjM!'4PFepPEQ-ZB`"PBf)cAf9ZBbjM!'9MBPpPEQ-ZB`"PC'9IBf*ME9p
-PEQ-ZB`"PEQ0IFQ9KC#jM!'CMFRP`G#jM!'CMFRP`G&pL,Q-!EfCL0M4PC'8ZB`"
-[CQ)f0'9ZBbjM!'pQBPpPEQ-ZB`"`Bf*MAf9ZBbjM!(&eC&pMDh0Y,Q-!FQ&ZC&p
-VCANZB`"bC@&N-R"hC#jM!(*PB@4IF(GN,Q-!FR"MAf9ZBbjM!(0PG&pVCANZB`"
-cG()bDf9j,Q-!Fh9`F#jM!(KMBQ0IC@jM,Q-!C'KIBfKPBfXZB`"ND&pPFR)ZB`"
-ND&pRC@iZB`"ND&pVCANZB`"ND&pXD@)ZB`"NFf&IBA0Z-5jM!'4cB9pPFR)ZB`"
-NFf&ICf9Z,Q-!C(0KAfYPH5jM!'4cB9pXD@)ZB`"NFf&IFfPRELjM!'4cB9pfFQB
-ZB`"PFR)ZB`"PFR*IB@aX,Q-!CA*bAh"bELjM!'*TEepL0M3ZB`"LD@pIC@jM,Q-
-!BQP[AfeN,Q-!BQP[AfpV,Q-!BepKE'`ZB`"ND@GPFh3ZB`"PEQ0[C'8ZB`"PGR"
-IC@jM,Q-!CAC`Af9bFLjM!'9fF&pVCANZB`"PGR"IE'PL,Q-!CAC`Ah"LC5jM!'9
-fF&p`Df9j,Q-!C9pMBQ0I-f3ZB`"PAf0LBepLCLjM!'9IBf*MAf-ZB`"PAf0LBep
-N,Q-!C9pMBQ0ID5jM!'9IBf*MAh)b,Q-!C9pMBQ0IFM8ZB`"PAf0QBPmcC#jM!'9
-IBfCLAf*Q,Q-!C9pMCQ*IBbjM!'9IBfCLAf3ZB`"PAf0QBPpT,Q-!C9pMCQ*IFM)
-ZB`"PAf0QBPpb05jM!'9IC@0LAc0N,Q-!C9pPBf*IBQBZB`"PAf9MBPpM,Q-!C9p
-PBf*IC#jM!'9IC@0LAfNZB`"PAf9MBPpb-LjM!'9IC@0LAh)e,Q-!C9pZG@aX,Q-
-!C9p[CQ*I-f3ZB`"PAfpQBPpLCLjM!'9IEfCLAf-ZB`"PAfpQBPpN,Q-!C9p[CQ*
-ID5jM!'9IEfCLAh)b,Q-!C9p[CQ*IFM8ZB`"PAh*M0#jM!'9IH'0LBepN,Q-!E9p
-NFh-ZB`"YAf4cFc%ZB`"YAfeN-LjM!'eIE@3e,Q-!E9pYC'-b,Q-!E9pZG@aX,Q-
-!E9pbDA"PE@3ZB`"YAh0SB5jM!'eIFfKK-5jM!'jKE@9c,Q-!F&pNC@-ZB`"`Af9
-ZBbjM!("IE'PL,Q-!F&p[F'9Z,Q-!F&pcC@&X,Q-!F&pcD@GZ,Q-!F&pfCA*TCRN
-ZB`"SE@&M,Q-!D9pMBQ-ZB`"TAf0QBMBd,Q-!D9pPBf)ZB`"TAfpQBMBd,Q-!D9p
-cDf9j,Q-!E'KKFfJZB`"XD&pcG'&dFbjM!'eN-PpNCh0d,Q-!E@3bAfpZC5jM!'e
-N09pNCh0d,Q-!E@3eAfpZC5jM!'eNBc*NCh0d,Q-!E@4M-Pp[EQ8ZB`"[BQTIC'&
-d,Q-!Ef*UAf9bFLjM!'pLDPpXD@)ZB`"[AfjKE@9c,Q-!F'9YAf&XE#jM!("PE9p
-PFR)ZB`"`C@eID@jQEbjM!("PE9pXD@)ZB`"`C@eIFf9KE#jM!("PE9pcD@GZ,Q-
-!F$%bAf&NC#jM!(!a-PpKG(4b,Q-!F$%bAf*KCh-ZB`"`-6*IBh*`G#jM!(!a-Pp
-MFR3ZB`"`-6*IC'9MFLjM!(!a-PpTEQPd,Q-!F$%bAfYPH5jM!(!a-PpVDA0c,Q-
-!F$%bAfaTBLjM!(!a-PpYB@-ZB`"`-6*IEA9dE#jM!(!a-PpcBQ&R,Q-!F$%bAh9
-dE#jM!("V-6*PFR)ZB`"`DcGIC'pTG#jM!("V0epXD@)ZB`"`Df0c0f9bFLjM!'e
-NAh*KEQ3ZB`"bB@jNCQPXC5jM!(*KEQ4IE'PL,Q-!FQ-bBfCL0M3ZB`"bBc*[CQ)
-f0#jM!(*M-PpMBQ-ZB`"bBc*IC@0L,Q-!FQ-bAh0VCANZB`"bBc4IC@jM,Q-!FQ-
-dAh0VCANZB`"bBc9MCQ)f0#jM!(*M0@pQBMBd,Q-!FQ-eAf9MBLjM!(*M09pPEQ-
-ZB`"bBc9IFfYPH5jM!(*YC&pNCh0d,Q-!FQeNAfpZC5jM!(*cB9pPBANZB`"bFf&
-ICA*b,Q-!FR0KAfGPELjM!(*cB9pXD@)ZB`"bFf&IEQpZC5jM!(*cB9p[B@9`,Q-
-!FR0KAh"V-5jM!(*cB9pcB@pc,Q-!FR0KAh0TCfiZB`"bFf&IFh0X,Q-!FfKK-@4
-RFh3ZB`"cD'%aAfpZC5jM!(0SB9pNCh0d,Q-!FfKKAfpZC5jM!(0dB@0V,Q-!G(K
-dAf4L,Q-!BRPIC'Pb,Q-!BRPICQPXC5jM!(Je-$PZB@eP,Q-!H$8`1A*cCA3ZB`"
-i06!jG(P`C5jM!(Je-$PIBfe`,Q-!H$8`19pN-LjM!(Je-$PIC'9Q,Q-!H$8`19p
-PFR)ZB`"i06!jAf9iG#jM!(Je-$PIE(8ZB`"i06!jAfpLDLjM!(Je-$PIFM*i,Q-
-!H$8`19pbCA%ZB`"i06!jAh0PG#jM!(Je-$PIG(Kd,Q-!H$8`19pf-bjM!(Je-$P
-IGQCj,Q-!H&pKE'`ZB`"f-f9bFLjM!(BcAf&VCANZB`"f-epKE(3ZB`"f-epLBfp
-ZFbjM!(BcAf*TG(0d,Q-!GM0IBfpZCLjM!(BcAf0`Efac,Q-!GM0IBh*XC#jM!(B
-cAf9ZG@dZB`"f-epPH(4VG5jM!(BcAfGPEQiZB`"f-epTB68ZB`"f-epTER3ZB`"
-f-epXD@)ZB`"f-ep`Dh8ZB`"f-ep`FQiZB`"f-epcDf9j,Q-!GM0IFhKZCA3ZB`"
-f-epeG'`ZB`"MF(4ICA*b,Q-!Bh*jF(4XD@)ZB`"PH&pNBA4K,Q-!E@9Y,Q-!690
--)&0*6e9B,P"33bj-D@)!BQCIBR9QCLjM!(KIH$8`1@%ZB`"NFf&IEh0cE#jM!(J
-e-$PcF'YT,Q-!H$8`19pdFR-ZB`"f-ep`GA*`,Q-!GM0ID@jQEbjM!'*IF(*TER3
-ZB`"KAfeLFh4b,Q-!G&pcF'YT,Q-!G&pi06!jB5jM!(4IBQPdFh3ZB`"KAh0dFQj
-TC#jM!'*TEepMBLjM!'*cFepYC@dZB`"LFh0ICQ3ZB`"LFh0ICQPXC5jM!'*cFep
-ZG@aX,Q-!BQCIER9XE#jM!'*QAfjLD@mZB`"LFh0IBQP[,Q-!BPpNG@e`,Q-!C@j
-MAhGbDA3ZB`"`09pMFR"d,Q-!F$9IBh*`G$)ZB`"`-6*IER"KFbjM!("V0epKG(4
-b,Q-!F'XhAfeTE@8ZB`"`DcGIFfeTE@8ZB`"bFf&IBfKV,Q-!FR0KAfjeE'`ZB`"
-MGQ9bFfP[ELjM!%038h4bD@jR9A4TE(-ZBh"`!%9bFQpb5'&ZC'aTEQFZBh"`!%G
-PG%K89&"6,Q0`F!"0B@06Ef0VCA3ZBh"`!'ePE9pNBQFZB`"36&0dFQPZCdCeEQ0
-c8&"$,QaTBJ"LEPpMG(JZB`"bB@jNAf9bFLjM!&*KEQ4[E@PkCA)ZBh"`!(J!BA"
-`FbjM!'&`F&pbB@jN,Q-!BA0Z-A"KFR-ZB`"MB5jM!'0TF'KPFR-ZB`"MFQ`ZB`"
-MFQ`bF$FZB`"NCh0d,Q-!C'JZB`"NFf%ZB`"NFf&`BA*KE5jM!'9ZBbjM!'9bFR0
-dFLjM!'GPEQ4S,Q-!Cf9ZC(0K,Q-!Cf9ZFR0K,Q-!ER0PF5jM!'p`C@jcFf`ZB`"
-`Df0c-6)ZB`"`Df0c0bjM!("VBh-i,Q-!FQ9a,Q-!FR0K,Q-!Ff9cFepTC#jM!(0
-YD@eP,Q-!Fh"PC@3ZB`"cF'YKBbjM!(0IBf)ZB`"cAf0XD@9ZG#jM!(0IFf9bGQ9
-b,Q-!FepcEf0VCA3ZB`"fCA*TCRNZB`"fCA*cD@pZ,Q-!H$8`15jM!(0IG'PYC5j
-M!%G98dPI5@jTG#jMF(!!4e9659p$Eh*P,P"33bj-D@)!4e9659p08d`Z8&"$,Na
-TBJ"(990*Ae0*6e9B,P"33bj-D@)!1NaTBP066#j38%-Z6'PL!$T-D@*$FRP`G'm
-Z8&"$,NaTBJ"0B@028bjXD@)!690-)&*eER4TE@8f1%XZ6'PL!%p`C@j8F(4*EQ9
-d,Qm!6h"PEP4bB@jcF'pbG#j[!%p`C@j8FQ&ZFh"[FR4"F(!ZE`"08d`J8dP299J
-Z0MK,,NaTBJ"08d`J3bif1%XJ4Q%S0'PI1'3T,NaTBJ"0BA4S6'PL0MK,)%CK+$4
-TAcKN+5j-D@)!4QPbFh3J8f9RE@9ZG!"(990*Ad0[FQ8Z0MK,,NaTBJ"(990*Ade
-66#if1%XZ6'PL!%G98dPI8dP299JZ0MK,,NaTBJ!k6'PL3h*jF(4[,MBiDb"'B5J
-dD9miC#NZ6'PL!%aTBP066#if1%XJ4Q%S0'PI1'3T,NaTBJ"(CA4)9&438b"38%-
-!6h"PEP066#"38%-!4f9d5&488&-J0MK,!%aTBP066#!f1%X!6h"PEP066#!f1'X
-!6'PL8e0-)&"33`"-D@*$FRP`G'mJ8&"$!%aTBN0bHA"dEb!f1%X!1NGPG%K89&"
-6+&"33bN!6'PL)%PYF'pbG#"38%-!3Q&XE'p[EL")C@a`!%eA)%-[3bXV)&"33`"
-(B@eP3fpNC5"$EfjfCA*dCA)!4QaPH#"3FQ9`FQpMCA0cEh)!69FJ8'&cBf&X)&"
-33`"5CAS!8&"$3A0Y!%*TFfpZ)&"bCA"bEf0PFh0[FJ"B3dp'4L"*EA"[FR3J8&"
-$!&"&4L"*EA"[FR3J8&"$!$T2F'9Z8e0-!$T(CA4)9&438bJf1%XT!%aTBL"*EA"
-[FR3J0MK,!%e39b"*EA"[FR3J0MK,!%eA)%-[3bXV)$Bi5`"09b"3BA0MB@`J0MK
-,!&"&4L"*EA"[FR3J0MK,!$T-D@*68d`Z0MK,)%CK+$4TAcKN+5j-D@)!1Np`C@j
-68d`S0MKV+3"0B@028b"38%-J6'PZDf9b!%eKBdp6)$Bi5b"-D@jVCA)!8fpeFQ0
-P)&4bC@9c!%0eFh4[E5",CAPhEh*NF`""Bf0PFh-J8'&dD(-!9'&bCf9d)&0PG(4
-TEQGc!%CTE'8J6@&`F'PZCh-!3R9TE'3J4AKdFQ&c!%4PBR9RCf9b)&*eER4TE@8
-!4'9LG@GRCA)J9'&bCf9d!%-[3bXV)%0[EA"TE'9b!%-[3bXV)&GKFQjTEQGc!&"
-33b"$Ef4P4f9Z!&"33b"%DA0KFh0PE@*XCA)!8&"$)%GXEf*KE#"2F(4TE@PkCA)
-!8&"$)%aTEQYPFJ"38%-J8%9'!&"33b"3FQpUC@0d!&"33d&cE5"3B@jPE!"5CAS
-J3fpYF'PXCA)!0MK,)%0[C'9(C@i!0MK,)%4TFf&cFf9YBQaPFJ!f1%XJ4fa[BQ&
-X)%p`G'PYDATPFJ!f1%XJ6'PZDf9b!$Bi5b"3FQpUC@0d!%0'66Bi5`!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!!!!!!!!$J!
-!!!)!!!!!!!!!'`!!!!-!!!!!!!!!)`!!!!3!!!!!!!!!0J!!!!8!!!!!!!!!4`!
-!!!B!!!!!!!!!@J!!!!F!!!!!!!!!F3!!!!J!!!!!!!!!JJ!!!!N!!!!!!!!!M3!
-!!!S!!!!!!!!!P`!!!!X!!!!!!!!!SJ!!!!`!!!!!!!!!V!!!!!d!!!!!!!!!Y`!
-!!!i!!!!!!!!!`3!!!!m!!!!!!!!!c!!!!"!!!!!!!!!!eJ!!!"%!!!!!!!!!h`!
-!!")!!!!!!!!!k!!!!"-!!!!!!!!!mJ!!!"3!!!!!!!!!q`!!!"8!!!!!!!!""3!
-!!"B!!!!!!!!"$`!!!"F!!!!!!!!"'3!!!"J!!!!!!!!")J!!!"N!!!!!!!!"+`!
-!!"S!!!!!!!!"03!!!"X!!!!!!!!"2J!!!"`!!!!!!!!"5!!!!"d!!!!!!!!"8`!
-!!"i!!!!!!!!"AJ!!!"m!!!!!!!!"D3!!!#!!!!!!!!!"G!!!!#%!!!!!!!!"IJ!
-!!#)!!!!!!!!"L3!!!#-!!!!!!!!"N`!!!#3!!!!!!!!"R3!!!#8!!!!!!!!"U!!
-!!#B!!!!!!!!"X`!!!#F!!!!!!!!"[3!!!#J!!!!!!!!"a`!!!#N!!!!!!!!"d!!
-!!#S!!!!!!!!"f3!!!#X!!!!!!!!"i`!!!#`!!!!!!!!"l3!!!#d!!!!!!!!"q!!
-!!#i!!!!!!!!#!`!!!#m!!!!!!!!#$J!!!$!!!!!!!!!#'3!!!$%!!!!!!!!#*!!
-!!$)!!!!!!!!#,!!!!$-!!!!!!!!#03!!!$3!!!!!!!!#2`!!!$8!!!!!!!!#5J!
-!!$B!!!!!!!!#93!!!$F!!!!!!!!#A3!!!$J!!!!!!!!#CJ!!!$N!!!!!!!!#F!!
-!!$S!!!!!!!!#H!!!!$X!!!!!!!!#J`!!!$`!!!!!!!!#L`!!!$d!!!!!!!!#P!!
-!!$i!!!!!!!!#R`!!!$m!!!!!!!!#U3!!!%!!!!!!!!!#X`!!!%%!!!!!!!!#Z`!
-!!%)!!!!!!!!#a!!!!%-!!!!!!!!#c3!!!%3!!!!!!!!#eJ!!!%8!!!!!!!!#i!!
-!!%B!!!!!!!!#k3!!!%F!!!!!!!!#p!!!!%J!!!!!!!!#r!!!!%N!!!!!!!!$"J!
-!!%S!!!!!!!!$%3!!!%X!!!!!!!!$'J!!!%`!!!!!!!!$)`!!!%d!!!!!!!!$,J!
-!!%i!!!!!!!!$13!!!%m!!!!!!!!$4!!!!&!!!!!!!!!$6`!!!&%!!!!!!!!$@J!
-!!&)!!!!!!!!$B`!!!&-!!!!!!!!$D`!!!&3!!!!!!!!$GJ!!!&8!!!!!!!!$J!!
-!!&B!!!!!!!!$L`!!!&F!!!!!!!!$P!!!!&J!!!!!!!!$R3!!!&N!!!!!!!!$U!!
-!!&S!!!!!!!!$X`!!!&X!!!!!!!!$[J!!!&`!!!!!!!!$b3!!!&d!!!!!!!!$d3!
-!!&i!!!!!!!!$fJ!!!&m!!!!!!!!$i`!!!'!!!!!!!!!$lJ!!!'%!!!!!!!!$q!!
-!!')!!!!!!!!%!3!!!'-!!!!!!!!%$!!!!'3!!!!!!!!%&3!!!'8!!!!!!!!%(J!
-!!'B!!!!!!!!%*`!!!'F!!!!!!!!%-J!!!'J!!!!!!!!%23!!!'N!!!!!!!!%5!!
-!!'S!!!!!!!!%83!!!'X!!!!!!!!%@`!!!'`!!!!!!!!%B`!!!'d!!!!!!!!%E!!
-!!'i!!!!!!!!%G!!!!'m!!!!!!!!%I3!!!(!!!!!!!!!%K`!!!(%!!!!!!!!%NJ!
-!!()!!!!!!!!%Q`!!!(-!!!!!!!!%S`!!!(3!!!!!!!!%V3!!!(8!!!!!!!!%YJ!
-!!(B!!!!!!!!%[`!!!(F!!!!!!!!%b!!!!(J!!!!!!!!%d`!!!(N!!!!!!!!%f`!
-!!(S!!!!!!!!%i`!!!(X!!!!!!!!%l!!!!(`!!!!!!!!%p!!!!(d!!!!!!!!%r3!
-!!(i!!!!!!!!&#!!!!(m!!!!!!!!&%3!!!)!!!!!!!!!&'J!!!)%!!!!!!!!&*3!
-!!))!!!!!!!!&,`!!!)-!!!!!!!!&13!!!)3!!!!!!!!&3`!!!)8!!!!!!!!&6J!
-!!)B!!!!!!!!&9`!!!)F!!!!!!!!&B!!!!)J!!!!!!!!&D`!!!)N!!!!!!!!&G!!
-!!)S!!!!!!!!&I3!!!)X!!!!!!!!&KJ!!!)`!!!!!!!!&N!!!!!#0!!!!!!!!"CN
-!!!#1!!!!!!!!"D)!!!#2!!!!!!!!"D`!!!#3!!!!!!!!!!@e!!!!N3!!!!!!!!@
-q!!!!NJ!!!!!!!!A*!!!!N`!!!!!!!!A8!!!!P!!!!!!!!!AH!!!!P3!!!!!!!!A
-S!!!!PJ!!!!!!!!Ac!!!!P`!!!!!!!!Am!!!!Q!!!!!!!!!B'!!!!Q3!!!!!!!!B
-2!!!!QJ!!!!!!!!BC!!!!Q`!!!!!!!!BM!!!!R!!!!!!!!!BV!!!!R3!!!!!!!!B
-c!!!!RJ!!!!!!!!Bp!!!!R`!!!!!!!!C'!!!!S!!!!!!!!!C4!!!!S3!!!!!!!!C
-C!!!!SJ!!!!!!!!CL!!!!S`!!!!!!!!CT!!!!T!!!!!!!!!Cd!!!!T3!!!!!!!!C
-r!!!!TJ!!!!!!!!D*!!!!T`!!!!!!!!D8!!!!U!!!!!!!!!DI!!!!U3!!!!!!!!D
-T!!!!UJ!!!!!!!!Dc!!!!U`!!!!!!!!Dq!!!!V!!!!!!!!!E)!!!!V3!!!!!!!!E
-A!!!!VJ!!!!!!!!EL!!!!V`!!!!!!!!EV!!!!X!!!!!!!!!Ef!!!!X3!!!!!!!!F
-"!!!!XJ!!!!!!!!F-!!!!X`!!!!!!!!F@!!!!Y!!!!!!!!!FK!!!!Y3!!!!!!!!F
-X!!!!YJ!!!!!!!!Fh!!!!Y`!!!!!!!!G#!!!!Z!!!!!!!!!G0!!!!Z3!!!!!!!!G
-A!!!!ZJ!!!!!!!!GK!!!!Z`!!!!!!!!GV!!!![!!!!!!!!!Gb!!!![3!!!!!!!!G
-p!!!![J!!!!!!!!H)!!!![`!!!!!!!!H4!!!!`!!!!!!!!!HD!!!!`3!!!!!!!!H
-M!!!!`J!!!!!!!!HX!!!!``!!!!!!!!Hh!!!!a!!!!!!!!!I"!!!!a3!!!!!!!!I
-,!!!!aJ!!!!!!!!I9!!!!a`!!!!!!!!II!!!!b!!!!!!!!!IU!!!!b3!!!!!!!!I
-d!!!!bJ!!!!!!!!Ik!!!!b`!!!!!!!!J%!!!!c!!!!!!!!!J1!!!!c3!!!!!!!!J
-B!!!!cJ!!!!!!!!JL!!!!c`!!!!!!!!JV!!!!d!!!!!!!!!Jd!!!!d3!!!!!!!!J
-m!!!!dJ!!!!!!!!K&!!!!d`!!!!!!!!K1!!!!e!!!!!!!!!KB!!!!e3!!!!!!!!K
-L!!!!eJ!!!!!!!!KX!!!!e`!!!!!!!!Kf!!!!f!!!!!!!!!L!!!!!f3!!!!!!!!L
-,!!!!fJ!!!!!!!!L@!!!!f`!!!!!!!!LK!!!!h!!!!!!!!!LV!!!!h3!!!!!!!!L
-e!!!!hJ!!!!!!!!Lr!!!!h`!!!!!!!!M+!!!!i!!!!!!!!!M9!!!!i3!!!!!!!!M
-J!!!!iJ!!!!!!!!MV!!!!i`!!!!!!!!Me!!!!j!!!!!!!!!Mr!!!!j3!!!!!!!!N
-*!!!!jJ!!!!!!!!N8!!!!j`!!!!!!!!NI!!!!k!!!!!!!!!NU!!!!k3!!!!!!!!N
-e!!!!kJ!!!!!!!!Nr!!!!k`!!!!!!!!P*!!!!l!!!!!!!!!P6!!!!l3!!!!!!!!P
-H!!!!lJ!!!!!!!!PT!!!!l`!!!!!!!!Pb!!!!m!!!!!!!!!Pp!!!!m3!!!!!!!!Q
-)!!!!mJ!!!!!!!!Q5!!!!m`!!!!!!!!QF!!!!p!!!!!!!!!QQ!!!!p3!!!!!!!!Q
-a!!!!pJ!!!!!!!!Qm!!!!p`!!!!!!!!R%!!!!q!!!!!!!!!R2!!!!q3!!!!!!!!R
-A!!!!qJ!!!!!!!!RJ!!!!q`!!!!!!!!RS!!!!r!!!!!!!!!R`!!!!r3!!!!!!!!R
-j!!!!rJ!!!!!!!!S#!!!!r`!!!!!!!!S0!!!"!!!!!!!!!!S9!!!"!3!!!!!!!!S
-H!!!"!J!!!!!!!!SQ!!!"!`!!!!!!!!SZ!!!""!!!!!!!!!Sf!!!""3!!!!!!!!S
-q!!!""J!!!!!!!!T(!!!""`!!!!!!!!T3!!!"#!!!!!!!!!TC!!!"#3!!!!!!!!T
-N!!!"#J!!!!!!!!TV!!!"#`!!!!!!!!Tc!!!"$!!!!!!!!!Tp!!!"$3!!!!!!!!U
-&!!!"$J!!!!!!!!U2!!!"$`!!!!!!!!UB!!!"%!!!!!!!!!UJ!!!"%3!!!!!!!!U
-V!!!"%J!!!!!!!!Uf!!!"%`!!!!!!!!V!!!!"&!!!!!!!!!V,!!!"&3!!!!!!!!V
-9!!!"&J!!!!!!!!VJ!!!"&`!!!!!!!!VV!!!"'!!!!!!!!!Ve!!!"'3!!!!!!!!V
-r!!!"'J!!!!!!!!X*!!!"'`!!!!!!!!X6!!!"(!!!!!!!!!XG!!!"(3!!!!!!!!X
-R!!!"(J!!!!!!!!Xb!!!"(`!!!!!!!!Xm!!!")!!!!!!!!!Y(!!!")3!!!!!!!!Y
-5!!!")J!!!!!!!!YF!!!")`!!!!!!!!YR!!!"*!!!!!!!!!Yb!!!"*3!!!!!!!!Y
-p!!!"*J!!!!!!!!Z(!!!"*`!!!!!!!!Z5!!!"+!!!!!!!!!ZG!!!"+3!!!!!!!!Z
-R!!!"+J!!!!!!!!Zb!!!"+`!!!!!!!!Zm!!!",!!!!!!!!!['!!!",3!!!!!!!![
-4!!!",J!!!!!!!![F!!!",`!!!!!!!![Q!!!"-!!!!!!!!![`!!!"-3!!!!!!!![
-l!!!"-J!!!!!!!!`&!!!"-`!!!!!!!!`3!!!"0!!!!!!!!!`D!!!"03!!!!!!!!`
-P!!!"0J!!!!!!!!``!!!"0`!!!!!!!!`l!!!"1!!!!!!!!!a'!!!"13!!!!!!!!a
-3!!!"1J!!!!!!!!aD!!!"1`!!!!!!!!aP!!!"2!!!!!!!!!a[!!!"23!!!!!!!!a
-k!!!"2J!!!!!!!!b&!!!"2`!!!!!!!!b3!!!!!8!!!!!!!!!-QJ!!!8%!!!!!!!!
--T!!!!8)!!!!!!!!-V`!!!8-!!!!!!!!-ZJ!!!83!!!!!!!!-a!!!!88!!!!!!!!
--cJ!!!8B!!!!!!!!-f!!!!8F!!!!!!!!-iJ!!!8J!!!!!!!!-l!!!!8N!!!!!!!!
--p`!!!8S!!!!!!!!0!J!!!8X!!!!!!!!0$!!!!8`!!!!!!!!0&`!!!8d!!!!!!!!
-0)J!!!8i!!!!!!!!0,!!!!8m!!!!!!!!00`!!!9!!!!!!!!!03J!!!9%!!!!!!!!
-063!!!9)!!!!!!!!09`!!!9-!!!!!!!!0A`!!!93!!!!!!!!0D!!!!98!!!!!!!!
-0F3!!!9B!!!!!!!!0H`!!!9F!!!!!!!!0KJ!!!9J!!!!!!!!0N3!!!9N!!!!!!!!
-0R!!!!9S!!!!!!!!0T`!!!9X!!!!!!!!0X3!!!9`!!!!!!!!0[!!!!9d!!!!!!!!
-0a`!!!9i!!!!!!!!0dJ!!!9m!!!!!!!!0h!!!!@!!!!!!!!!0j`!!!@%!!!!!!!!
-0mJ!!!@)!!!!!!!!0r3!!!@-!!!!!!!!1#!!!!@3!!!!!!!!1%`!!!@8!!!!!!!!
-1(3!!!@B!!!!!!!!1+!!!!@F!!!!!!!!1-!!!!@J!!!!!!!!11!!!!@N!!!!!!!!
-13J!!!@S!!!!!!!!15`!!!@X!!!!!!!!19J!!!@`!!!!!!!!1B3!!!@d!!!!!!!!
-1D`!!!@i!!!!!!!!1GJ!!!@m!!!!!!!!1J!!!!A!!!!!!!!!1LJ!!!A%!!!!!!!!
-1P3!!!A)!!!!!!!!1R`!!!A-!!!!!!!!1U!!!!A3!!!!!!!!1X3!!!A8!!!!!!!!
-1ZJ!!!AB!!!!!!!!1``!!!AF!!!!!!!!1c!!!!AJ!!!!!!!!1eJ!!!AN!!!!!!!!
-1i3!!!AS!!!!!!!!1kJ!!!AX!!!!!!!!1p!!!!A`!!!!!!!!1r`!!!Ad!!!!!!!!
-2#3!!!Ai!!!!!!!!2$`!!!Am!!!!!!!!2)3!!!B!!!!!!!!!2+`!!!B%!!!!!!!!
-203!!!B)!!!!!!!!23!!!!B-!!!!!!!!25`!!!B3!!!!!!!!29J!!!B8!!!!!!!!
-2B!!!!BB!!!!!!!!2DJ!!!BF!!!!!!!!2G!!!!BJ!!!!!!!!2IJ!!!BN!!!!!!!!
-2K`!!!BS!!!!!!!!2N3!!!BX!!!!!!!!2Q`!!!B`!!!!!!!!2TJ!!!Bd!!!!!!!!
-2V`!!!Bi!!!!!!!!2Z3!!!Bm!!!!!!!!2`J!!!C!!!!!!!!!!$md!!!'4!!!!!!!
-!$pJ!!!'5!!!!!!!!$q)!!!'6!!!!!!!!$q`!!!'8!!!!!!!!$rB!!!'9!!!!!!!
-!$rm!!!'@!!!!!!!!%!S!!!'A!!!!!!!!%"3!!!'B!!!!!!!!%"m!!!'C!!!!!!!
-!%#S!!!'D!!!!!!!!%$8!!!'E!!!!!!!!%%!!!!'F!!!!!!!!%%`!!!'G!!!!!!!
-!%&B!!!'H!!!!!!!!%'%!!!'I!!!!!!!!%'`!!!'J!!!!!!!!%(i!!!'K!!!!!!!
-!%*!!!!!"SJ!!!!!!!"#G!!!"S`!!!!!!!"#V!!!"T!!!!!!!!"#e!!!"T3!!!!!
-!!"$+!!!"TJ!!!!!!!"$6!!!"T`!!!!!!!"$H!!!"U!!!!!!!!"$Y!!!"U3!!!!!
-!!"$[!!!"UJ!!!!!!!"$f!!!"U`!!!!!!!"%"!!!"V!!!!!!!!"%-!!!"V3!!!!!
-!!"%4!!!"VJ!!!!!!!"%E!!!"V`!!!!!!!"%K!!!"X!!!!!!!!"%U!!!"X3!!!!!
-!!"%a!!!"XJ!!!!!!!"%f!!!"X`!!!!!!!"%m!!!"Y!!!!!!!!"&(!!!"Y3!!!!!
-!!"&0!!!"YJ!!!!!!!"&@!!!"Y`!!!!!!!"&H!!!"Z!!!!!!!!"&R!!!"Z3!!!!!
-!!"&`!!!"ZJ!!!!!!!"&h!!!"Z`!!!!!!!"'"!!!"[!!!!!!!!"'+!!!"[3!!!!!
-!!"'5!!!"[J!!!!!!!"'D!!!"[`!!!!!!!"'J!!!"`!!!!!!!!"'Q!!!"`3!!!!!
-!!"'`!!!"`J!!!!!!!"'i!!!"``!!!!!!!"(!!!!"a!!!!!!!!"()!!!"a3!!!!!
-!!"(2!!!"aJ!!!!!!!"(D!!!"a`!!!!!!!"(P!!!"b!!!!!!!!"(`!!!"b3!!!!!
-!!"(j!!!"bJ!!!!!!!")$!!!"b`!!!!!!!")+!!!"c!!!!!!!!")6!!!"c3!!!!!
-!!")K!!!"cJ!!!!!!!")c!!!"c`!!!!!!!"*%!!!"d!!!!!!!!"*A!!!"d3!!!!!
-!!"*R!!!"dJ!!!!!!!"*k!!!"d`!!!!!!!"+%!!!"e!!!!!!!!"+A!!!"e3!!!!!
-!!"+P!!!"eJ!!!!!!!"+e!!!"e`!!!!!!!",)!!!"f!!!!!!!!",D!!!"f3!!!!!
-!!",b!!!"fJ!!!!!!!"-,!!!"f`!!!!!!!"-C!!!"h!!!!!!!!"-V!!!"h3!!!!!
-!!"-m!!!"hJ!!!!!!!"02!!!"h`!!!!!!!"0X!!!"i!!!!!!!!"1&!!!"i3!!!!!
-!!"15!!!"iJ!!!!!!!"1H!!!"i`!!!!!!!"1V!!!"j!!!!!!!!"1f!!!"j3!!!!!
-!!"2#!!!"jJ!!!!!!!"20!!!"j`!!!!!!!"2E!!!"k!!!!!!!!"2T!!!"k3!!!!!
-!!"2i!!!"kJ!!!!!!!"3(!!!"k`!!!!!!!"38!!!"l!!!!!!!!"3K!!!"l3!!!!!
-!!"3d!!!"lJ!!!!!!!"4'!!!"l`!!!!!!!"48!!!"m!!!!!!!!"4B!!!"m3!!!!!
-!!"4I!!!"mJ!!!!!!!"4b!!!"m`!!!!!!!"5$!!!"p!!!!!!!!"55!!!"p3!!!!!
-!!"5E!!!"pJ!!!!!!!"5U!!!"p`!!!!!!!"5j!!!"q!!!!!!!!"6)!!!"q3!!!!!
-!!"69!!!"qJ!!!!!!!"6M!!!"q`!!!!!!!"6b!!!"r!!!!!!!!"8-!!!"r3!!!!!
-!!"8D!!!"rJ!!!!!!!"8V!!!"r`!!!!!!!"8m!!!#!!!!!!!!!"9*!!!#!3!!!!!
-!!"9C!!!#!J!!!!!!!"9Q!!!#!`!!!!!!!"9f!!!#"!!!!!!!!"@%!!!#"3!!!!!
-!!"@4!!!#"J!!!!!!!"@L!!!#"`!!!!!!!"@b!!!##!!!!!!!!"A"!!!##3!!!!!
-!!"A3!!!##J!!!!!!!"AF!!!##`!!!!!!!"AY!!!#$!!!!!!!!"B#!!!#$3!!!!!
-!!"B0!!!#$J!!!!!!!"B9!!!#$`!!!!!!!"BK!!!#%!!!!!!!!"BZ!!!#%3!!!!!
-!!"Bl!!!#%J!!!!!!!"C(!!!#%`!!!!!!!"CB!!!#&!!!!!!!!"CY!!!#&3!!!!!
-!!"Ci!!!#&J!!!!!!!"D%!!!#&`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$!!!!$!!!!!-
-!!!!-Y0ifDrrrqUS!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!#&`!!!L!!!"D,!!!B!!!!!KF!!!!!!!!!!!!!!!!
-!!!!!9%9B9!!!!!)!!!(q!!!"r`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#`MlJ!!!!!!!!!3!
-#`NI`!!)!!!!!!!!!!!!!!X)fJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!)!!!%!!!!!"3!!Irm!!!!!Irm!!!!!Irm!!!!!Irm!!!!-!!%!!J!%!!!
-!"8!!!!B!!3!"1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!%!!!$rrrrr!!!!!`!"!!%k1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!3!!!2rrrrm!!!!%!!%!!6SkD@jME(9NC6S!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!rrrrrd!!!!)!!3!"1J!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$rrrrr3!!!!`!#!!%k6@&M6e-
-J8h9`F'pbG$S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!2rrrrp!!!!%!!)
-!!6T08d`k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!!rrr
-rrd!!!!8!#J!!6@&M6e-J8&"$)%aTEQYPFJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!4f9d5&488&-J8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!%k!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!!&0B@028b"38%-J6'PZDf9b!!!
-!!!!!!!!!!!!!!!!!!!!H39"36!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!3A"`E!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!"J!!!!68e-3J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!6'PL)%PYF'pbG#"38%-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69"-4J!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!6'PL)%PYF'pbG#"38%-!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!69G$4!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!8P053`!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!"J!!!!9%9B9#jLD!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!3Q&XE'p[EL")C@a`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jM!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!9%9B9#jM+bX!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jMB`!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!9%9B9#jMF!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jMF(!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!9%9B9#jPH(!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jRB`!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!4f&YC80[C'8J3fpZGQ9bG'9b!!!
-!!!!!!!!!!!!!!!"!!!!!9%9B9#jS!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!!9%9B9#jX!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!4QaPH#"3FQ9`FQpMCA0cEh)!!!!
-!!!!!!!!!!!!!!!#!!!!!9%9B9#j`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!69FJ8'&cBf&X)&"33`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#j`BA-
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ8'&cBf&X)&"33`!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!9%9B9#j`BfJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!#!!!!!9%9B9#j`BfJ
-V+`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!!
-!!!!!!!!!!!!!!!#!!!!!9%9B9#j`F(8!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!69FJ8'&cBf&X)&"33`!!!!!!!!!!!!!!!!!!!!!!!!#!!!!!9%9B9#jb!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8Q9k!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!9%9B9#jc!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!8&"$3A0Y!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jj!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3QPcEfiJ8(*PF(*[Bf9cFfpb!!!
-!!!!!!!!!!!!!!!#!!!!!@%024J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!@%024NBJ5@e`Eh*d)&"33`!!!!!!!!!!!!!!!!!!!!!!!!!!C'pMG3!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!"J!!!!FR0bB`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!FfKXBJ!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8%9')%PYF'pbG#"38%-!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!Fh4eBJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!8%9')%PYF'pbG#"38%-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#jNEf-
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!"3!!!!!!8"!3!"!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!!"!!!
-!!!8!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!"!3!!E@&TEJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!3!"!!!!!3%"!3%!!3%!!!!!!!%"!!!
-"!3!"!!!"!!%!!!!!!!!!!!!)!3!"!3!"!3!!!!%!!!N!!"G0B@028b"8EfpXBQp
-i)%4&3P9()$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!r2cmr39"36!!!!B"B`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$mr2cm!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!0!!%!!!!!!""I69G&8NY6Ah"bC@CTH#jS!!!!!!!!!!!!!!!!!!!!!!!
-"!!!"!!!!!!!"!!!!!!!!!!!!!!8"!3%!!!%"!!%!!!!!"!!!!!!!!!!!!!!!!!!
-!!!!"!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"IAh0dBA*d!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!3!!#8ePFQGP)%peG!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$m
-r2cp"8&"-!!%"!!!%)#!J)!1ARe!$GYpi!`@Z%!!&!J%!!3%!!3%"!!!"!!!!!!!
-!!!%"!3%!!3%!!3!""!!!!!!!!!!!!!!(!3%!!3!!!3!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
-IAh0dBA*d!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8!!!e(CA4)9&438bK38%-T!!!!!!!
-!!!!!!!!!!!!!!!!!2cmr2d&38%`!!!3!!!!%!!!!!%!!!&M!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%r2cmr!!!!!!!
-!!!)!!!!#!!)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-#!&!!!3!"!!%!!3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8*d024%8R)#G%394"*b!R8%P$9#F
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!3!
-!!!%#!3!!!!!!!3!"!`!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!!)!!!!#!J%!!!!
-!!!%!!3-!!!!!!!!!!!!!!!!%!!!!!!!!!!!"!!!$!!!!!`)"!!!!!!!"!!%$!!!
-!!!!!!!!!!!!!"!!!!!!!!!!!!3!!"!!!!!3#!3!!!!!!!3!"!`!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!%!!!8!!!!&!J%!!!!!!!%!!3-!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!"!!!'!!!!"J)"!!!!!!!"!!%$!!!!!!!!!!!!!!!!"3!!!!!!!!!!!3!!"`!
-!!!F#!3!!!!!!!3!"!`!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!!J!!!!)!J%!!!!
-!!!%!!3-!!!!!!!!!!!!!!!!&!!!!!!!!!!!"!!!*!!!!#3)"!!!!!!!"!!%$!!!
-!!!!!!!!!!!!!"3!!!!!!!!!!!3!!#J!!!!S#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!%!!!X!!!!,!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!"!!!-!!!!$!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!$3!
-!!!d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!!i!!!!1!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!!2!!!!$`)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!3!!%!!!!"!#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!%!!"%!!!!4!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!"!!!5!!!!%J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!%`!
-!!"-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!"3!!!!8!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!!9!!!!&3)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!3!!&J!!!"B#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!%!!"F!!!!A!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!"!!!B!!!!'!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!'3!
-!!"N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!"S!!!!D!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!!E!!!!'`)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!3!!(!!!!"`#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!%!!"d!!!!G!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!"!!!H!!!!(J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!(`!
-!!"m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!#!!!!!J!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!!K!!!!)3)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!3!!)J!!!#)#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!%!!#-!!!!M!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!"!!!N!!!!*!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!*3!
-!!#8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!#B!!!!Q!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!!R!!!!*`)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!3!!+!!!!#J#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!%!!#N!!!!T!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!"!!!U!!!!+J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!+`!
-!!#X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!#`!!!!X!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!!Y!!!!,3)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!3!!,J!!!#i#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!%!!#m!!!![!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!"!!!`!!!!-!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!-3!
-!!$%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!$)!!!!b!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!!c!!!!-`)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!3!!0!!!!$3#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!%!!$8!!!!e!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!"!!!f!!!!0J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!0`!
-!!$F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!$J!!!!i!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!!j!!!!13)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!3!!1J!!!$S#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!%!!$X!!!!l!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!"!!!m!!!!2!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!23!
-!!$d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!$i!!!!q!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!!r!!!!2`)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!3!!3!!!!%!#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!%!!%%!!!""!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!"!!"#!!!!3J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!3`!
-!!%-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!%3!!!"%!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!"&!!!!43)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!3!!4J!!!%B#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!%!!%F!!!"(!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!"!!")!!!!5!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!53!
-!!%N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!%S!!!"+!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!",!!!!5`)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!3!!6!!!!%`#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!%!!%d!!!"0!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!"!!"1!!!!6J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!6`!
-!!%m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!&!!!!"3!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!"4!!!!83)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!3!!8J!!!&)#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!%!!&-!!!"6!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!"!!"8!!!!9!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!93!
-!!&8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!&B!!!"@!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!"A!!!!9`)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!3!!@!!!!&J#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!%!!&N!!!"C!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!"!!"D!!!!@J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!@`!
-!!&X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!&`!!!"F!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!"G!!!!A3)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!3!!AJ!!!&i#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!%!!&m!!!"I!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!"!!"J!!!!B!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!B3!
-!!'%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!')!!!"L!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!"M!!!!B`)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!3!!C!!!!'3#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!%!!'8!!!"P!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!"!!"Q!!!!CJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!C`!
-!!'F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!'J!!!"S!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!"T!!!!D3)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!3!!DJ!!!'S#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!%!!'X!!!"V!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!"!!"X!!!!E!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!E3!
-!!'d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!'i!!!"Z!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!"[!!!!E`)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!3!!F!!!!(!#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!%!!(%!!!"a!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!"!!"b!!!!FJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!F`!
-!!(-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!(3!!!"d!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!"e!!!!G3)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!3!!GJ!!!(B#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!%!!(F!!!"h!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!"!!"i!!!!H!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!H3!
-!!(N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!(S!!!"k!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!"l!!!!H`)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!3!!I!!!!(`#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!%!!(d!!!"p!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!"!!"q!!!!IJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!I`!
-!!(m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!)!!!!#!!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#"!!!!J3)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!3!!JJ!!!))#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!%!!)-!!!#$!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!"!!#%!!!!K!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!K3!
-!!)8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!)B!!!#'!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#(!!!!K`)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!3!!L!!!!)J#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!%!!)N!!!#*!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!"!!#+!!!!LJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!L`!
-!!)X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!)`!!!#-!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#0!!!!M3)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!3!!MJ!!!)i#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!%!!)m!!!#2!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!"!!#3!!!!!*!!!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#
-4!!!!N3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!NJ!!!*)#!3!
-!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!*-!!!#6!J%!!!!!!!%!!3%
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#8!!!!P!)"!!!!!!!"!!%"!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!3!!P3!!!*8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!%!!*B!!!#@!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#
-A!!!!P`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!Q!!!!*J#!3!
-!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!*N!!!#C!J%!!!!!!!%!!3%
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#D!!!!QJ)"!!!!!!!"!!%"!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!3!!Q`!!!*X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!%!!*`!!!#F!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#
-G!!!!R3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!RJ!!!*i#!3!
-!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!*m!!!#I!J%!!!!!!!%!!3%
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#J!!!!S!)"!!!!!!!"!!%"!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!3!!S3!!!+%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!%!!+)!!!#L!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#
-M!!!!S`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!T!!!!+3#!3!
-!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!+8!!!#P!J%!!!!!!!%!!3%
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#Q!!!!TJ)"!!!!!!!"!!%"!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!3!!T`!!!+F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!%!!+J!!!#S!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#
-T!!!!U3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!UJ!!!+S#!3!
-!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!+X!!!#V!J%!!!!!!!%!!3%
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#X!!!!V!)"!!!!!!!"!!%"!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!3!!V3!!!+d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!%!!+i!!!#Z!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#
-[!!!!V`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!X!!!!,!#!3!
-!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!,%!!!#a!J%!!!!!!!%!!3%
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#b!!!!XJ)"!!!!!!!"!!%"!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!3!!X`!!!,-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!%!!,3!!!#d!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#
-e!!!!Y3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!YJ!!!,B#!3!
-!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!,F!!!#h!J%!!!!!!!%!!3%
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#i!!!!Z!)"!!!!!!!"!!%"!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!3!!Z3!!!,N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!%!!,S!!!#k!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#
-l!!!!Z`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!![!!!!,`#!3!
-!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!,d!!!#p!J%!!!!!!!%!!3%
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#q!!!![J)"!!!!!!!"!!%"!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!3!![`!!!,m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!%!!-!!!!$!!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$
-"!!!!`3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!`J!!!-)#!3!
-!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!--!!!$$!J%!!!!!!!%!!3%
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$%!!!!a!)"!!!!!!!"!!%"!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!3!!a3!!!-8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!%!!-B!!!$'!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$
-(!!!!a`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!b!!!!-J#!3!
-!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!-N!!!$*!J%!!!!!!!%!!3%
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$+!!!!bJ)"!!!!!!!"!!%"!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!3!!b`!!!-X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!%!!-`!!!$-!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$
-0!!!!c3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!cJ!!!-i#!3!
-!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!-m!!!$2!J%!!!!!!!%!!3%
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$3!!!!d!)"!!!!!!!"!!%"!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!3!!d3!!!0%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!%!!0)!!!$5!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$
-6!!!!d`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!e!!!!03#!3!
-!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!08!!!$9!J%!!!!!!!%!!3%
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$@!!!!eJ)"!!!!!!!"!!%"!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!3!!e`!!!0F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!%!!0J!!!$B!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$
-C!!!!f3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!fJ!!!0S#!3!
-!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!0X!!!$E!J%!!!!!!!%!!3%
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$F!!!!h!)"!!!!!!!"!!%"!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!3!!h3!!!0d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!%!!0i!!!$H!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$
-I!!!!h`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!i!!!!1!#!3!
-!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!1%!!!$K!J%!!!!!!!%!!3%
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$L!!!!iJ)"!!!!!!!"!!%"!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!3!!i`!!!1-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!%!!13!!!$N!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$
-P!!!!j3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!jJ!!!1B#!3!
-!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!1F!!!$R!J%!!!!!!!%!!3%
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$S!!!!k!)"!!!!!!!"!!%"!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!3!!k3!!!1N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!%!!1S!!!$U!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$
-V!!!!k`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!l!!!!1`#!3!
-!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!1d!!!$Y!J%!!!!!!!%!!3%
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$Z!!!!lJ)"!!!!!!!"!!%"!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!3!!l`!!!1m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!%!!2!!!!$`!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$
-a!!!!m3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!mJ!!!2)#!3!
-!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!2-!!!$c!J%!!!!!!!%!!3%
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$d!!!!p!)"!!!!!!!"!!%"!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!3!!p3!!!28#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!%!!2B!!!$f!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$
-h!!!!p`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!q!!!!2J#!3!
-!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!2N!!!$j!J%!!!!!!!%!!3%
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$k!!!!qJ)"!!!!!!!"!!%"!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!3!!q`!!!2X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!%!!2`!!!$m!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$
-p!!!!r3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!rJ!!!2i#!3!
-!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!2m!!!$r!J%!!!!!!!%!!3%
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%!!!!"!!)"!!!!!!!"!!%"!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!3!"!3!!!3%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!%!!3)!!!%#!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%
-$!!!"!`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!""!!!!33#!3!
-!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!38!!!%&!J%!!!!!!!%!!3%
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%'!!!""J)"!!!!!!!"!!%"!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!3!""`!!!3F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!%!!3J!!!%)!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%
-*!!!"#3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"#J!!!3S#!3!
-!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!3X!!!%,!J%!!!!!!!%!!3%
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%-!!!"$!)"!!!!!!!"!!%"!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!3!"$3!!!3d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!%!!3i!!!%1!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%
-2!!!"$`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"%!!!!4!#!3!
-!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!4%!!!%4!J%!!!!!!!%!!3%
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%5!!!"%J)"!!!!!!!"!!%"!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!3!"%`!!!4-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!%!!43!!!%8!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%
-9!!!"&3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"&J!!!4B#!3!
-!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!4F!!!%A!J%!!!!!!!%!!3%
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%B!!!"'!)"!!!!!!!"!!%"!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!3!"'3!!!4N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!%!!4S!!!%D!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%
-E!!!"'`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"(!!!!4`#!3!
-!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!4d!!!%G!J%!!!!!!!%!!3%
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%H!!!"(J)"!!!!!!!"!!%"!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!3!"(`!!!4m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!%!!5!!!!%J!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%
-K!!!")3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!")J!!!5)#!3!
-!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!5-!!!%M!J%!!!!!!!%!!3%
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%N!!!"*!)"!!!!!!!"!!%"!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!3!"*3!!!58#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!%!!5B!!!%Q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%
-R!!!"*`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"+!!!!5J#!3!
-!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!5N!!!%T!J%!!!!!!!%!!3%
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%U!!!"+J)"!!!!!!!"!!%"!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!3!"+`!!!5X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!%!!5`!!!%X!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%
-Y!!!",3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!",J!!!5i#!3!
-!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!5m!!!%[!J%!!!!!!!%!!3%
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%`!!!"-!)"!!!!!!!"!!%"!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!3!"-3!!!6%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!%!!6)!!!%b!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%
-c!!!"-`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"0!!!!63#!3!
-!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!68!!!%e!J%!!!!!!!%!!3%
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%f!!!"0J)"!!!!!!!"!!%"!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!3!"0`!!!6F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!%!!6J!!!%i!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%
-j!!!"13)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"1J!!!6S#!3!
-!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!6X!!!%l!J%!!!!!!!%!!3%
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%m!!!"2!)"!!!!!!!"!!%"!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!3!"23!!!6d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!%!!6i!!!%q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%
-r!!!"2`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"3!!!!8!#!3!
-!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!8%!!!&"!J%!!!!!!!%!!3%
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&#!!!"3J)"!!!!!!!"!!%"!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!3!"3`!!!8-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!%!!83!!!&%!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&
-&!!!"43)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"4J!!!8B#!3!
-!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!8F!!!&(!J%!!!!!!!%!!3%
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&)!!!"5!)"!!!!!!!"!!%"!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!3!"53!!!8N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!%!!8S!!!&+!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&
-,!!!"5`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"6!!!!8`#!3!
-!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!8d!!!&0!J%!!!!!!!%!!3%
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&1!!!"6J)"!!!!!!!"!!%"!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!3!"6`!!!8m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!%!!9!!!!&3!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&
-4!!!"83)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"8J!!!9)#!3!
-!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!9-!!!&6!J%!!!!!!!%!!3%
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&8!!!"9!)"!!!!!!!"!!%"!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!3!"93!!!98#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!%!!9B!!!&@!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&
-A!!!"9`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"@!!!!9J#!3!
-!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!9N!!!&C!J%!!!!!!!%!!3%
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&D!!!"@J)"!!!!!!!"!!%"!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!3!"@`!!!9X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!%!!9`!!!&F!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&
-G!!!"A3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"AJ!!!9i#!3!
-!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!9m!!!&I!J%!!!!!!!%!!3%
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&J!!!"B!)"!!!!!!!"!!%"!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!3!"B3!!!@%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!%!!@)!!!&L!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&
-M!!!"B`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"C!!!!@3#!3!
-!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!@8!!!&P!J%!!!!!!!%!!3%
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&Q!!!"CJ)"!!!!!!!"!!%"!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!3!"C`!!!@F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!%!!@J!!!&S!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&
-T!!!"D3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"DJ!!!@S#!3!
-!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!@X!!!&V!J%!!!!!!!%!!3%
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&X!!!"E!)"!!!!!!!"!!%"!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!3!"E3!!!@d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!%!!@i!!!&Z!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&
-[!!!"E`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"F!!!!A!#!3!
-!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!A%!!!&a!J%!!!!!!!%!!3%
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&b!!!"FJ)"!!!!!!!"!!%"!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!3!"F`!!!A-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!%!!A3!!!&d!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&
-e!!!"G3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"GJ!!!AB#!3!
-!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!AF!!!&h!J%!!!!!!!%!!3%
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&i!!!"H!)"!!!!!!!"!!%"!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!3!"H3!!!AN#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!%!!AS!!!&k!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&
-l!!!"H`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"I!!!!A`#!3!
-!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!Ad!!!&p!J%!!!!!!!%!!3%
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&q!!!"IJ)"!!!!!!!"!!%"!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!3!"I`!!!Am#!3!!!!!!!3!"!`!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!%!!B!!!!'!!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!'
-"!!!"J3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"JJ!!!B)#!3!
-!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!B-!!!'$!J%!!!!!!!%!!3%
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!'%!!!"K!)"!!!!!!!"!!%"!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!3!"K3!!!B8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!%!!BB!!!''!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!'
-(!!!"K`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"L!!!!BJ#!3!
-!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!BN!!!'*!J%!!!!!!!%!!3%
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!'+!!!"LJ)"!!!!!!!"!!%"!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!3!"L`!!!BX#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!%!!B`!!!'-!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!'
-0!!!"M3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"MJ!!!Bi#!3!
-!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!Bm!!!'2!J%!!!!!!!%!!3%
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!'3!!!!!C!!!J%!!!!!!!%!!3%!!!!!!!!
-!!!!!!!!"!!!!!!!!!!!"!!'4!!!"N3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!
-!!!!!!!!!!3!"NJ!!!C)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%
-!!C-!!!'6!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!'8!!!"P!)
-"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"P3!!!C8#!3!!!!!!!3!
-"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!CB!!!'@!J%!!!!!!!%!!3%!!!!!!!!
-!!!!!!!!"!!!!!!!!!!!"!!'A!!!"P`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!
-!!!!!!!!!!3!"Q!!!!CJ#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%
-!!CN!!!'C!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!'D!!!"QJ)
-"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"Q`!!!CX#!3!!!!!!!3!
-"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!C`!!!'F!J%!!!!!!!%!!3%!!!!!!!!
-!!!!!!!!"!!!!!!!!!!!"!!'G!!!"R3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!
-!!!!!!!!!!3!"RJ!!!Ci#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%
-!!Cm!!!'I!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!'J!!!"S!)
-"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"S3!!!D%#!3!!!!!!!3!
-"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!D)!!!'L!J%!!!!!!!%!!3%!!!!!!!!
-!!!!!!!!"!!!!!!!!!!!"!!'M!!!"S`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!
-!!!!!!!!!!3!"T!!!!D3#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%
-!!D8!!!'P!J%!!!!!!!%!!3-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!'Q!!!"TJ)
-"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"T`!!!DF#!3!!!!!!!3!
-"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!DJ!!!'S!J%!!!!!!!%!!3%!!!!!!!!
-!!!!!!!!"!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!!)!!!!$!!!!"!!!!!8!!!!'!!!!"`!
-!!!J!!!!*!!!!#J!!!!X!!!!-!!!!$3!!!!i!!!!2!!!!%!!!!"%!!!!5!!!!%`!
-!!"3!!!!9!!!!&J!!!"F!!!!B!!!!'3!!!"S!!!!E!!!!(!!!!"d!!!!H!!!!(`!
-!!#!!!!!K!!!!)J!!!#-!!!!N!!!!*3!!!#B!!!!R!!!!+!!!!#N!!!!U!!!!+`!
-!!#`!!!!Y!!!!,J!!!#m!!!!`!!!!-3!!!$)!!!!c!!!!0!!!!$8!!!!f!!!!0`!
-!!$J!!!!j!!!!1J!!!$X!!!!m!!!!23!!!$i!!!!r!!!!3!!!!%%!!!"#!!!!3`!
-!!%3!!!"&!!!!4J!!!%F!!!")!!!!53!!!%S!!!",!!!!6!!!!%d!!!"1!!!!6`!
-!!&!!!!"4!!!!8J!!!&-!!!"8!!!!93!!!&B!!!"A!!!!@!!!!&N!!!"D!!!!@`!
-!!&`!!!"G!!!!AJ!!!&m!!!"J!!!!B3!!!')!!!"M!!!!C!!!!'8!!!"Q!!!!C`!
-!!'J!!!"T!!!!DJ!!!'X!!!"X!!!!E3!!!'i!!!"[!!!!F!!!!(%!!!"b!!!!F`!
-!!(3!!!"e!!!!GJ!!!(F!!!"i!!!!H3!!!(S!!!"l!!!!I!!!!(d!!!"q!!!!I`!
-!!)!!!!#"!!!!JJ!!!)-!!!#%!!!!K3!!!)B!!!#(!!!!L!!!!)N!!!#+!!!!L`!
-!!)`!!!#0!!!!MJ!!!)m!!!#3!!!!!*%!!!#5!!!!N`!!!*3!!!#9!!!!PJ!!!*F
-!!!#B!!!!Q3!!!*S!!!#E!!!!R!!!!*d!!!#H!!!!R`!!!+!!!!#K!!!!SJ!!!+-
-!!!#N!!!!T3!!!+B!!!#R!!!!U!!!!+N!!!#U!!!!U`!!!+`!!!#Y!!!!VJ!!!+m
-!!!#`!!!!X3!!!,)!!!#c!!!!Y!!!!,8!!!#f!!!!Y`!!!,J!!!#j!!!!ZJ!!!,X
-!!!#m!!!![3!!!,i!!!#r!!!!`!!!!-%!!!$#!!!!``!!!-3!!!$&!!!!aJ!!!-F
-!!!$)!!!!b3!!!-S!!!$,!!!!c!!!!-d!!!$1!!!!c`!!!0!!!!$4!!!!dJ!!!0-
-!!!$8!!!!e3!!!0B!!!$A!!!!f!!!!0N!!!$D!!!!f`!!!0`!!!$G!!!!hJ!!!0m
-!!!$J!!!!i3!!!1)!!!$M!!!!j!!!!18!!!$Q!!!!j`!!!1J!!!$T!!!!kJ!!!1X
-!!!$X!!!!l3!!!1i!!!$[!!!!m!!!!2%!!!$b!!!!m`!!!23!!!$e!!!!pJ!!!2F
-!!!$i!!!!q3!!!2S!!!$l!!!!r!!!!2d!!!$q!!!!r`!!!3!!!!%"!!!"!J!!!3-
-!!!%%!!!""3!!!3B!!!%(!!!"#!!!!3N!!!%+!!!"#`!!!3`!!!%0!!!"$J!!!3m
-!!!%3!!!"%3!!!4)!!!%6!!!"&!!!!48!!!%@!!!"&`!!!4J!!!%C!!!"'J!!!4X
-!!!%F!!!"(3!!!4i!!!%I!!!")!!!!5%!!!%L!!!")`!!!53!!!%P!!!"*J!!!5F
-!!!%S!!!"+3!!!5S!!!%V!!!",!!!!5d!!!%Z!!!",`!!!6!!!!%a!!!"-J!!!6-
-!!!%d!!!"03!!!6B!!!%h!!!"1!!!!6N!!!%k!!!"1`!!!6`!!!%p!!!"2J!!!6m
-!!!&!!!!"33!!!8)!!!&$!!!"4!!!!88!!!&'!!!"4`!!!8J!!!&*!!!"5J!!!8X
-!!!&-!!!"63!!!8i!!!&2!!!"8!!!!9%!!!&5!!!"8`!!!93!!!&9!!!"9J!!!9F
-!!!&B!!!"@3!!!9S!!!&E!!!"A!!!!9d!!!&H!!!"A`!!!@!!!!&K!!!"BJ!!!@-
-!!!&N!!!"C3!!!@B!!!&R!!!"D!!!!@N!!!&U!!!"D`!!!@`!!!&Y!!!"EJ!!!@m
-!!!&`!!!"F3!!!A)!!!&c!!!"G!!!!A8!!!&f!!!"G`!!!AJ!!!&j!!!"HJ!!!AX
-!!!&m!!!"I3!!!Ai!!!&r!!!"J!!!!B%!!!'#!!!"J`!!!B3!!!'&!!!"KJ!!!BF
-!!!')!!!"L3!!!BS!!!',!!!"M!!!!Bd!!!'1!!!"M`!!!C!!!!!"N3!!!C)!!!'
-6!!!"P!!!!C8!!!'@!!!"P`!!!CJ!!!'C!!!"QJ!!!CX!!!'F!!!"R3!!!Ci!!!'
-I!!!"S!!!!D%!!!'L!!!"S`!!!D3!!!'P!!!"TJ!!!DF!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'S!!!"`!%!!!!"!!'
-S!3!"SJ%!!D-"!!'S!3!"S3%!!D!"!!!,!3!!$!%!!!S"!!!0!3!!$J%!!!m"!!!
-3!3!!%3%!!")"!!!6!3!!&!%!!"8"!!!@!3!!&`%!!"J"!!!C!3!!'J%!!"X"!!!
-F!3!!(3%!!"i"!!!I!3!!)!%!!#%"!!!L!3!!)`%!!#3"!!!P!3!!*J%!!#F"!!!
-S!3!!+3%!!#S"!!!V!3!!,!%!!#d"!!!Z!3!!,`%!!$!"!!!a!3!!-J%!!$-"!!!
-d!3!!03%!!$B"!!!h!3!!1!%!!$N"!!!k!3!!1`%!!$`"!!!p!3!!2J%!!$m"!!"
-!!3!!33%!!%)"!!"$!3!!4!%!!%8"!!"'!3!!4`%!!%J"!!"*!3!!5J%!!%X"!!"
--!3!!63%!!%i"!!"2!3!!8!%!!&%"!!"5!3!!8`%!!&3"!!"9!3!!9J%!!&F"!!"
-B!3!!@3%!!&S"!!"E!3!!A!%!!&d"!!"H!3!!A`%!!'!"!!"K!3!!BJ%!!'-"!!"
-N!3!!C3%!!'B"!!"R!3!!D!%!!'N"!!"U!3!!D`%!!'`"!!"Y!3!!EJ%!!'m"!!"
-`!3!!F3%!!()"!!"c!3!!G!%!!(8"!!"f!3!!G`%!!(J"!!"j!3!!HJ%!!(X"!!"
-m!3!!I3%!!(i"!!"r!3!!J!%!!)%"!!##!3!!J`%!!)3"!!#&!3!!KJ%!!)F"!!#
-)!3!!L3%!!)S"!!#,!3!!M!%!!)d"!!#1!3!!M`%!!*!!!3!"TJ%!!*%"!!#5!3!
-!N`%!!*3"!!#9!3!!PJ%!!*F"!!#B!3!!Q3%!!*S"!!#E!3!!R!%!!*d"!!#H!3!
-!R`%!!+!"!!#K!3!!SJ%!!+-"!!#N!3!!T3%!!+B"!!#R!3!!U!%!!+N"!!#U!3!
-!U`%!!+`"!!#Y!3!!VJ%!!+m"!!#`!3!!X3%!!,)"!!#c!3!!Y!%!!,8"!!#f!3!
-!Y`%!!,J"!!#j!3!!ZJ%!!,X"!!#m!3!![3%!!,i"!!#r!3!!`!%!!-%"!!$#!3!
-!``%!!-3"!!$&!3!!aJ%!!-F"!!$)!3!!b3%!!-S"!!$,!3!!c!%!!-d"!!$1!3!
-!c`%!!0!"!!$4!3!!dJ%!!0-"!!$8!3!!e3%!!0B"!!$A!3!!f!%!!0N"!!$D!3!
-!f`%!!0`"!!$G!3!!hJ%!!0m"!!$J!3!!i3%!!1)"!!$M!3!!j!%!!18"!!$Q!3!
-!j`%!!1J"!!$T!3!!kJ%!!1X"!!$X!3!!l3%!!1i"!!$[!3!!m!%!!2%"!!$b!3!
-!m`%!!23"!!$e!3!!pJ%!!2F"!!$i!3!!q3%!!2S"!!$l!3!!r!%!!2d"!!$q!3!
-!r`%!!3!"!!%"!3!"!J%!!3-"!!%%!3!""3%!!3B"!!%(!3!"#!%!!3N"!!%+!3!
-"#`%!!3`"!!%0!3!"$J%!!3m"!!%3!3!"%3%!!4)"!!%6!3!"&!%!!48"!!%@!3!
-"&`%!!4J"!!%C!3!"'J%!!4X"!!%F!3!"(3%!!4i"!!%I!3!")!%!!5%"!!%L!3!
-")`%!!53"!!%P!3!"*J%!!5F"!!%S!3!"+3%!!5S"!!%V!3!",!%!!5d"!!%Z!3!
-",`%!!6!"!!%a!3!"-J%!!6-"!!%d!3!"03%!!6B"!!'R!3!"0`%!!6J"!!%j!3!
-"1J%!!6X"!!%m!3!"23%!!6i"!!%r!3!"3!%!!8%"!!&#!3!"3`%!!83"!!&&!3!
-"4J%!!8F"!!&)!3!"53%!!8S"!!&,!3!"6!%!!8d"!!&1!3!"6`%!!9!"!!&4!3!
-"8J%!!9-"!!&8!3!"93%!!9B"!!&A!3!"@!%!!9N"!!&D!3!"@`%!!9`"!!&G!3!
-"AJ%!!9m"!!&J!3!"B3%!!@)"!!&M!3!"C!%!!@8"!!&Q!3!"C`%!!@J"!!&T!3!
-"DJ%!!@X"!!&X!3!"E3%!!@i"!!&[!3!"F!%!!A%"!!&b!3!"F`%!!A3"!!&e!3!
-"GJ%!!AF"!!&i!3!"H3%!!AS"!!&l!3!"I!%!!Ad"!!&q!3!"J!%!!B%"!!'#!3!
-"J`%!!B3"!!'&!3!"KJ%!!BF"!!')!3!"L3%!!BS"!!',!3!"M!%!!Bd"!!'1!3!
-"M`%!!C!!!3!"N3%!!C)"!!'6!3!"P!%!!C8"!!'@!3!"P`%!!CJ"!!'C!3!"QJ%
-!!CX"!!'F!3!"R3%!!Ci"!!'I!3!"T!%!!Am"!!!"!3!!"!%!!!-"!!!#!3!!#3%
-!!!8"!!!'!3!!"`%!!!J"!!'P!!!"U3!"!#J!!!!JrrrjT!!""!!!!!!!!!!!!!!
-!!!!!!J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!"1NKjF'9
-b3f&bC!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!,#2Z!!!!!!!!!"!!,
-#4r!!!J!!!!!!!!!!!!!#`MD!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!J!!!3!!!!!&!!"rr`!!!!"rr`!!!!"rr`!!!!"rr`!!!!`!!3!#!!B!!!!
-&3!!!#!!"!!%k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!3!!!2rrrrm!!!!$!!%!!6Sk!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!"!!!!rrrrr`!!!!3!!3!"1MTTEQ0XG@4P1J!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!$rrrrr3!!!!J!"!!%k!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!2rrrrp!!!!$!!%!!6Sk1NG98dN
-kD@jME(9NC6S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!rrrrrd!!!!3!!3!
-"1MSk4e9656TXD@)k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$rrrr
-r3!!!"3!#!!%k6@&M6e-J8h9`F'pbG$S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!3!!!2rrrrp!!!!'!!)!!6T08d`k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!"!!!!rrrrrd!!!!F!#J!!6@&M6e-J8&"$)%aTEQYPFJ!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!6h"PEP066#"38%-!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!%k!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!!&0B@0
-28b"38%-J6'PZDf9b!!!!!!!!!!!!!!!!!!!!!!!H39"36!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!"J!!!!3A"`E!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!68e-3J!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!6'PL)%PYF'pbG#"38%-!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!69"-4J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!6'PL)%P
-YF'pbG#"38%-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69G$4!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!"J!!!!8P053`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!9%9B9#jLD!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!3Q&XE'p[EL")C@a`!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!9%9B9#jM!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp
-$+bXJ8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jM+bX!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!9%9B9#jMB`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp
-$+bXJ8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jMF!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!9%9B9#jMF(!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp
-$+bXJ8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jPH(!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!9%9B9#jRB`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!4f&YC80
-[C'8J3fpZGQ9bG'9b!!!!!!!!!!!!!!!!!!"!!!!!9%9B9#jS!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!!!!!!!!!!!!!!
-!!!!3!!!!9%9B9#jX!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!4QaPH#"
-3FQ9`FQpMCA0cEh)!!!!!!!!!!!!!!!!!!!#!!!!!9%9B9#j`!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!69FJ8'&cBf&X)&"33`!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!9%9B9#j`BA-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ8'&
-cBf&X)&"33`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#j`BfJ!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!!!!!!!!!!!!!!
-!!!#!!!!!9%9B9#j`BfJV+`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp
-$+bXJ8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!#!!!!!9%9B9#j`F(8!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!69FJ8'&cBf&X)&"33`!!!!!!!!!!!!!!!!!!!!!
-!!!#!!!!!9%9B9#jb!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8Q9k!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jc!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!8&"$3A0Y!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!9%9B9#jj!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3QPcEfi
-J8(*PF(*[Bf9cFfpb!!!!!!!!!!!!!!!!!!#!!!!!@%024J!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!@%024NBJ5@e`Eh*d)&"33`!!!!!!!!!!!!!!!!!
-!!!!!!!!!C'pMG3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!FR0bB`!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!"J!!!!FfKXBJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8%9')%P
-YF'pbG#"38%-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Fh4eBJ!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!8%9')%PYF'pbG#"38%-!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!#jNEf-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"3!!!!!!8"!3!"!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!"J!!!!!"!!!!!!8!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!"!3!!E@&TEJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!3!"!!!!!3%
-"!3%!!3%!!!!!!!%"!!!"!3!"!!!"!!%!!!!!!!!!!!!)!3!"!3!"!3!!!!%!!!N
-!!"G0B@028b"8EfpXBQpi)%4&3P9()$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!r2cmr39"36!!!!B"B`!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!$mr2cm!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!0!!%!!!!!!"9I69G&8NY6AdG98dPIF(*PCQP
-i,QJ!!!!!!!!!!!!!!!!"!!!"!!!!!!!"!!!!!!!!!!!!!!8"!3%!!!%"!!%!!!!
-!"!!!!!!!!!!!!!!!!!!!!!!"!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!"IAh0dBA*d!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!3!!#8e
-PFQGP)%peG!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!$mr2cp"8&"-!!%"!!!%)#!J)!1ARe!$GYpi!`@Z%!!&!J%
-!!3%!!3%"!!!"!!!!!!!!!!%"!3%!!3%!!3!""!!!!!!!!!!!!!!(!3%!!3!!!3!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!"IAh0dBA*d!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8!!!G2F'9
-Z8e0-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!2cmr2d&38%`!!!3!!!!%!!!!!%!
-!!&M!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!%r2cmr!!!!!!!!!!)!!!!#!!)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!#!&!!!3!"!!%!!3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8*d024%8
-R)#G%394"*b!R8%P$9#F!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!J!!!3!!!!%#!3!!!!!!!3!"!`!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!)!!!)!!!!#!J%!!!!!!!%!!3-!!!!!!!!!!!!!!!!%!!!!!!!!!!!#!!!$!!!
-!!`)"!!!!!!!"!!%$!!!!!!!!!!!!!!!!"!!!!!!!!!!!!J!!"!!!!!3#!3!!!!!
-!!3!"!`!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!!!8!!!!&!J%!!!!!!!%!!3-!!!!
-!!!!!!!!!!!!"!!!!!!!!!!!#!!!'!!!!"J)"!!!!!!!"!!%$!!!!!!!!!!!!!!!
-!"3!!!!!!!!!!!J!!"`!!!!F#!3!!!!!!!3!"!`!!!!!!!!!!!!!!!!%!!!!!!!!
-!!!)!!!J!!!!)!J%!!!!!!!%!!3-!!!!!!!!!!!!!!!!&!!!!!!!!!!!#!!!*!!!
-!#3)"!!!!!!!"!!%$!!!!!!!!!!!!!!!!"3!!!!!!!!!!!J!!#J!!!Am#!3!!!!!
-!!3!"!`!!!!!!!!!!!!!!!!%!!!!!!!!!!!)!!!X!!!'U!J%!!!!!!!%!!3%!!!!
-!!!!!!!!!!!!"!!!!!!!!!!!#!!!-!!!"U`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
-!!3!!!!!!!!!!!J!!$3!!!D`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
-!!!)!!!i!!!'Y!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!#!!!2!!!
-"VJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!J!!%!!!!Dm#!3!!!!!
-!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!)!!"%!!!'`!J%!!!!!!!%!!3%!!!!
-!!!!!!!!!!!!"!!!!!!!!!!!#!!!5!!!"X3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
-!!3!!!!!!!!!!!J!!%`!!!E)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
-!!!)!!"3!!!'c!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!#!!!9!!!
-"Y!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!J!!&J!!!E8#!3!!!!!
-!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!)!!"F!!!'f!J%!!!!!!!%!!3%!!!!
-!!!!!!!!!!!!"!!!!!!!!!!!#!!!B!!!"Y`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
-!!3!!!!!!!!!!!J!!'3!!!EJ#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
-!!!)!!"S!!!'j!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!#!!!E!!!
-"ZJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!J!!(!!!!EX#!3!!!!!
-!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!)!!"d!!!'m!J%!!!!!!!%!!3%!!!!
-!!!!!!!!!!!!"!!!!!!!!!!!#!!!H!!!"[3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
-!!3!!!!!!!!!!!J!!(`!!!Ei#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
-!!!)!!#!!!!'r!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!#!!!K!!!
-"`!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!J!!)J!!!F%#!3!!!!!
-!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!)!!#-!!!(#!J%!!!!!!!%!!3%!!!!
-!!!!!!!!!!!!"!!!!!!!!!!!#!!!N!!!"``)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
-!!3!!!!!!!!!!!J!!*3!!!F3#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
-!!!)!!#B!!!(&!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!#!!!R!!!
-"aJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!J!!+!!!!FF#!3!!!!!
-!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!)!!#N!!!()!J%!!!!!!!%!!3%!!!!
-!!!!!!!!!!!!"!!!!!!!!!!!#!!!U!!!"b3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
-!!3!!!!!!!!!!!J!!+`!!!FS#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
-!!!)!!#`!!!(,!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!#!!!Y!!!
-"c!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!J!!,J!!!D8#!3!!!!!
-!!3!"!`!!!!!!!!!!!!!!!!%!!!!!!!!!!!)!!#m!!!(0!J%!!!!!!!%!!3%!!!!
-!!!!!!!!!!!!"!!!!!!!!!!!#!!!`!!!"cJ)"!!!!!!!"!!%$!!!!!!!!!!!!!!!
-!!3!!!!!!!!!!!J!!-3!!!Fm#!3!!!!!!!3!"!`!!!!!!!!!!!!!!!!%!!!!!!!!
-!!!)!!$)!!!(3!J%!!!!!!!%!!3-!!!!!!!!!!!!!!!!"!!!!!!!!!!!#!!!c!!!
-"d33"!!!!!!!!!!%$!!!!!!!!!!!!!!!!J3!!!!!!!!!!!J!!0!!!!G)%!3!!!!!
-!!!!"!`!!!!!!!!!!!!!!!)%!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!!!J!!!!-!!!!%!!!
-!"3!!!!B!!!!(!!!!#!!!!!N!!!!Y!!!!#J!!!!X!!!!-!!!!$3!!!!i!!!!2!!!
-!%!!!!"%!!!!5!!!!%`!!!"3!!!!9!!!!&J!!!"F!!!!B!!!!'3!!!"S!!!!E!!!
-!(!!!!"d!!!!H!!!!(`!!!#!!!!!K!!!!)J!!!#-!!!!N!!!!*3!!!#B!!!!R!!!
-!+!!!!#N!!!!U!!!!+`!!!#`!!!!Z!!!!,`!!!$!!!!!a!!!!-J!!!$-!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!d!!!
-!3!)!!!!#!!!d!J!!(!)!!"d#!!!H!J!!(`)!!#!#!!!K!J!!)J)!!#-#!!!N!J!
-!*3)!!#B#!!!R!J!!+!)!!#N#!!!U!J!!+`)!!#`#!!!Y!J!!#`)!!!`#!!!0!J!
-!$J)!!!m#!!!3!J!!%3)!!")#!!!6!J!!&!)!!"8#!!!@!J!!&`)!!"J#!!!C!J!
-!'J)!!"X#!!!c!J!!0!)!!#m#!!!`!J!!-J)!!$%#!!!+!J!!!3)!!!3#!!!$!J!
-!!J)!!!N#!!!&!J!!"J)!!!F#!!!)!J!!,J!!!DN!!3!S!J!!%`)!!"3#!!!9!J!
-!&J)!!"F#!!!B!!)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#`MlJ!!!
-!!!!!!3!#`NI`!!)!!!!!!!!!!!!!!X)fJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!)!!!%!!!!!"3!!Irm!!!!!Irm!!!!!Irm!!!!!Irm!!!!-!!%
-!!J!%!!!!"8!!!!B!!3!"1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!%!!!$rrrrr!!!!!`!"!!%k1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!3!!!2rrrrm!!!!%!!%!!6SkD@jME(9NC6S!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!rrrrrd!!!!)!!3!"1J!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$rrrrr3!!!!`!#!!%
-k6@&M6e-J8h9`F'pbG$S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!2rrrrp
-!!!!%!!)!!6T08d`k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-"!!!!rrrrrd!!!!8!#J!!6@&M6e-J0MK,)%aTEQYPFJ!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!4f9d5&488&-J0MK,!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!%k!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!!&0B@028b!f1%XJ6'P
-ZDf9b!!!!!!!!!!!!!!!!!!!!!!!J39"36!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!3A"
-`E!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!"J!!!!68e-3J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!6'PL)%PYF'pbG#!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69"
--4J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!6'PL)%PYF'pbG#!f1%X
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69G$4!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!6d*
-+)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69"A)%PYF'pbG#!f1%X
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8%a[BJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!8P0
-53`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!"J!!!!9%9B9#jLD!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!3Q&XE'p[EL")C@a`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9
-B9#jM!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jM+bX!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9
-B9#jMB`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jMF!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9
-B9#jMF(!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jPH(!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9
-B9#jRB`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!4f&YC80[C'8J3fpZGQ9
-bG'9b!!!!!!!!!!!!!!!!!!"!!!!!9%9B9#jS!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!!9%9
-B9#jX!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!4QaPH#"3FQ9`FQpMCA0
-cEh)!!!!!!!!!!!!!!!!!!!#!!!!!9%9B9#j`!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!69FJ8'&cBf&X)$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9
-B9#j`BA-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ8'&cBf&X)$Bi5`!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#j`BfJ!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!!!!!!!!!!!!!!!!!!!!!!!!#!!!!!9%9
-B9#j`BfJV+`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!
-!!!!!!!!!!!!!!!!!!!!!!!#!!!!!9%9B9#j`F(8!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!69FJ8'&cBf&X)$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!#!!!!!9%9
-B9#jb!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8Q9k!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jcC@F!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9
-B9#jj!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3QPcEfiJ8(*PF(*[Bf9
-cFfpb!!!!!!!!!!!!!!!!!!#!!!!!C'pMG3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!FR0
-bB`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!"J!!!!FfKXBJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!8%9')%PYF'pbG#!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Fh4
-eBJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8%9')%PYF'pbG#!f1%X
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#jNEf-!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"3!!!!!!!
-!!#jbFh*M!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!"J!!!!!!8"!3!"!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!
-!!!!"!!!!!!8!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!"!3!!E@&TEJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!3%"!!!!!3%"!!!"!3%!!!!
-!!!%"!!!"!3!"!!!""!!!!!!!!!!!!!!)!3!"!3!"!3!!!!%!!!N!!!e(CA4)9&4
-38bJf1%XT!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!r2cmr39"36!!!!J"B`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$mr2cm!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!0!!%!!!!!!""I69G&8NY6Ah"bC@CTH#jS!!!!!!!!!!!!!!!
-!!!!!!!!"!!!!!!!!!!!"!!!!!!!!!!!!!!8"!3%!!!%"!!%!!!!!"!!!!!!!!!!
-!!!!!!!!!!!!"!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"IAh0
-dBA*d!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!3!!#8ePFQGP)%peG!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!$mr2cp"8&"-!!%"!!!%)#!J)!1ARe!$GYpi!`@Z%!!&!J%!!3%!!3%"!!!
-"!!!!!!!!!!%"!3%!!3%!!3!""!!!!!!!!!!!!!!(!3%!!3!!!3!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!"IAh0dBA*d!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8!!!K(CA4)9&438`!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!2cmr2d&38%`!!!3!!!!%!!!!!%!!!&M!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%r2cm
-r!!!!!!!!!!)!!!!#!!)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!#!&!!!3!"!!%!!3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8*d024%8R)#G%394"*b!
-R8%P$9#F!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!`!!!3!!!!S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!!)!!!!
-,!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!!$!!!!$!)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!"!!!!!d#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!-!!!8!!!!1!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!$!!!'!!!!$`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!!`!!"`!!!"!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!!J!!!!
-4!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!!*!!!!%J)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!#J!!!"-#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!-!!!X!!!!8!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!$!!!-!!!!&3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!!`!!$3!!!"B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!!i!!!!
-A!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!!2!!!!'!)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!%!!!!"N#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!-!!"%!!!!D!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!$!!!5!!!!'`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!!`!!%`!!!"`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!"3!!!!
-G!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!!9!!!!(J)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!&J!!!"m#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!-!!"F!!!!J!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!$!!!B!!!!)3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!!`!!'3!!!#)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!"S!!!!
-M!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!!E!!!!*!)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!(!!!!#8#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!-!!"d!!!!Q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!$!!!H!!!!*`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!!`!!(`!!!#J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!#!!!!!
-T!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!!K!!!!+J)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!)J!!!#X#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!-!!#-!!!!X!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!$!!!N!!!!,3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!!`!!*3!!!#i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!#B!!!!
-[!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!!R!!!!-!)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!+!!!!$%#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!-!!#N!!!!b!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!$!!!U!!!!-`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!!`!!+`!!!$3#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!#`!!!!
-e!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!!Y!!!!0J)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!,J!!!$F#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!-!!#m!!!!i!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!$!!!`!!!!13)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!!`!!-3!!!$S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!$)!!!!
-l!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!!c!!!!2!)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!0!!!!$d#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!-!!$8!!!!q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!$!!!f!!!!2`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!!`!!0`!!!%!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!$J!!!"
-"!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!!j!!!!3J)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!1J!!!%-#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!-!!$X!!!"%!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!$!!!m!!!!43)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!!`!!23!!!%B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!$i!!!"
-(!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!!r!!!!5!)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!3!!!!%N#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!-!!%%!!!"+!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!$!!"#!!!!5`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!!`!!3`!!!%`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!%3!!!"
-0!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!"&!!!!6J)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!4J!!!%m#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!-!!%F!!!"3!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!$!!")!!!!83)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!!`!!53!!!&)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!%S!!!"
-6!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!",!!!!9!)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!6!!!!&8#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!-!!%d!!!"@!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!$!!"1!!!!9`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!!`!!6`!!!&J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!&!!!!"
-C!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!"4!!!!@J)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!8J!!!&X#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!-!!&-!!!"F!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!$!!"8!!!!A3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!!`!!93!!!&i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!&B!!!"
-I!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!"A!!!!B!)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!@!!!!'%#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!-!!&N!!!"L!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!$!!"D!!!!B`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!!`!!@`!!!'3#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!&`!!!"
-P!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!"G!!!!CJ)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!AJ!!!'F#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!-!!&m!!!"S!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!$!!"J!!!!D3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!!`!!B3!!!'S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!')!!!"
-V!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!"M!!!!E!)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!C!!!!'d#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!-!!'8!!!"Z!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!$!!"Q!!!!E`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!!`!!C`!!!(!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!'J!!!"
-a!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!"T!!!!FJ)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!DJ!!!(-#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!-!!'X!!!"d!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!$!!"X!!!!G3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!!`!!E3!!!(B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!'i!!!"
-h!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!"[!!!!H!)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!F!!!!(N#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!-!!(%!!!"k!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!$!!"b!!!!H`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!!`!!F`!!!(`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!(3!!!"
-p!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!"e!!!!IJ)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!GJ!!!(m#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!-!!(F!!!#!!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!$!!"i!!!!J3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!!`!!H3!!!))#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!(S!!!#
-$!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!"l!!!!K!)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!I!!!!)8#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!-!!(d!!!#'!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!$!!"q!!!!K`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!!`!!I`!!!)J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!)!!!!#
-*!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#"!!!!LJ)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!JJ!!!)X#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!-!!)-!!!#-!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!$!!#%!!!!M3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!!`!!K3!!!)i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!)B!!!#
-2!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#(!!!!N!!#!3!!!!!
-!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!)J!!!#4!J%!!!!!!!%!!3%!!!!
-!!!!!!!!!!!!"!!!!!!!!!!!$!!#*!!!!NJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
-!!3!!!!!!!!!!!`!!LJ!!!*-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
-!!!-!!)X!!!#8!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#-!!!
-!P3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!M3!!!*B#!3!!!!!
-!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!)i!!!#A!J%!!!!!!!%!!3%!!!!
-!!!!!!!!!!!!"!!!!!!!!!!!$!!#2!!!!Q!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
-!!3!!!!!!!!!!!`!!N!!!!!#C!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!$!!#4!!!!QJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!NJ!
-!!*X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!*-!!!#F!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#8!!!!R3)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!`!!P3!!!*i#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!-!!*B!!!#I!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!$!!#A!!!!S!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!Q!!
-!!+%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!*N!!!#L!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#D!!!!S`)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!`!!Q`!!!+3#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!-!!*`!!!#P!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!$!!#G!!!!TJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!RJ!
-!!+F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!*m!!!#S!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#J!!!!U3)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!`!!S3!!!+S#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!-!!+)!!!#V!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!$!!#M!!!!V!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!T!!
-!!+d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!+8!!!#Z!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#Q!!!!V`)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!`!!T`!!!,!#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!-!!+J!!!#a!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!$!!#T!!!!XJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!UJ!
-!!,-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!+X!!!#d!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#X!!!!Y3)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!`!!V3!!!,B#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!-!!+i!!!#h!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!$!!#[!!!!Z!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!X!!
-!!,N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!,%!!!#k!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#b!!!!Z`)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!`!!X`!!!,`#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!-!!,3!!!#p!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!$!!#e!!!![J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!YJ!
-!!,m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!,F!!!$!!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#i!!!!`3)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!`!!Z3!!!-)#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!-!!,S!!!$$!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!$!!#l!!!!a!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!![!!
-!!-8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!,d!!!$'!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#q!!!!a`)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!`!![`!!!-J#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!-!!-!!!!$*!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!$!!$"!!!!bJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!`J!
-!!-X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!--!!!$-!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$%!!!!c3)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!`!!a3!!!-i#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!-!!-B!!!$2!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!$!!$(!!!!d!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!b!!
-!!0%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!-N!!!$5!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$+!!!!d`)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!`!!b`!!!03#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!-!!-`!!!$9!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!$!!$0!!!!eJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!cJ!
-!!0F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!-m!!!$B!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$3!!!!f3)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!`!!d3!!!0S#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!-!!0)!!!$E!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!$!!$6!!!!h!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!e!!
-!!0d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!08!!!$H!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$@!!!!h`)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!`!!e`!!!1!#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!-!!0J!!!$K!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!$!!$C!!!!iJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!fJ!
-!!1-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!0X!!!$N!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$F!!!!j3)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!`!!h3!!!1B#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!-!!0i!!!$R!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!$!!$I!!!!k!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!i!!
-!!1N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!1%!!!$U!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$L!!!!k`)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!`!!i`!!!1`#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!-!!13!!!$Y!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!$!!$P!!!!lJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!jJ!
-!!1m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!1F!!!$`!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$S!!!!m3)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!`!!k3!!!2)#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!-!!1S!!!$c!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!$!!$V!!!!p!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!l!!
-!!28#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!1d!!!$f!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$Z!!!!p`)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!`!!l`!!!2J#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!-!!2!!!!$j!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!$!!$a!!!!qJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!mJ!
-!!2X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!2-!!!$m!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$d!!!!r3)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!`!!p3!!!2i#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!-!!2B!!!$r!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!$!!$h!!!"!!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!q!!
-!!3%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!2N!!!%#!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$k!!!"!`)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!`!!q`!!!33#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!-!!2`!!!%&!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!$!!$p!!!""J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!rJ!
-!!3F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!2m!!!%)!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%!!!!"#3)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!`!"!3!!!3S#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!-!!3)!!!%,!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!$!!%$!!!"$!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!""!!
-!!3d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!38!!!%1!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%'!!!"$`)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!`!""`!!!4!#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!-!!3J!!!%4!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!$!!%*!!!"%J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"#J!
-!!4-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!3X!!!%8!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%-!!!"&3)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!`!"$3!!!4B#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!-!!3i!!!%A!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!$!!%2!!!"'!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"%!!
-!!4N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!4%!!!%D!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%5!!!"'`)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!`!"%`!!!4`#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!-!!43!!!%G!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!$!!%9!!!"(J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"&J!
-!!4m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!4F!!!%J!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%B!!!")3)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!`!"'3!!!5)#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!-!!4S!!!%M!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!$!!%E!!!"*!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"(!!
-!!58#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!4d!!!%Q!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%H!!!"*`)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!`!"(`!!!5J#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!-!!5!!!!%T!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!$!!%K!!!"+J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!")J!
-!!5X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!5-!!!%X!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%N!!!",3)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!`!"*3!!!5i#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!-!!5B!!!%[!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!$!!%R!!!"-!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"+!!
-!!6%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!5N!!!%b!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%U!!!"-`)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!`!"+`!!!63#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!-!!5`!!!%e!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!$!!%Y!!!"0J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!",J!
-!!6F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!5m!!!%i!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%`!!!"13)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!`!"-3!!!6S#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!-!!6)!!!%l!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!$!!%c!!!"2!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"0!!
-!!6d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!68!!!%q!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%f!!!"2`)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!`!"0`!!!8!#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!-!!6J!!!&"!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!$!!%j!!!"3J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"1J!
-!!8-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!6X!!!&%!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%m!!!"43)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!`!"23!!!8B#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!-!!6i!!!&(!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!$!!%r!!!"5!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"3!!
-!!8N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!8%!!!&+!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&#!!!"5`)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!`!"3`!!!8`#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!-!!83!!!&0!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!$!!&&!!!"6J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"4J!
-!!8m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!8F!!!&3!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&)!!!"83)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!`!"53!!!9)#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!-!!8S!!!&6!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!$!!&,!!!"9!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"6!!
-!!98#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!8d!!!&@!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&1!!!"9`)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!`!"6`!!!9J#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!-!!9!!!!&C!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!$!!&4!!!"@J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"8J!
-!!9X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!9-!!!&F!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&8!!!"A3)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!`!"93!!!9i#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!-!!9B!!!&I!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!$!!&A!!!"B!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"@!!
-!!@%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!9N!!!&L!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&D!!!"B`)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!`!"@`!!!@3#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!-!!9`!!!&P!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!$!!&G!!!"CJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"AJ!
-!!@F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!9m!!!&S!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&J!!!"D3)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!`!"B3!!!@S#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!-!!@)!!!&V!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!$!!&M!!!"E!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"C!!
-!!@d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!@8!!!&Z!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&Q!!!"E`)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!`!"C`!!!A!#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!-!!@J!!!&a!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!$!!&T!!!"FJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"DJ!
-!!A-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!@X!!!&d!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&X!!!"G3)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!`!"E3!!!AB#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!-!!@i!!!&h!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!$!!&[!!!"H!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"F!!
-!!AN#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!A%!!!&k!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&b!!!"H`)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!`!"F`!!!A`#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!-!!A3!!!&p!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!$!!&e!!!"IJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"GJ!
-!!B!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!AF!!!'"!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&i!!!"JJ)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!`!"H3!!!B-#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!-!!AS!!!'%!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!$!!&l!!!"K3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"I!!
-!!BB#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!Ad!!!'(!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&q!!!"L!)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!`!"I`!!!BN#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!-!!B!!!!'+!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!$!!'"!!!"L`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"JJ!
-!!B`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!B-!!!'0!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!'%!!!"MJ)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!!`!"K3!!!Bm#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!-!!BB!!!'3!!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
-!!!!!!`!"K`!!!C%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!BJ
-!!!'5!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!'*!!!"N`)"!!!
-!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"LJ!!!C3#!3!!!!!!!3!"!3!
-!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!BX!!!'9!J%!!!!!!!%!!3%!!!!!!!!!!!!
-!!!!"!!!!!!!!!!!$!!'-!!!"PJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
-!!!!!!`!"M3!!!CF#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!Bi
-!!!'B!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!'2!!!"Q3)"!!!
-!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"N!!!!!'D!J%!!!!!!!%!!3%
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!'4!!!"Q`)"!!!!!!!"!!%"!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!`!"NJ!!!C`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!-!!C-!!!'G!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!'
-8!!!"RJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"P3!!!Cm#!3!
-!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!CB!!!'J!J%!!!!!!!%!!3%
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!'A!!!"S3)"!!!!!!!"!!%"!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!`!"Q!!!!D)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!-!!CN!!!'M!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!'
-D!!!"d`)"!!!!!!!"!!%$!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"Q`!!!G3#!3!
-!!!!!!3!"!`!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!C`!!!(9!J%!!!!!!!%!!3-
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!'G!!!"eJ)"!!!!!!!"!!%$!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!`!"RJ!!!D3#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!-!!Cm!!!(A!J%!!!!!!!%!!3-!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!'
-J!!!"f!)"!!!!!!!"!!%$!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"S3!!!GN#!3!
-!!!!!!3!"!`!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!D)!!!(D!J%!!!!!!!%!!3-
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!'M!!!"TJ)"!!!!!!!"!!%"!!!!!!!!!!!
-!!!!!!3!!!!!!!!!!!`!"T!!!!DF#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!-!!D8!!!'S!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!!)!!!!$!!!!"!!!!!8!!!!
-'!!!!"`!!!!J!!!!*!!!!#J!!!!X!!!!-!!!!$3!!!!i!!!!2!!!!%!!!!"%!!!!
-5!!!!%`!!!"3!!!!9!!!!&J!!!"F!!!!B!!!!'3!!!"S!!!!E!!!!(!!!!"d!!!!
-H!!!!(`!!!#!!!!!K!!!!)J!!!#-!!!!N!!!!*3!!!#B!!!!R!!!!+!!!!#N!!!!
-U!!!!+`!!!#`!!!!Y!!!!,J!!!#m!!!!`!!!!-3!!!$)!!!!c!!!!0!!!!$8!!!!
-f!!!!0`!!!$J!!!!j!!!!1J!!!$X!!!!m!!!!23!!!$i!!!!r!!!!3!!!!%%!!!"
-#!!!!3`!!!%3!!!"&!!!!4J!!!%F!!!")!!!!53!!!%S!!!",!!!!6!!!!%d!!!"
-1!!!!6`!!!&!!!!"4!!!!8J!!!&-!!!"8!!!!93!!!&B!!!"A!!!!@!!!!&N!!!"
-D!!!!@`!!!&`!!!"G!!!!AJ!!!&m!!!"J!!!!B3!!!')!!!"M!!!!C!!!!'8!!!"
-Q!!!!C`!!!'J!!!"T!!!!DJ!!!'X!!!"X!!!!E3!!!'i!!!"[!!!!F!!!!(%!!!"
-b!!!!F`!!!(3!!!"e!!!!GJ!!!(F!!!"i!!!!H3!!!(S!!!"l!!!!I!!!!(d!!!"
-q!!!!I`!!!)!!!!#"!!!!JJ!!!)-!!!#%!!!!K3!!!)B!!!#(!!!!L!!!!)N!!!#
-+!!!!L`!!!)`!!!#0!!!!MJ!!!)m!!!#3!!!!!*%!!!#5!!!!N`!!!*3!!!#9!!!
-!PJ!!!*F!!!#B!!!!Q3!!!*S!!!#E!!!!R!!!!*d!!!#H!!!!R`!!!+!!!!#K!!!
-!SJ!!!+-!!!#N!!!!T3!!!+B!!!#R!!!!U!!!!+N!!!#U!!!!U`!!!+`!!!#Y!!!
-!VJ!!!+m!!!#`!!!!X3!!!,)!!!#c!!!!Y!!!!,8!!!#f!!!!Y`!!!,J!!!#j!!!
-!ZJ!!!,X!!!#m!!!![3!!!,i!!!#r!!!!`!!!!-%!!!$#!!!!``!!!-3!!!$&!!!
-!aJ!!!-F!!!$)!!!!b3!!!-S!!!$,!!!!c!!!!-d!!!$1!!!!c`!!!0!!!!$4!!!
-!dJ!!!0-!!!$8!!!!e3!!!0B!!!$A!!!!f!!!!0N!!!$D!!!!f`!!!0`!!!$G!!!
-!hJ!!!0m!!!$J!!!!i3!!!1)!!!$M!!!!j!!!!18!!!$Q!!!!j`!!!1J!!!$T!!!
-!kJ!!!1X!!!$X!!!!l3!!!1i!!!$[!!!!m!!!!2%!!!$b!!!!m`!!!23!!!$e!!!
-!pJ!!!2F!!!$i!!!!q3!!!2S!!!$l!!!!r!!!!2d!!!$q!!!!r`!!!3!!!!%"!!!
-"!J!!!3-!!!%%!!!""3!!!3B!!!%(!!!"#!!!!3N!!!%+!!!"#`!!!3`!!!%0!!!
-"$J!!!3m!!!%3!!!"%3!!!4)!!!%6!!!"&!!!!48!!!%@!!!"&`!!!4J!!!%C!!!
-"'J!!!4X!!!%F!!!"(3!!!4i!!!%I!!!")!!!!5%!!!%L!!!")`!!!53!!!%P!!!
-"*J!!!5F!!!%S!!!"+3!!!5S!!!%V!!!",!!!!5d!!!%Z!!!",`!!!6!!!!%a!!!
-"-J!!!6-!!!%d!!!"03!!!6B!!!%h!!!"1!!!!6N!!!%k!!!"1`!!!6`!!!%p!!!
-"2J!!!6m!!!&!!!!"33!!!8)!!!&$!!!"4!!!!88!!!&'!!!"4`!!!8J!!!&*!!!
-"5J!!!8X!!!&-!!!"63!!!8i!!!&2!!!"8!!!!9%!!!&5!!!"8`!!!93!!!&9!!!
-"9J!!!9F!!!&B!!!"@3!!!9S!!!&E!!!"A!!!!9d!!!&H!!!"A`!!!@!!!!&K!!!
-"BJ!!!@-!!!&N!!!"C3!!!@B!!!&R!!!"D!!!!@N!!!&U!!!"D`!!!@`!!!&Y!!!
-"EJ!!!@m!!!&`!!!"F3!!!A)!!!&c!!!"G!!!!A8!!!&f!!!"G`!!!AJ!!!&j!!!
-"HJ!!!AX!!!&m!!!"I3!!!Ai!!!&r!!!"J!!!!B%!!!'#!!!"J`!!!B3!!!'&!!!
-"KJ!!!BF!!!')!!!"L3!!!BS!!!',!!!"M!!!!Bd!!!'1!!!"M`!!!C!!!!!"N3!
-!!C)!!!'6!!!"P!!!!C8!!!'@!!!"P`!!!CJ!!!'G!!!"SJ!!!D-!!!'N!!!"Q3!
-!!CS!!!'E!!!"R!!!!Ci!!!'I!!!"S!!!!D%!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'P!!!"`!-
-!!!!$!!'P!!!"f`!"!"`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$!!'B!`!"Q3-
-!!D8$!!'A!`!"PJ-!!!)$!!!$!`!!!3-!!!3$!!!&!`!!"J-!!!F$!!!)!`!!#3-
-!!!S$!!!,!`!!$!-!!!d$!!!1!`!!$`-!!"!$!!!4!`!!%J-!!"-$!!!8!`!!&3-
-!!"B$!!!A!`!!'!-!!"N$!!!D!`!!'`-!!"`$!!!G!`!!(J-!!"m$!!!J!`!!)3-
-!!#)$!!!M!`!!*!-!!#8$!!!Q!`!!*`-!!#J$!!!T!`!!+J-!!#X$!!!X!`!!,3-
-!!#i$!!![!`!!-!-!!$%$!!!b!`!!-`-!!$3$!!!e!`!!0J-!!$F$!!!i!`!!13-
-!!$S$!!!l!`!!2!-!!$d$!!!q!`!!2`-!!%!$!!""!`!!3J-!!%-$!!"%!`!!43-
-!!%B$!!"(!`!!5!-!!%N$!!"+!`!!5`-!!%`$!!"0!`!!6J-!!%m$!!"3!`!!83-
-!!&)$!!"6!`!!9!-!!&8$!!"@!`!!9`-!!&J$!!"C!`!!@J-!!&X$!!"F!`!!A3-
-!!&i$!!"I!`!!B!-!!'%$!!"L!`!!B`-!!'3$!!"P!`!!CJ-!!'F$!!"S!`!!D3-
-!!'S$!!"V!`!!E!-!!'d$!!"Z!`!!E`-!!(!$!!"a!`!!FJ-!!(-$!!"d!`!!G3-
-!!(B$!!"h!`!!H!-!!(N$!!"k!`!!H`-!!(`$!!"p!`!!IJ-!!(m$!!#!!`!!J3-
-!!))$!!#$!`!!K!-!!)8$!!'M!`!!KJ-!!)F$!!#)!`!!L3-!!)S$!!#,!`!!M!-
-!!)d$!!#1!`!!M`-!!*!!!`!!N3-!!*)$!!#6!`!!P!-!!*8$!!#@!`!!P`-!!*J
-$!!#C!`!!QJ-!!*X$!!#F!`!!R3-!!*i$!!#I!`!!S!-!!+%$!!#L!`!!S`-!!+3
-$!!#P!`!!TJ-!!+F$!!#S!`!!U3-!!+S$!!#V!`!!V!-!!+d$!!#Z!`!!V`-!!,!
-$!!#a!`!!XJ-!!,-$!!#d!`!!Y3-!!,B$!!#h!`!!Z!-!!,N$!!#k!`!!Z`-!!,`
-$!!#p!`!![J-!!,m$!!$!!`!!`3-!!-)$!!$$!`!!a!-!!-8$!!$'!`!!a`-!!-J
-$!!$*!`!!bJ-!!-X$!!$-!`!!c3-!!-i$!!$2!`!!d!-!!0%$!!$5!`!!d`-!!03
-$!!$9!`!!eJ-!!0F$!!$B!`!!f3-!!0S$!!$E!`!!h!-!!0d$!!$H!`!!h`-!!1!
-$!!$K!`!!iJ-!!1-$!!$N!`!!j3-!!1B$!!$R!`!!k!-!!1N$!!$U!`!!k`-!!1`
-$!!$Y!`!!lJ-!!1m$!!$`!`!!m3-!!2)$!!$c!`!!p!-!!28$!!$f!`!!p`-!!2J
-$!!$j!`!!qJ-!!2X$!!$m!`!!r3-!!2i$!!$r!`!"!!-!!3%$!!%#!`!"!`-!!33
-$!!%&!`!""J-!!3F$!!%)!`!"#3-!!3S$!!%,!`!"$!-!!3d$!!%1!`!"$`-!!4!
-$!!%4!`!"%J-!!4-$!!%8!`!"&3-!!4B$!!%A!`!"'!-!!4N$!!%D!`!"'`-!!4`
-$!!%G!`!"(J-!!4m$!!%J!`!")3-!!5)$!!%M!`!"*!-!!58$!!%Q!`!"*`-!!5J
-$!!%T!`!"+J-!!5X$!!%X!`!",3-!!D3$!!%Z!`!",`-!!6!$!!%a!`!"-J-!!6-
-$!!%d!`!"03-!!6B$!!%h!`!"1!-!!6N$!!%k!`!"1`-!!6`$!!%p!`!"2J-!!6m
-$!!&!!`!"33-!!8)$!!&$!`!"4!-!!88$!!&'!`!"4`-!!8J$!!&*!`!"5J-!!8X
-$!!&-!`!"63-!!8i$!!&2!`!"8!-!!9%$!!&5!`!"8`-!!93$!!&9!`!"9J-!!9F
-$!!&B!`!"@3-!!9S$!!&E!`!"A!-!!9d$!!&H!`!"A`-!!@!$!!&K!`!"BJ-!!@-
-$!!&N!`!"C3-!!@B$!!&R!`!"D!-!!@N$!!&U!`!"D`-!!@`$!!&Y!`!"EJ-!!@m
-$!!&`!`!"F3-!!A)$!!&c!`!"G!-!!A8$!!&f!`!"G`-!!AJ$!!&j!`!"HJ-!!AX
-$!!&m!`!"I3-!!Ai$!!&r!`!"J!-!!B%$!!'#!`!"J`-!!B3$!!'&!`!"KJ-!!BF
-$!!')!`!"L3-!!BS$!!',!`!"M!-!!Bd$!!'1!`!"M`-!!C!!!`!"N3-!!C)$!!'
-6!`!"P!-!!C8$!!'H!`!"S!-!!D%$!!'E!`!"SJ-!!CS$!!'F!`!"R3-!!Cm!!J!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!,#2Z!!!!!!!!!"!!,#4r!!!J!
-!!!!!!!!!!!!#`MD!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!J!
-!!3!!!!!&!!"rr`!!!!"rr`!!!!"rr`!!!!"rr`!!!!`!!3!#!!B!!!!&3!!!#!!
-"!!%k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!2r
-rrrm!!!!$!!%!!6Sk!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!"!!!!rrrrr`!!!!3!!3!"1MTTEQ0XG@4P1J!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!$rrrrr3!!!!J!"!!%k!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!2rrrrp!!!!$!!%!!6Sk1NG98dNkD@jME(9
-NC6S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!rrrrrd!!!!3!!3!"1MSk4e9
-656TXD@)k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$rrrrr3!!!"3!
-#!!%k6@&M6e-J8h9`F'pbG$S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!2r
-rrrp!!!!'!!)!!6T08d`k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!"!!!!rrrrrd!!!!F!#J!!6@&M6e-J0MK,)%aTEQYPFJ!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!6'PL8e0-)$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!%k!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!!&0B@028b!f1%X
-J6'PZDf9b!!!!!!!!!!!!!!!!!!!!!!!J39"36!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!
-!3A"`E!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!68e-3J!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!6'PL)%PYF'pbG#!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!69"-4J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!6'PL)%PYF'pbG#!
-f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69G$4!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!
-!6d*+)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69"A)%PYF'pbG#!
-f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8%a[BJ!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!
-!8P053`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!9%9B9#jLD!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!3Q&XE'p[EL")C@a`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!9%9B9#jM!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ0MK
-,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jM+bX!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!9%9B9#jMB`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ0MK
-,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jMF!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!9%9B9#jMF(!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ0MK
-,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jPH(!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!9%9B9#jRB`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!4f&YC80[C'8J3fp
-ZGQ9bG'9b!!!!!!!!!!!!!!!!!!"!!!!!9%9B9#jS!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!
-!9%9B9#jX!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!4QaPH#"3FQ9`FQp
-MCA0cEh)!!!!!!!!!!!!!!!!!!!#!!!!!9%9B9#j`!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!69FJ8'&cBf&X)$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!9%9B9#j`BA-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ8'&cBf&X)$B
-i5`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#j`BfJ!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!!!!!!!!!!!!!!!!!!!!!!!!#!!!!
-!9%9B9#j`BfJV+`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ0MK
-,!!!!!!!!!!!!!!!!!!!!!!!!!!#!!!!!9%9B9#j`F(8!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!69FJ8'&cBf&X)$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!#!!!!
-!9%9B9#jb!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8Q9k!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jcC@F!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!9%9B9#jj!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3QPcEfiJ8(*PF(*
-[Bf9cFfpb!!!!!!!!!!!!!!!!!!#!!!!!C'pMG3!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!
-!FR0bB`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!FfKXBJ!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!8%9')%PYF'pbG#!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!Fh4eBJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8%9')%PYF'pbG#!
-f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#jNEf-!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"3!!!
-!!!!!!#jbFh*M!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!!!8"!3!"!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!"J!!!!!"!!!!!!8!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!"!3!!E@&TEJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!3%"!!!!!3%"!!!"!3%
-!!!!!!!%"!!!"!3!"!!!""!!!!!!!!!!!!!!)!3!"!3!"!3!!!!%!!!N!!aK-D@*
-68d`Z0MK,)%CK+$4TAcKN+5j-D@)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!r2cmr2cmr2`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$mr2cm
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!0!!%!!!!!!"9I69G&8NY6AdG98dPIF(*PCQPi,QJ!!!!
-!!!!!!!!!!!!"!!!!!!!!!!!"!!!!!!!!!!!!!!8"!3%!!!%"!!%!!!!!"!!!!!!
-!!!!!!!!!!!!!!!!"!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
-IAh0dBA*d!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!3!!#8ePFQGP)%p
-eG!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!$mr2cp"8&"-!!%"!!!%)#!J)!1ARe!$GYpi!`@Z%!!&!J%!!3%!!3%
-"!!!"!!!!!!!!!!%"!3%!!3%!!3!""!!!!!!!!!!!!!!(!3%!!3!!!3!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!"IAh0dBA*d!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8!!!K(CA4)9&438`!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!2cmr2d&38%`!!!3!!!!%!!!!!%!!!&M!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%
-r2cmr!!!!!!!!!!)!!!!#!!)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!#!&!!!3!"!!%!!3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8*d024%8R)#G%394
-"*b!R8%P$9#F!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!"!!!!3!!!!S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!3!!!)
-!!!!,!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!%!!!$!!!!$!)"!!!
-!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"!!!"!!!!!d#!3!!!!!!!3!"!3!
-!!!!!!!!!!!!!!!%!!!!!!!!!!!3!!!8!!!!1!J%!!!!!!!%!!3%!!!!!!!!!!!!
-!!!!"!!!!!!!!!!!%!!!'!!!!$`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
-!!!!!"!!!"`!!!"!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!3!!!J
-!!!!4!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!%!!!*!!!!%J)"!!!
-!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"!!!#J!!!"-#!3!!!!!!!3!"!3!
-!!!!!!!!!!!!!!!%!!!!!!!!!!!3!!!X!!!!8!J%!!!!!!!%!!3%!!!!!!!!!!!!
-!!!!"!!!!!!!!!!!%!!!-!!!!&3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
-!!!!!"!!!$3!!!"B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!3!!!i
-!!!!A!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!%!!!2!!!!'!)"!!!
-!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"!!!%!!!!"N#!3!!!!!!!3!"!3!
-!!!!!!!!!!!!!!!%!!!!!!!!!!!3!!"%!!!!D!J%!!!!!!!%!!3%!!!!!!!!!!!!
-!!!!"!!!!!!!!!!!%!!!5!!!!'`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
-!!!!!"!!!%`!!!"`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!3!!"3
-!!!!G!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!%!!!9!!!!(J)"!!!
-!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"!!!&J!!!"m#!3!!!!!!!3!"!3!
-!!!!!!!!!!!!!!!%!!!!!!!!!!!3!!"F!!!!J!J%!!!!!!!%!!3%!!!!!!!!!!!!
-!!!!"!!!!!!!!!!!%!!!B!!!!)3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
-!!!!!"!!!'3!!!#)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!3!!"S
-!!!!M!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!%!!!E!!!!*!)"!!!
-!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"!!!(!!!!#8#!3!!!!!!!3!"!3!
-!!!!!!!!!!!!!!!%!!!!!!!!!!!3!!"d!!!!Q!J%!!!!!!!%!!3%!!!!!!!!!!!!
-!!!!"!!!!!!!!!!!%!!!H!!!!*`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
-!!!!!"!!!(`!!!#J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!3!!#!
-!!!!T!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!%!!!K!!!!+J)"!!!
-!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"!!!)J!!!#X#!3!!!!!!!3!"!3!
-!!!!!!!!!!!!!!!%!!!!!!!!!!!3!!#-!!!!X!J%!!!!!!!%!!3%!!!!!!!!!!!!
-!!!!"!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!!!J!!!!-!!!!%!!!!"3!!!!B
-!!!!(!!!!#!!!!!N!!!!+!!!!#`!!!!`!!!!0!!!!$J!!!!m!!!!3!!!!%3!!!")
-!!!!6!!!!&!!!!"8!!!!@!!!!&`!!!"J!!!!C!!!!'J!!!"X!!!!F!!!!(3!!!"i
-!!!!I!!!!)!!!!#%!!!!L!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!M!!!!3!3!!!!
-%!!!M!!!"f`!"!"`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!!&"!!!"!3!!!-
-%!!!#"!!!"J3!!!X%!!!+"!!!#33!!!J%!!!("!!!$!3!!")%!!!4"!!!%!3!!!m
-%!!!0"!!!$J3!!"-%!!!L"!!!)33!!#!%!!!I"!!!)`3!!!%%!!!8"!!!&33!!"B
-%!!!A"!!!'!3!!"N%!!!D"!!!'`3!!"`%!!!G"!!!(J!#!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!X)qi!!!!!!!!!%!!X*(m!!#!!!!!!!!!!!!!!,#0S!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!!!"!!!!!!8!!(rr!!!
-!!(rr!!!!!(rr!!!!!(rr!!!!$!!"!!)!"J!!!!9!!!!)!!%!!6S!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!!rrrrr`!!!!-!!3!"1MS
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!!$rrrrr!!!
-!"!!"!!%k1QPZBfaeC'8k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!2rrrrp!!!!#!!%!!6S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!rrrrrd!!!!-!!3!"1MSk4e9656TTEQ0XG@4P1J!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!$rrrrr3!!!"!!"!!%k1MT(990*1QaTBMS!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!2rrrrp!!!!&!!)!!6T0B@028b"6GA"
-`Eh*d1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!!rrrrrd!!!!B!!J!"1Ne
-66$S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!!$rrrrr3!!
-!"`!+!!"0B@028b!f1%XJ6'PZDf9b!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!"2F'9Z8e0-)$BiD`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!6S!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!!8eKBdp6)$Bi5b"-D@jVCA)!!!!!!!!
-!!!!!!!!!!!!!!#""8&"-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!""F("X!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!'!!!!"068a#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
--D@)J5@e`Eh*d)$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!!!!!"08%a'!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"-D@)J5@e`Eh*d)$Bi5`!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!"09d0%!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!"23NSJ!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"08&FJ5@e`Eh*d)$Bi5`!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!"36'pL!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!"58e*$!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!'!!!!"849K8,Q*S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
-#B@aXEfpZ)%KPE(!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,Q-!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-V+b!f1%X!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!"849K8,Q-V+`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
-09b"$,d-V+b!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,Q0M!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-V+b!f1%X!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!"849K8,Q0`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
-09b"$,d-V+b!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,Q0`F!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-V+b!f1%X!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!"849K8,Q9iF!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,QGM!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"(B@eP3fpNC5"$EfjfCA*dCA)!!!!!!!!
-!!!!!!!!!!%!!!!"849K8,QJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
-09b"$,d-V+b!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!!"849K8,Q`!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"'E'9i)&"bCA"bEf0PFh0[FJ!!!!!!!!!
-!!!!!!!!!!)!!!!"849K8,R!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
-09b"3BA0MB@`J0MK,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,R"KF`!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"3BA0MB@`J0MK,!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!"849K8,R"MD!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
-09b"$,d-V+b!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!)!!!!"849K8,R"MD#XV!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-V+b!f1%X!!!!!!!!!!!!!!!!
-!!!!!!!!!!)!!!!"849K8,R"`G3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
-09b"3BA0MB@`J0MK,!!!!!!!!!!!!!!!!!!!!!!!!!)!!!!"849K8,R)!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"5CAS!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!"849K8,R0PC`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,RN!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"#DA0[EL"3FQ9`FQpMCA0cEh)!!!!!!!!
-!!!!!!!!!!)!!!!"NEf0e!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!"bFh*M!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!'!!!!"cD'aL!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
-348BJ5@e`Eh*d)$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!!!!!"cG(9L!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"348BJ5@e`Eh*d)$Bi5`!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!,Q4[B`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&!!!!!!!!!!,R*cFQ-!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!'!!!!!!"3%"!!%!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!!!%!!!!!"3!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%
-"!!"YB@PZ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!J"!!%!!!!"!3%!!!%"!3!!!!!!!3%!!!%"!!%
-!!!%%!!!!!!!!!!!!!!J"!!%"!!%"!!!!!3!!#3!!$%p`C@j68d`S0MKV+3!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$m
-r2cp"8&"-!!!#!&M!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!2cmr2`!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!d!!3!!!!!!&9p09d955e0I4e9659p`FQ9QDAJZD!!!!!!!!!!!!!!!!!%!!!!
-!!!!!!!%!!!!!!!!!!!!!"3%"!3!!!3%!!3!!!!!%!!!!!!!!!!!!!!!!!!!!!!%
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&pIFh4KFR3!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!"!!!*6@9bCf8J6h9d!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!2cmr2d&
-38%`!!3%!!!3J)#!J!jHI8!0fhhJ$"Di3!!8#!3!"!3!"!3%!!!%!!!!!!!!!!3%
-"!3!"!3!"!!%%!!!!!!!!!!!!!!F"!3!"!!!"!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&pIFh4
-KFR3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"3!!"dp`C@j68d`!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!r2cmr39"36!!!"!!!!!3!!!!!3!!!@-!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!6mr2cm!!!!!!!!!!J!
-!!!)!!J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!8!!
-"!!%!!3!"!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"3R3dp%45FJ*d4"9%%R)#G35808*`!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&!!!"!!!"Z`)
-"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"3!!!J!!!E`#!3!!!!!!!3!
-"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!8!!!-!!!'p!J%!!!!!!!%!!3%!!!!!!!!
-!!!!!!!!"!!!!!!!!!!!&!!!%!!!"[J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!
-!!!!!!!!!"3!!"3!!!Em#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!8
-!!!B!!!(!!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!&!!!(!!!"`3)
-"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"3!!#!!!!F)#!3!!!!!!!3!
-"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!8!!!N!!!($!J%!!!!!!!%!!3%!!!!!!!!
-!!!!!!!!"!!!!!!!!!!!&!!!+!!!"a!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!
-!!!!!!!!!"3!!#`!!!F8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!8
-!!!`!!!('!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!&!!!0!!!"a`)
-"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"3!!$J!!!FJ#!3!!!!!!!3!
-"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!8!!!m!!!(*!J%!!!!!!!%!!3%!!!!!!!!
-!!!!!!!!"!!!!!!!!!!!&!!!3!!!"bJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!
-!!!!!!!!!"3!!%3!!!FX#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!8
-!!")!!!(-!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!&!!!6!!!"c3)
-"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"3!!&!!!!G`#!3!!!!!!!3!
-"!`!!!!!!!!!!!!!!!!%!!!!!!!!!!!8!!"8!!!(G!J%!!!!!!!%!!3-!!!!!!!!
-!!!!!!!!"!!!!!!!!!!!&!!!@!!!"hJ)"!!!!!!!"!!%$!!!!!!!!!!!!!!!!!3!
-!!!!!!!!!"3!!&`!!!G-#!3!!!!!!!3!"!`!!!!!!!!!!!!!!!!%!!!!!!!!!!!8
-!!"J!!!(D!J%!!!!!!!%!!3-!!!!!!!!!!!!!!!!"!!!!!!!!!!!&!!!C!!!"e3)
-"!!!!!!!"!!%$!!!!!!!!!!!!!!!!!3!!!!!!!!!!"3!!'J!!!GB#!3!!!!!!!3!
-"!`!!!!!!!!!!!!!!!!%!!!!!!!!!!!8!!"X!!!(A!J%!!!!!!!%!!3-!!!!!!!!
-!!!!!!!!"!!!!!!!!!!!&!!!F!!!"e!)"!!!!!!!"!!%$!!!!!!!!!!!!!!!!!3!
-!!!!!!!!!"3!!(3!!!GJ#!3!!!!!!!3!"!`!!!!!!!!!!!!!!!!%!!!!!!!!!!!8
-!!"i!!!(C!J%!!!!!!!%!!3-!!!!!!!!!!!!!!!!"!!!!!!!!!!!&!!!I!!!"h`3
-"!!!!!!!!!!%$!!!!!!!!!!!!!!!!J3!!!!!!!!!!"3!!)!!!!H!#!3!!!!!!!3!
-"!`!!!!!!!!!!!!!!!)%!!!!!!!!!!!!!!!!!!!!"!!!!!J!!!!-!!!!%!!!!"3!
-!!!B!!!!(!!!!#!!!!!N!!!!+!!!!#`!!!!`!!!!0!!!!$J!!!!m!!!!3!!!!%3!
-!!")!!!!@!!!!'`!!!"J!!!!C!!!!'J!!!"`!!!!G!!!!&`!!!"-!!!!8!!!!&3!
-!!"i!!!!I!!!!)!!!!#!&!!!!"3!!)!!!!GX!!3!F!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!"3!!!38!!!)&!!!$"3!!"!8!!!8&!!!'"3!!"`8!!!J&!!!*"3!!#J8
-!!!X&!!!-"3!!$38!!!i&!!!2"3!!%!8!!"%&!!!5"3!!)!8!!"m&!!!6"3!!&!8
-!!"8&!!!@"3!!(38!!"i&!!!F"3!!'!8!!"F&!!!C"3!!'J8!!"X!!J!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!,#2Z!!!!!!!!!"!!,#4r!!!J!!!!!!!!!
-!!!!#`MD!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!J!!!3!!!!!
-&!!"rr`!!!!"rr`!!!!"rr`!!!!"rr`!!!!`!!3!#!!B!!!!&3!!!#!!"!!%k!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!2rrrrm!!!!
-$!!%!!6Sk!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!
-!rrrrr`!!!!3!!3!"1MTTEQ0XG@4P1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!$rrrrr3!!!!J!"!!%k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!2rrrrp!!!!$!!%!!6Sk1NG98dNkD@jME(9NC6S!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!rrrrrd!!!!3!!3!"1MSk4e9656TXD@)
-k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$rrrrr3!!!"3!#!!%k6@&
-M6e-J8h9`F'pbG$S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!2rrrrp!!!!
-'!!)!!6T08d`k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!
-!rrrrrd!!!!F!#J!!6@&M6e-J8&"$)%aTEQYPFJ!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!6'PL8e0-)&"33`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!%k!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!!&0B@028b"38%-J6'PZDf9
-b!!!!!!!!!!!!!!!!!!!!!!!H39"36!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!3A"`E!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!"J!!!!68e-3J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!6'PL)%PYF'pbG#"38%-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69"-4J!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!6'PL)%PYF'pbG#"38%-!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!69G$4!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!8P053`!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!"J!!!!9%9B9#jLD!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!3Q&XE'p[EL")C@a`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#j
-M!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ8&"$!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jM+bX!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#j
-MB`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ8&"$!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jMF!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#j
-MF(!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ8&"$!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jPH(!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#j
-RB`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!4f&YC80[C'8J3fpZGQ9bG'9
-b!!!!!!!!!!!!!!!!!!"!!!!!9%9B9#jS!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!!9%9B9#j
-X!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!4QaPH#"3FQ9`FQpMCA0cEh)
-!!!!!!!!!!!!!!!!!!!#!!!!!9%9B9#j`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!69FJ8'&cBf&X)&"33`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#j
-`BA-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ8'&cBf&X)&"33`!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#j`BfJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!#!!!!!9%9B9#j
-`BfJV+`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ8&"$!!!!!!!
-!!!!!!!!!!!!!!!!!!!#!!!!!9%9B9#j`F(8!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!69FJ8'&cBf&X)&"33`!!!!!!!!!!!!!!!!!!!!!!!!#!!!!!9%9B9#j
-b!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8Q9k!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jc!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!8&"$3A0Y!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#j
-j!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3QPcEfiJ8(*PF(*[Bf9cFfp
-b!!!!!!!!!!!!!!!!!!#!!!!!@%024J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!@%024NBJ5@e`Eh*d)&"33`!!!!!!!!!!!!!!!!!!!!!!!!!!C'pMG3!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!"J!!!!FR0bB`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!FfKXBJ!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8%9')%PYF'pbG#"38%-!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!Fh4eBJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!8%9')%PYF'pbG#"38%-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#j
-NEf-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!"3!!!!!!8"!3!"!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!!
-"!!!!!!8!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!"!3!!E@&TEJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!3%"!!!!!3%"!!!"!3%!!!!!!!%
-"!!!"!3!"!!!""!!!!!!!!!!!!!!)!3!"!3!"!3!!!!%!!!N!!aK-D@*68d`Z0MK
-,)%CK+$KTAc4N+5j-D@)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!r2cmr2cmr2`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$mr2cm!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!0!!%!!!!!!"9I69G&8NY6AdG98dPIF(*PCQPi,QJ!!!!!!!!!!!!
-!!!!"!!!"!!!!!!!"!!!!!!!!!!!!!!8"!3%!!!%"!!%!!!!!"!!!!!!!!!!!!!!
-!!!!!!!!"!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"IAh0dBA*
-d!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!3!!#8ePFQGP)%peG!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!$mr2cp"8&"-!!%"!!!%)#!J)!1ARe!$GYpi!`@Z%!!&!J%!!3%!!3%"!!!"!!!
-!!!!!!!%"!3%!!3%!!3!""!!!!!!!!!!!!!!(!3%!!3!!!3!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!"IAh0dBA*d!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8!!`j-D@*68d`Z8&"$,NaTBJ!
-!!!!!!!!!!!!!!!!!!!!!2cmr2cmr2cm!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%r2cmr!!!
-!!!!!!!)!!!!#!!)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!#!&!!!3!"!!%!!3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8*d024%8R)#G%394"*b!R8%P
-$9#F!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!
-!!3!!!!S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!B!!!)!!!!,!J%
-!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!'!!!$!!!!$!)"!!!!!!!"!!%
-"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"J!!"!!!!!d#!3!!!!!!!3!"!3!!!!!!!!!
-!!!!!!!%!!!!!!!!!!!B!!!8!!!!1!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!
-!!!!!!!!'!!!'!!!!$`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"J!
-!"`!!!"!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!B!!!J!!!!4!J%
-!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!'!!!*!!!!%J)"!!!!!!!"!!%
-"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"J!!#J!!!"-#!3!!!!!!!3!"!3!!!!!!!!!
-!!!!!!!%!!!!!!!!!!!B!!!X!!!!8!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!
-!!!!!!!!'!!!-!!!!&3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"J!
-!$3!!!"B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!B!!!i!!!!A!J%
-!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!'!!!2!!!!'!)"!!!!!!!"!!%
-"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"J!!%!!!!"N#!3!!!!!!!3!"!3!!!!!!!!!
-!!!!!!!%!!!!!!!!!!!B!!"%!!!!D!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!
-!!!!!!!!'!!!5!!!!'`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"J!
-!%`!!!"`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!B!!"3!!!!G!J%
-!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!'!!!9!!!!(J)"!!!!!!!"!!%
-"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"J!!&J!!!"m#!3!!!!!!!3!"!3!!!!!!!!!
-!!!!!!!%!!!!!!!!!!!B!!"F!!!!J!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!
-!!!!!!!!'!!!B!!!!)3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"J!
-!'3!!!#)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!B!!"S!!!!M!J%
-!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!'!!!E!!!!*!)"!!!!!!!"!!%
-"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"J!!(!!!!#8#!3!!!!!!!3!"!3!!!!!!!!!
-!!!!!!!%!!!!!!!!!!!B!!"d!!!!Q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!
-!!!!!!!!'!!!H!!!!*`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"J!
-!(`!!!#J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!B!!#!!!!!T!J%
-!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!'!!!K!!!!+J)"!!!!!!!"!!%
-"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"J!!)J!!!#X#!3!!!!!!!3!"!3!!!!!!!!!
-!!!!!!!%!!!!!!!!!!!B!!#-!!!!X!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!!!J!!!!-!!!!%!!!!"3!!!!B!!!!(!!!
-!#!!!!!N!!!!+!!!!#`!!!!`!!!!0!!!!$J!!!!m!!!!3!!!!%3!!!")!!!!6!!!
-!&!!!!"8!!!!@!!!!&`!!!"J!!!!C!!!!'J!!!"X!!!!F!!!!(3!!!"i!!!!I!!!
-!)!!!!#%!!!!L!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!M!!!!3!B!!!!'!!!M"J!
-!"3B!!!3'!!!$"J!!!JB!!!B'!!!,"J!!#JB!!!N'!!!)"J!!"`B!!!`'!!!5"J!
-!%3B!!"!'!!!2"J!!$3B!!!i'!!!6"J!!)JB!!#%'!!!J"J!!(`B!!#-'!!!""J!
-!&!B!!"8'!!!@"J!!&`B!!"J'!!!C"J!!'JB!!"X'!!!F"J!!(3B!!"i!!!'T!!%
-!+!!!!!!$Pj@!!!!!!!!!Irm!!!%!!!"j`!!#!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!X)qi!!!!!!!!!%!!X*(m!!#!!!!!!!!!!!!!!,#0S!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!!!"!!!!!!8!!(rr!!!!!(rr!!!
-!!(rr!!!!!(rr!!!!$!!"!!)!"J!!!!9!!!!)!!%!!6S!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!!rrrrr`!!!!-!!3!"1MS!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!!$rrrrr!!!!"!!"!!%
-k1QPZBfaeC'8k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!2rrrrp
-!!!!#!!%!!6S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!rrrrrd!!!!-!!3!"1MSk4e9656TTEQ0XG@4P1J!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!$rrrrr3!!!"!!"!!%k1MT(990*1QaTBMS!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!2rrrrp!!!!&!!)!!6T0B@028b"6GA"`Eh*d1J!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!!rrrrrd!!!!B!!J!"1Ne66$S!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!!$rrrrr3!!!"`!+!!"
-0B@028b"38%-J6'PZDf9b!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
--D@*$FRP`G'mJ8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!%!!6S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!)!!8eKBdp6)&"33b"-D@jVCA)!!!!!!!!!!!!!!!!
-!!!!!!"j"8&"-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!""F("X!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!'!!!!"068a#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"-D@)J5@e
-`Eh*d)&"33`!!!!!!!!!!!!!!!!!!!!!!!!!!!!"08%a'!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!"-D@)J5@e`Eh*d)&"33`!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!"09d0%!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!"58e*$!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!'!!!!"849K8,Q*S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"#B@aXEfp
-Z)%KPE(!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,Q-!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-V+b"38%-!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!"849K8,Q-V+`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-
-V+b"38%-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,Q0M!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-V+b"38%-!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!"849K8,Q0`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-
-V+b"38%-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,Q0`F!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-V+b"38%-!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!"849K8,Q9iF!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,QGM!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!"(B@eP3fpNC5"$EfjfCA*dCA)!!!!!!!!!!!!!!!!
-!!%!!!!"849K8,QJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-
-V+b"38%-!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!!"849K8,Q`!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!"'E'9i)&"bCA"bEf0PFh0[FJ!!!!!!!!!!!!!!!!!
-!!)!!!!"849K8,R!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"3BA0
-MB@`J8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,R"KF`!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!"09b"3BA0MB@`J8&"$!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!"849K8,R"MD!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-
-V+b"38%-!!!!!!!!!!!!!!!!!!!!!!!!!!)!!!!"849K8,R"MD#XV!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-V+b"38%-!!!!!!!!!!!!!!!!!!!!!!!!
-!!)!!!!"849K8,R"`G3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"3BA0
-MB@`J8&"$!!!!!!!!!!!!!!!!!!!!!!!!!)!!!!"849K8,R)!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!"5CAS!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!"849K8,R-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"38%0"Ffd
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,RN!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!"#DA0[EL"3FQ9`FQpMCA0cEh)!!!!!!!!!!!!!!!!
-!!)!!!!"B3dp'!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"B3dp'4L"
-*EA"[FR3J8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!"NEf0e!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!'!!!!"bFh*M!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!"cD'aL!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!"348BJ5@e`Eh*d)&"33`!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!"cG(9L!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"348BJ5@e
-`Eh*d)&"33`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!,Q4[B`!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!&!!!!!!"3%"!!%!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!!!%!!!!!"3!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%"!!"YB@P
-Z!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!J"!!%!!!!"!3%"!3!"!3!!!!!!!3%!!!%"!!%!!!%!!3!
-!!!!!!!!!!!J"!!%"!!%"!!!!!3!!#3!!&deKBdp6)&4[EfaLEhJJ4%9#98FJ0MK
-,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$mr2cp"8&"
--!!!"J&M!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!2cmr2`!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!'!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!d!!3!
-!!!!!&9p09d955e0I4e9659p`FQ9QDAJZD!!!!!!!!!!!!!!!!!%!!!%!!!!!!!%
-!!!!!!!!!!!!!"3%"!3!!!3%!!3!!!!!%!!!!!!!!!!!!!!!!!!!!!!%!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&pIFh4KFR3!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!3!"!!!*6@9bCf8J6h9d!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!2cmr2d&38%`!!3%
-!!!3J)#!J!jHI8!0fhhJ$"Di3!!8#!3!"!3!"!3%!!!%!!!!!!!!!!3%"!3!"!3!
-"!!%%!!!!!!!!!!!!!!F"!3!"!!!"!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&pIFh4KFR3!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!"3!$%8aTBN0bHA"dEbj38%-Z6'PL!!!!!!!!!!!!!!!
-!!!!r2cmr2cmr2`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!6mr2cm!!!!!!!!!!J!!!!)!!J!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!8!!"!!%!!3!
-"!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!"3R3dp%45FJ*d4"9%%R)#G35808*`!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!(!!!"!!!!,3)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!!J!!!#i#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!F!!!-!!!![!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!(!!!%!!!!-!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!"`!!"3!!!$%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!!B!!!!
-b!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!!(!!!!-`)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!#!!!!$3#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!F!!!N!!!!e!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!(!!!+!!!!0J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!"`!!#`!!!$F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!!`!!!!
-i!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!!0!!!!13)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!$J!!!$S#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!F!!!m!!!!l!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!(!!!3!!!!2!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!"`!!%3!!!$d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!")!!!!
-q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!!6!!!!2`)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!&!!!!%!#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!F!!"8!!!""!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!(!!!@!!!!3J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!"`!!&`!!!%-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!"J!!!"
-%!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!!C!!!!43)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!'J!!!%B#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!F!!"X!!!"(!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!(!!!F!!!!5!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!"`!!(3!!!%N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!"i!!!"
-+!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!!I!!!!5`)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!)!!!!%`#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!F!!#%!!!"0!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!(!!!L!!!!6J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!"`!!)`!!!%m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!#3!!!"
-3!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!!P!!!!83)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!*J!!!&)#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!F!!#F!!!"6!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!(!!!S!!!!9!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!"`!!+3!!!&8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!#S!!!"
-@!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!!V!!!!9`)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!,!!!!&J#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!F!!#d!!!"C!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!(!!!Z!!!!@J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!"`!!,`!!!&X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!$!!!!"
-F!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!!a!!!!A3)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!-J!!!&i#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!F!!$-!!!"I!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!(!!!d!!!!B!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!"`!!03!!!'%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!$B!!!"
-L!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!!h!!!!B`)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!1!!!!'3#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!F!!$N!!!"P!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!(!!!k!!!!CJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!"`!!1`!!!'F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!$`!!!"
-S!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!!p!!!!D3)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!2J!!!'S#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!F!!$m!!!"V!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!(!!"!!!!!E!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!"`!!33!!!'d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!%)!!!"
-Z!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!"$!!!!E`)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!4!!!!(!#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!F!!%8!!!"a!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!(!!"'!!!!FJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!"`!!4`!!!(-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!%J!!!"
-d!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!"*!!!!G3)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!5J!!!(B#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!F!!%X!!!"h!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!(!!"-!!!!H!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!"`!!63!!!(N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!%i!!!"
-k!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!"2!!!!H`)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!8!!!!(`#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!F!!&%!!!"p!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!(!!"5!!!!IJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!"`!!8`!!!(m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!&3!!!#
-!!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!"9!!!!J3)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!9J!!!))#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!F!!&F!!!#$!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!(!!"B!!!!K!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!"`!!@3!!!)8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!&S!!!#
-'!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!"E!!!!K`)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!A!!!!)J#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!F!!&d!!!#*!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!(!!"H!!!!LJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!"`!!A`!!!)X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!'!!!!#
--!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!"K!!!!M3)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!BJ!!!)i#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!F!!'-!!!#2!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!(!!"N!!!!N!!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
-!!!F!!'8!!!#4!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!"Q!!!
-!NJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!C`!!!*-#!3!!!!!
-!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!'J!!!#8!J%!!!!!!!%!!3%!!!!
-!!!!!!!!!!!!"!!!!!!!!!!!(!!"T!!!!P3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
-!!3!!!!!!!!!!"`!!DJ!!!*B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
-!!!F!!'X!!!#A!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!"X!!!
-!Q!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!E3!!!*N#!3!!!!!
-!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!'i!!!#D!J%!!!!!!!%!!3%!!!!
-!!!!!!!!!!!!"!!!!!!!!!!!(!!"[!!!!Q`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
-!!3!!!!!!!!!!"`!!F!!!!*`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
-!!!F!!(%!!!#G!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!"b!!!
-!RJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!F`!!!*m#!3!!!!!
-!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!(3!!!#J!J%!!!!!!!%!!3%!!!!
-!!!!!!!!!!!!"!!!!!!!!!!!(!!"e!!!!S3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
-!!3!!!!!!!!!!"`!!GJ!!!+)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
-!!!F!!(F!!!#M!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!"i!!!
-!T!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!H3!!!+8#!3!!!!!
-!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!(S!!!#Q!J%!!!!!!!%!!3%!!!!
-!!!!!!!!!!!!"!!!!!!!!!!!(!!"l!!!!T`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
-!!3!!!!!!!!!!"`!!I!!!!+J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
-!!!F!!(d!!!#T!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!"q!!!
-!UJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!I`!!!+X#!3!!!!!
-!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!)!!!!#X!J%!!!!!!!%!!3%!!!!
-!!!!!!!!!!!!"!!!!!!!!!!!(!!#"!!!!V3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
-!!3!!!!!!!!!!"`!!JJ!!!+i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
-!!!F!!)-!!!#[!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!#%!!!
-!X!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!K3!!!,%#!3!!!!!
-!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!)B!!!#b!J%!!!!!!!%!!3%!!!!
-!!!!!!!!!!!!"!!!!!!!!!!!(!!#(!!!!X`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
-!!3!!!!!!!!!!"`!!L!!!!,3#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
-!!!F!!)N!!!#e!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!#+!!!
-!YJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!L`!!!,F#!3!!!!!
-!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!)`!!!#i!J%!!!!!!!%!!3%!!!!
-!!!!!!!!!!!!"!!!!!!!!!!!(!!#0!!!!Z3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
-!!3!!!!!!!!!!"`!!MJ!!!,S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
-!!!F!!)m!!!#l!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!#3!!!
-!!,`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!*%!!!#p!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!#5!!!![J)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!"`!!N`!!!,m#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!F!!*3!!!$!!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!(!!#9!!!!`3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!PJ!
-!!-)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!*F!!!$$!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!#B!!!!a!)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!"`!!Q3!!!-8#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!F!!*S!!!$'!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!(!!#E!!!!a`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!R!!
-!!-J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!*d!!!$*!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!#H!!!!bJ)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!"`!!R`!!!-X#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!F!!+!!!!$-!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!(!!#K!!!!c3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!SJ!
-!!-i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!+-!!!$2!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!#N!!!!d!)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!"`!!T3!!!0%#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!F!!+B!!!$5!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!(!!#R!!!!d`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!U!!
-!!03#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!+N!!!$9!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!#U!!!!eJ)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!"`!!U`!!!0F#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!F!!+`!!!$B!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!(!!#Y!!!!f3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!VJ!
-!!0S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!+m!!!$E!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!#`!!!!h!)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!"`!!X3!!!0d#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!F!!,)!!!$H!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!(!!#c!!!!h`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!Y!!
-!!1!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!,8!!!$K!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!#f!!!!iJ)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!"`!!Y`!!!1-#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!F!!,J!!!$N!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!(!!#j!!!!j3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!ZJ!
-!!1B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!,X!!!$R!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!#m!!!!k!)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!"`!![3!!!1N#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!F!!,i!!!$U!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!(!!#r!!!!k`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!`!!
-!!1`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!-%!!!$Y!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!$#!!!!lJ)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!"`!!``!!!1m#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!F!!-3!!!$`!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!(!!$&!!!!m3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!aJ!
-!!2)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!-F!!!$c!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!$)!!!!p!)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!"`!!b3!!!28#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!F!!-S!!!$f!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!(!!$,!!!!p`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!c!!
-!!2J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!-d!!!$j!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!$1!!!!qJ)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!"`!!c`!!!2X#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!F!!0!!!!$m!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!(!!$4!!!!r3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!dJ!
-!!2i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!0-!!!$r!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!$8!!!"!!)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!"`!!e3!!!3%#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!F!!0B!!!%#!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!(!!$A!!!"!`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!f!!
-!!33#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!0N!!!%&!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!$D!!!""J)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!"`!!f`!!!3F#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!F!!0`!!!%)!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!(!!$G!!!"#3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!hJ!
-!!3S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!0m!!!%,!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!$J!!!"$!)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!"`!!i3!!!3d#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!F!!1)!!!%1!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!(!!$M!!!"$`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!j!!
-!!4!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!18!!!%4!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!$Q!!!"%J)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!"`!!j`!!!4-#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!F!!1J!!!%8!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!(!!$T!!!"&3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!kJ!
-!!4B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!1X!!!%A!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!$X!!!"'!)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!"`!!l3!!!4N#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!F!!1i!!!%D!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!(!!$[!!!"'`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!m!!
-!!4`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!2%!!!%G!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!$b!!!"(J)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!"`!!m`!!!4m#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!F!!23!!!%J!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!(!!$e!!!")3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!pJ!
-!!5)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!2F!!!%M!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!$i!!!"*!)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!"`!!q3!!!58#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!F!!2S!!!%Q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!(!!$l!!!"*`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!r!!
-!!5J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!2d!!!%T!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!$q!!!"+J)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!"`!!r`!!!5X#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!F!!3!!!!%X!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!(!!%"!!!",3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"!J!
-!!5i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!3-!!!%[!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!%%!!!"-!)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!"`!""3!!!6%#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!F!!3B!!!%b!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!(!!%(!!!"-`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"#!!
-!!63#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!3N!!!%e!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!%+!!!"0J)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!"`!"#`!!!6F#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!F!!3`!!!%i!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!(!!%0!!!"13)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"$J!
-!!6S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!3m!!!%l!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!%3!!!"2!)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!"`!"%3!!!6d#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!F!!4)!!!%q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!(!!%6!!!"2`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"&!!
-!!8!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!48!!!&"!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!%@!!!"3J)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!"`!"&`!!!8-#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!F!!4J!!!&%!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!(!!%C!!!"43)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"'J!
-!!8B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!4X!!!&(!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!%F!!!"5!)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!"`!"(3!!!8N#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!F!!4i!!!&+!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!(!!%I!!!"5`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!")!!
-!!8`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!5%!!!&0!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!%L!!!"6J)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!"`!")`!!!8m#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!F!!53!!!&3!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!(!!%P!!!"83)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"*J!
-!!9)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!5F!!!&6!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!%S!!!"9!)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!"`!"+3!!!98#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!F!!5S!!!&@!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!(!!%V!!!"9`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!",!!
-!!9J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!5d!!!&C!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!%Z!!!"@J)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!"`!",`!!!9X#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!F!!6!!!!&F!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!(!!%a!!!"A3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"-J!
-!!9i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!6-!!!&I!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!%d!!!"B!)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!"`!"03!!!@%#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!F!!6B!!!&L!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!(!!%h!!!"B`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"1!!
-!!@3#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!6N!!!&P!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!%k!!!"CJ)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!"`!"1`!!!@F#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!F!!6`!!!&S!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!(!!%p!!!"D3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"2J!
-!!@S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!6m!!!&V!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!&!!!!"E!)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!"`!"33!!!@d#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!F!!8)!!!&Z!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!(!!&$!!!"E`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"4!!
-!!A!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!88!!!&a!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!&'!!!"FJ)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!"`!"4`!!!A-#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!F!!8J!!!&d!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!(!!&*!!!"G3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"5J!
-!!AB#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!8X!!!&h!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!&-!!!"H!)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!"`!"63!!!AN#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!F!!8i!!!&k!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!(!!&2!!!"H`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"8!!
-!!A`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!9%!!!&p!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!&5!!!"IJ)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!"`!"8`!!!B!#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!F!!93!!!'"!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!(!!&9!!!"JJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"9J!
-!!B-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!9F!!!'%!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!&B!!!"K3)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!"`!"@3!!!BB#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!F!!9S!!!'(!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!(!!&E!!!"L!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"A!!
-!!BN#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!9d!!!'+!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!&H!!!"L`)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!"`!"A`!!!B`#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!F!!@!!!!'0!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!(!!&K!!!"MJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"BJ!
-!!Bm#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!@-!!!'3!!)"!!!
-!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"C!!!!C%#!3!!!!!!!3!"!3!
-!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!@8!!!'5!J%!!!!!!!%!!3%!!!!!!!!!!!!
-!!!!"!!!!!!!!!!!(!!&Q!!!"N`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
-!!!!!"`!"C`!!!C3#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!@J
-!!!'9!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!&T!!!"PJ)"!!!
-!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"DJ!!!CF#!3!!!!!!!3!"!3!
-!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!@X!!!'B!J%!!!!!!!%!!3%!!!!!!!!!!!!
-!!!!"!!!!!!!!!!!(!!&X!!!"Q3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
-!!!!!"`!"E3!!!CS#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!@i
-!!!'E!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!&[!!!"R!)"!!!
-!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"F!!!!Cd#!3!!!!!!!3!"!3!
-!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!A%!!!'H!J%!!!!!!!%!!3%!!!!!!!!!!!!
-!!!!"!!!!!!!!!!!(!!&b!!!"R`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
-!!!!!"`!"F`!!!D3#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!A3
-!!!'Q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!&e!!!"T`)"!!!
-!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!!)
-!!!!$!!!!"!!!!!8!!!!'!!!!"`!!!!J!!!!*!!!!#J!!!!X!!!!-!!!!$3!!!!i
-!!!!2!!!!%!!!!"%!!!!5!!!!%`!!!"3!!!!9!!!!&J!!!"F!!!!B!!!!'3!!!"S
-!!!!E!!!!(!!!!"d!!!!H!!!!(`!!!#!!!!!K!!!!)J!!!#-!!!!N!!!!*3!!!#B
-!!!!R!!!!+!!!!#N!!!!U!!!!+`!!!#`!!!!Y!!!!,J!!!#m!!!!`!!!!-3!!!$)
-!!!!c!!!!0!!!!$8!!!!f!!!!0`!!!$J!!!!j!!!!1J!!!$X!!!!m!!!!23!!!$i
-!!!!r!!!!3!!!!%%!!!"#!!!!3`!!!%3!!!"&!!!!4J!!!%F!!!")!!!!53!!!%S
-!!!",!!!!6!!!!%d!!!"1!!!!6`!!!&!!!!"4!!!!8J!!!&-!!!"8!!!!93!!!&B
-!!!"A!!!!@!!!!&N!!!"D!!!!@`!!!&`!!!"G!!!!AJ!!!&m!!!"J!!!!B3!!!')
-!!!"M!!!!C!!!!'8!!!"Q!!!!C`!!!'J!!!"T!!!!DJ!!!'X!!!"X!!!!E3!!!'i
-!!!"[!!!!F!!!!(%!!!"b!!!!F`!!!(3!!!"e!!!!GJ!!!(F!!!"i!!!!H3!!!(S
-!!!"l!!!!I!!!!(d!!!"q!!!!I`!!!)!!!!#"!!!!JJ!!!)-!!!#%!!!!K3!!!)B
-!!!#(!!!!L!!!!)N!!!#+!!!!L`!!!)`!!!#0!!!!MJ!!!)m!!!#3!!!!!*%!!!#
-5!!!!N`!!!*3!!!#9!!!!PJ!!!*F!!!#B!!!!Q3!!!*S!!!#E!!!!R!!!!*d!!!#
-H!!!!R`!!!+!!!!#K!!!!SJ!!!+-!!!#N!!!!T3!!!+B!!!#R!!!!U!!!!+N!!!#
-U!!!!U`!!!+`!!!#Y!!!!VJ!!!+m!!!#`!!!!X3!!!,)!!!#c!!!!Y!!!!,8!!!#
-f!!!!Y`!!!,J!!!#j!!!!ZJ!!!,X!!!#m!!!![3!!!,i!!!#r!!!!`!!!!-%!!!$
-#!!!!``!!!-3!!!$&!!!!aJ!!!-F!!!$)!!!!b3!!!-S!!!$,!!!!c!!!!-d!!!$
-1!!!!c`!!!0!!!!$4!!!!dJ!!!0-!!!$8!!!!e3!!!0B!!!$A!!!!f!!!!0N!!!$
-D!!!!f`!!!0`!!!$G!!!!hJ!!!0m!!!$J!!!!i3!!!1)!!!$M!!!!j!!!!18!!!$
-Q!!!!j`!!!1J!!!$T!!!!kJ!!!1X!!!$X!!!!l3!!!1i!!!$[!!!!m!!!!2%!!!$
-b!!!!m`!!!23!!!$e!!!!pJ!!!2F!!!$i!!!!q3!!!2S!!!$l!!!!r!!!!2d!!!$
-q!!!!r`!!!3!!!!%"!!!"!J!!!3-!!!%%!!!""3!!!3B!!!%(!!!"#!!!!3N!!!%
-+!!!"#`!!!3`!!!%0!!!"$J!!!3m!!!%3!!!"%3!!!4)!!!%6!!!"&!!!!48!!!%
-@!!!"&`!!!4J!!!%C!!!"'J!!!4X!!!%F!!!"(3!!!4i!!!%I!!!")!!!!5%!!!%
-L!!!")`!!!53!!!%P!!!"*J!!!5F!!!%S!!!"+3!!!5S!!!%V!!!",!!!!5d!!!%
-Z!!!",`!!!6!!!!%a!!!"-J!!!6-!!!%d!!!"03!!!6B!!!%h!!!"1!!!!6N!!!%
-k!!!"1`!!!6`!!!%p!!!"2J!!!6m!!!&!!!!"33!!!8)!!!&$!!!"4!!!!88!!!&
-'!!!"4`!!!8J!!!&*!!!"5J!!!8X!!!&-!!!"63!!!8i!!!&2!!!"8!!!!9%!!!&
-5!!!"8`!!!93!!!&9!!!"9J!!!9F!!!&B!!!"@3!!!9S!!!&E!!!"A!!!!9d!!!&
-H!!!"A`!!!@!!!!&K!!!"BJ!!!@-!!!&N!!!"C3!!!@B!!!&R!!!"D!!!!@N!!!&
-U!!!"D`!!!@`!!!&Y!!!"EJ!!!@m!!!&`!!!"F3!!!A)!!!&c!!!"G!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"G3!!!B!(!!!
-!"`!"G3F!!!%(!!!#"`!!!`F!!!3(!!!&"`!!"JF!!!F(!!!)"`!!#3F!!!S(!!!
-,"`!!$!F!!!d(!!!1"`!!$`F!!"!(!!!4"`!!%JF!!"-(!!!8"`!!&3F!!"B(!!!
-A"`!!'!F!!"N(!!!D"`!!'`F!!"`(!!!G"`!!(JF!!"m(!!!J"`!!)3F!!#)(!!!
-M"`!!*!F!!#8(!!!Q"`!!*`F!!#J(!!!T"`!!+JF!!#X(!!!X"`!!,3F!!#i(!!!
-["`!!-!F!!$%(!!!b"`!!-`F!!$3(!!!e"`!!0JF!!$F(!!!i"`!!13F!!$S(!!!
-l"`!!2!F!!$d(!!!q"`!!2`F!!%!(!!"""`!!3JF!!%-(!!"%"`!!43F!!%B(!!"
-("`!!5!F!!%N(!!"+"`!!5`F!!%`(!!"0"`!!6JF!!%m(!!"3"`!!83F!!&)(!!"
-6"`!!9!F!!&8(!!"@"`!!9`F!!&J(!!"C"`!!@JF!!&X(!!"F"`!!A3F!!&i(!!"
-I"`!!B!F!!'%(!!"L"`!"G!F!!'-(!!"N"`!!C3F!!'B(!!"R"`!!D!F!!'N(!!"
-U"`!!D`F!!'`(!!"Y"`!!EJF!!'m(!!"`"`!!F3F!!()(!!"c"`!!G!F!!(8(!!"
-f"`!!G`F!!(J(!!"j"`!!HJF!!(X(!!"m"`!!I3F!!(i(!!"r"`!!J!F!!)%(!!#
-#"`!!J`F!!)3(!!#&"`!!KJF!!)F(!!#)"`!!L3F!!)S(!!#,"`!!M!F!!)d(!!#
-1"`!!M`F!!*!!"`!!N3F!!*)(!!#6"`!!P!F!!*8(!!#@"`!!P`F!!*J(!!#C"`!
-!QJF!!*X(!!#F"`!!R3F!!*i(!!#I"`!!S!F!!+%(!!#L"`!!S`F!!+3(!!#P"`!
-!TJF!!+F(!!#S"`!!U3F!!+S(!!#V"`!!V!F!!+d(!!#Z"`!!V`F!!,!(!!#a"`!
-!XJF!!,-(!!#d"`!!Y3F!!,B(!!#h"`!!Z!F!!,N(!!#k"`!!Z`F!!,`(!!#p"`!
-![JF!!,m(!!$!"`!!`3F!!-)(!!$$"`!!a!F!!-8(!!$'"`!!a`F!!-J(!!$*"`!
-!bJF!!-X(!!$-"`!!c3F!!-i(!!$2"`!!d!F!!0%(!!$5"`!!d`F!!03(!!$9"`!
-!eJF!!0F(!!$B"`!!f3F!!0S(!!$E"`!!h!F!!0d(!!$H"`!!h`F!!1!(!!$K"`!
-!iJF!!1-(!!$N"`!!j3F!!1B(!!$R"`!!k!F!!1N(!!$U"`!!k`F!!1`(!!$Y"`!
-!lJF!!1m(!!$`"`!!m3F!!2)(!!$c"`!!p!F!!28(!!$f"`!!p`F!!2J(!!$j"`!
-!qJF!!2X(!!$m"`!!r3F!!2i(!!$r"`!"!!F!!3%(!!%#"`!"!`F!!33(!!%&"`!
-""JF!!3F(!!%)"`!"#3F!!3S(!!&e"`!"#`F!!3`(!!%0"`!"$JF!!3m(!!%3"`!
-"%3F!!4)(!!%6"`!"&!F!!48(!!%@"`!"&`F!!4J(!!%C"`!"'JF!!4X(!!%F"`!
-"(3F!!4i(!!%I"`!")!F!!5%(!!%L"`!")`F!!53(!!%P"`!"*JF!!5F(!!%S"`!
-"+3F!!5S(!!%V"`!",!F!!5d(!!%Z"`!",`F!!6!(!!%a"`!"-JF!!6-(!!%d"`!
-"03F!!6B(!!%h"`!"1!F!!6N(!!%k"`!"1`F!!6`(!!%p"`!"2JF!!6m(!!&!"`!
-"33F!!8)(!!&$"`!"4!F!!88(!!&'"`!"4`F!!8J(!!&*"`!"5JF!!8X(!!&-"`!
-"63F!!8i(!!&2"`!"8!F!!9%(!!&5"`!"8`F!!93(!!&9"`!"9JF!!9F(!!&B"`!
-"@3F!!9S(!!&E"`!"A!F!!9d(!!&H"`!"A`F!!@!(!!&K"`!"BJF!!@-(!!&N"`!
-"C3F!!@B(!!&R"`!"D!F!!@N(!!&U"`!"D`F!!@`(!!&Y"`!"EJF!!@m(!!&`"`!
-"F3F!!A)(!!&c!!!"U3!"!#J!!!!!!jH9J!!!!!!!!(rr!!!"!!!!HF!!!J!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!,#2Z!!!!!!!!!"!!,#4r!!!J!!!!!
-!!!!!!!!#`MD!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!J!!!3!
-!!!!&!!"rr`!!!!"rr`!!!!"rr`!!!!"rr`!!!!`!!3!#!!B!!!!&3!!!#!!"!!%
-k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!2rrrrm
-!!!!$!!%!!6Sk!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-"!!!!rrrrr`!!!!3!!3!"1MTTEQ0XG@4P1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!$rrrrr3!!!!J!"!!%k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!2rrrrp!!!!$!!%!!6Sk1NG98dNkD@jME(9NC6S
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!rrrrrd!!!!3!!3!"1MSk4e9656T
-XD@)k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$rrrrr3!!!"3!#!!%
-k6@&M6e-J8h9`F'pbG$S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!2rrrrp
-!!!!'!!)!!6T08d`k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-"!!!!rrrrrd!!!!F!#J!!6@&M6e-J0MK,)%aTEQYPFJ!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!6'PL3h*jF(4[)$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!%k!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!!&0B@028b!f1%XJ6'P
-ZDf9b!!!!!!!!!!!!!!!!!!!!!!!J39"36!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!3A"
-`E!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!"J!!!!68e-3J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!6'PL)%PYF'pbG#!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69"
--4J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!6'PL)%PYF'pbG#!f1%X
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69G$4!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!6d*
-+)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69"A)%PYF'pbG#!f1%X
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8%a[BJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!8P0
-53`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!"J!!!!9%9B9#jLD!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!3Q&XE'p[EL")C@a`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9
-B9#jM!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jM+bX!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9
-B9#jMB`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jMF!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9
-B9#jMF(!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jPH(!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9
-B9#jRB`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!4f&YC80[C'8J3fpZGQ9
-bG'9b!!!!!!!!!!!!!!!!!!"!!!!!9%9B9#jS!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!!9%9
-B9#jX!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!4QaPH#"3FQ9`FQpMCA0
-cEh)!!!!!!!!!!!!!!!!!!!#!!!!!9%9B9#j`!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!69FJ8'&cBf&X)$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9
-B9#j`BA-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ8'&cBf&X)$Bi5`!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#j`BfJ!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!!!!!!!!!!!!!!!!!!!!!!!!#!!!!!9%9
-B9#j`BfJV+`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!
-!!!!!!!!!!!!!!!!!!!!!!!#!!!!!9%9B9#j`F(8!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!69FJ8'&cBf&X)$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!#!!!!!9%9
-B9#jb!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8Q9k!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jcC@F!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9
-B9#jj!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3QPcEfiJ8(*PF(*[Bf9
-cFfpb!!!!!!!!!!!!!!!!!!#!!!!!C'pMG3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!FR0
-bB`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!"J!!!!FfKXBJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!8%9')%PYF'pbG#!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Fh4
-eBJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8%9')%PYF'pbG#!f1%X
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#jNEf-!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"3!!!!!!!
-!!#jbFh*M!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!"J!!!!!!8"!3!"!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!
-!!!!"!!!!!!8!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!"!3!!E@&TEJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!3!"!!!!!3%"!!!"!3%!!!!
-!!!%"!!!"!3!"!!!""!!!!!!!!!!!!!!)!3!"!3!"!3!!!!%!!!N!!aY-D@*$FRP
-`G'mZ0MKV)%CK+$4TAcKN+5j-D@)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!r2cmr2cmr2`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$mr2cm!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!0!!%!!!!!!"9I69G&8NY6AdG98dPIF(*PCQPi,QJ!!!!!!!!
-!!!!!!!!"!!!!!!!!!!!"!!!!!!!!!!!!!!8"!3%!!!%"!!%!!!!!"!!!!!!!!!!
-!!!!!!!!!!!!"!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"IAh0
-dBA*d!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!3!!#8ePFQGP)%peG!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!$mr2cp"8&"-!!%"!!!%)#!J)!1ARe!$GYpi!`@Z%!!&!J%!!3%!!3%"!!!
-"!!!!!!!!!!%"!3%!!3%!!3!""!!!!!!!!!!!!!!(!3%!!3!!!3!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!"IAh0dBA*d!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8!!!G2F'9Z8e0-!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!2cmr2d&38%`!!!3!!!!%!!!!!%!!!&M!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%r2cm
-r!!!!!!!!!!)!!!!#!!)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!#!&!!!3!"!!%!!3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8*d024%8R)#G%394"*b!
-R8%P$9#F!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!#!!!!3!!!#d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!!)!!!!
-Z!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!!$!!!!,`)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!"!!!!$!#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!J!!!8!!!!a!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!)!!!'!!!!-J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!#!!!"`!!!$-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!!J!!!!
-d!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!!*!!!!03)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!#J!!!$B#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!J!!!X!!!!h!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!)!!!-!!!!1!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!#!!!$3!!!$N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!!i!!!!
-k!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!!2!!!!1`)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!%!!!!$`#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!J!!"%!!!!p!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!)!!!5!!!!2J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!#!!!%`!!!$m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!"3!!!"
-!!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!!9!!!!33)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!&J!!!%)#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!J!!"F!!!"$!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!)!!!B!!!!4!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!#!!!'3!!!%8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!"S!!!"
-'!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!!E!!!!4`)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!(!!!!%J#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!J!!"d!!!"*!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!)!!!H!!!!5J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!#!!!(`!!!%X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!#!!!!"
--!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!!K!!!!63)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!)J!!!%i#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!J!!#-!!!"2!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!)!!!N!!!!8!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!#!!!*3!!!&%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!#B!!!"
-5!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!!R!!!!8`)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!+!!!!&3#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!J!!#N!!!"9!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!)!!!U!!!!9J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!#!!!+`!!!&F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!#`!!!"
-B!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!!Y!!!!@3)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!,J!!!&S#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!J!!#m!!!"E!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!)!!!`!!!!A!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!#!!!-3!!!&d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!$)!!!"
-H!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!!c!!!!A`)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!0!!!!'!#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!J!!$8!!!"K!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!)!!!f!!!!BJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!#!!!0`!!!'-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!$J!!!"
-N!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!!j!!!!C3)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!1J!!!'B#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!J!!$X!!!"R!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!)!!!m!!!!D!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!#!!!23!!!'N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!$i!!!"
-U!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!!r!!!!D`)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!3!!!!'`#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!J!!%%!!!"Y!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!)!!"#!!!!EJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!#!!!3`!!!'m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!%3!!!"
-`!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!"&!!!!F3)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!4J!!!()#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!J!!%F!!!"c!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!)!!")!!!!G!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!#!!!53!!!(8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!%S!!!"
-f!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!",!!!!G`)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!6!!!!(J#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!J!!%d!!!"j!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!)!!"1!!!!HJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!#!!!6`!!!(X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!&!!!!"
-m!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!"4!!!!I3)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!8J!!!(i#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!J!!&-!!!"r!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!)!!"8!!!!J!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!#!!!93!!!)%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!&B!!!#
-#!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!"A!!!!J`)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!@!!!!)3#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!J!!&N!!!#&!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!)!!"D!!!!KJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!#!!!@`!!!)F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!&`!!!#
-)!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!"G!!!!L3)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!AJ!!!)S#!3!!!!!!!3!"!3!!!!!
-!!!!!!!!!!!%!!!!!!!!!!!J!!&m!!!#,!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
-"!!!!!!!!!!!)!!"J!!!!M!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
-!#!!!B3!!!)d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!')!!!#
-1!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!"M!!!!M`)"!!!!!!!
-"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!C!!!!*!!!J%!!!!!!!%!!3%!!!!
-!!!!!!!!!!!!"!!!!!!!!!!!)!!"P!!!!N3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
-!!3!!!!!!!!!!#!!!CJ!!!*)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
-!!!J!!'F!!!#6!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!"S!!!
-!P!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!D3!!!*8#!3!!!!!
-!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!'S!!!#@!J%!!!!!!!%!!3%!!!!
-!!!!!!!!!!!!"!!!!!!!!!!!)!!"V!!!!P`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
-!!3!!!!!!!!!!#!!!E!!!!*J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
-!!!J!!'d!!!#C!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!"Z!!!
-!QJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!E`!!!*X#!3!!!!!
-!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!(!!!!#F!J%!!!!!!!%!!3%!!!!
-!!!!!!!!!!!!"!!!!!!!!!!!)!!"a!!!!R3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
-!!3!!!!!!!!!!#!!!FJ!!!*i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
-!!!J!!(-!!!#I!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!"d!!!
-!S!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!G3!!!+%#!3!!!!!
-!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!(B!!!#L!J%!!!!!!!%!!3%!!!!
-!!!!!!!!!!!!"!!!!!!!!!!!)!!"h!!!!S`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
-!!3!!!!!!!!!!#!!!H!!!!+3#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
-!!!J!!(N!!!#P!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!"k!!!
-!TJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!H`!!!+F#!3!!!!!
-!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!(`!!!#S!J%!!!!!!!%!!3%!!!!
-!!!!!!!!!!!!"!!!!!!!!!!!)!!"p!!!!U3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
-!!3!!!!!!!!!!#!!!IJ!!!+S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
-!!!J!!(m!!!#V!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#!!!!
-!V!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!J3!!!+d#!3!!!!!
-!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!))!!!#Z!J%!!!!!!!%!!3%!!!!
-!!!!!!!!!!!!"!!!!!!!!!!!)!!#$!!!!V`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
-!!3!!!!!!!!!!#!!!K!!!!,!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
-!!!J!!)8!!!#a!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#'!!!
-!XJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!K`!!!,-#!3!!!!!
-!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!)J!!!#d!J%!!!!!!!%!!3%!!!!
-!!!!!!!!!!!!"!!!!!!!!!!!)!!#*!!!!Y3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
-!!3!!!!!!!!!!#!!!LJ!!!,B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
-!!!J!!)X!!!#h!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#-!!!
-!Z!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!M3!!!,N#!3!!!!!
-!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!)i!!!#k!J%!!!!!!!%!!3%!!!!
-!!!!!!!!!!!!"!!!!!!!!!!!)!!#2!!!!Z`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
-!!3!!!!!!!!!!#!!!N!!!!!#m!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!)!!#4!!!![3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!NJ!
-!!,i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!*-!!!#r!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#8!!!!`!)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!#!!!P3!!!-%#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!J!!*B!!!$#!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!)!!#A!!!!``)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!Q!!
-!!-3#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!*N!!!$&!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#D!!!!aJ)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!#!!!Q`!!!-F#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!J!!*`!!!$)!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!)!!#G!!!!b3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!RJ!
-!!-S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!*m!!!$,!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#J!!!!c!)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!#!!!S3!!!-d#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!J!!+)!!!$1!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!)!!#M!!!!c`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!T!!
-!!0!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!+8!!!$4!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#Q!!!!dJ)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!#!!!T`!!!0-#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!J!!+J!!!$8!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!)!!#T!!!!e3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!UJ!
-!!0B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!+X!!!$A!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#X!!!!f!)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!#!!!V3!!!0N#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!J!!+i!!!$D!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!)!!#[!!!!f`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!X!!
-!!0`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!,%!!!$G!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#b!!!!hJ)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!#!!!X`!!!0m#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!J!!,3!!!$J!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!)!!#e!!!!i3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!YJ!
-!!1)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!,F!!!$M!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#i!!!!j!)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!#!!!Z3!!!18#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!J!!,S!!!$Q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!)!!#l!!!!j`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!![!!
-!!1J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!,d!!!$T!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#q!!!!kJ)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!#!!![`!!!1X#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!J!!-!!!!$X!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!)!!$"!!!!l3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!`J!
-!!1i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!--!!!$[!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$%!!!!m!)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!#!!!a3!!!2%#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!J!!-B!!!$b!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!)!!$(!!!!m`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!b!!
-!!23#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!-N!!!$e!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$+!!!!pJ)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!#!!!b`!!!2F#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!J!!-`!!!$i!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!)!!$0!!!!q3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!cJ!
-!!2S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!-m!!!$l!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$3!!!!r!)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!#!!!d3!!!2d#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!J!!0)!!!$q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!)!!$6!!!!r`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!e!!
-!!3!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!08!!!%"!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$@!!!"!J)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!#!!!e`!!!3-#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!J!!0J!!!%%!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!)!!$C!!!""3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!fJ!
-!!3B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!0X!!!%(!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$F!!!"#!)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!#!!!h3!!!3N#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!J!!0i!!!%+!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!)!!$I!!!"#`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!i!!
-!!3`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!1%!!!%0!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$L!!!"$J)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!#!!!i`!!!3m#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!J!!13!!!%3!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!)!!$P!!!"%3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!jJ!
-!!4)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!1F!!!%6!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$S!!!"&!)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!#!!!k3!!!48#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!J!!1S!!!%@!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!)!!$V!!!"&`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!l!!
-!!4J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!1d!!!%C!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$Z!!!"'J)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!#!!!l`!!!4X#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!J!!2!!!!%F!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!)!!$a!!!"(3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!mJ!
-!!4i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!2-!!!%I!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$d!!!")!)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!#!!!p3!!!5%#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!J!!2B!!!%L!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!)!!$h!!!")`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!q!!
-!!53#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!2N!!!%P!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$k!!!"*J)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!#!!!q`!!!5F#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!J!!2`!!!%S!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!)!!$p!!!"+3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!rJ!
-!!5S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!2m!!!%V!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%!!!!",!)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!#!!"!3!!!5d#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!J!!3)!!!%Z!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!)!!%$!!!",`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!""!!
-!!6!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!38!!!%a!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%'!!!"-J)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!#!!""`!!!6-#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!J!!3J!!!%d!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!)!!%*!!!"03)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"#J!
-!!6B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!3X!!!%h!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%-!!!"1!)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!#!!"$3!!!6N#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!J!!3i!!!%k!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!)!!%2!!!"1`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"%!!
-!!6`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!4%!!!%p!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%5!!!"2J)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!#!!"%`!!!6m#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!J!!43!!!&!!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!)!!%9!!!"33)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"&J!
-!!8)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!4F!!!&$!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%B!!!"4!)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!#!!"'3!!!88#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!J!!4S!!!&'!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!)!!%E!!!"4`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"(!!
-!!8J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!4d!!!&*!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%H!!!"5J)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!#!!"(`!!!8X#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!J!!5!!!!&-!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!)!!%K!!!"63)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!")J!
-!!8i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!5-!!!&2!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%N!!!"8!)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!#!!"*3!!!9%#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!J!!5B!!!&5!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!)!!%R!!!"8`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"+!!
-!!93#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!5N!!!&9!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%U!!!"9J)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!#!!"+`!!!9F#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!J!!5`!!!&B!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!)!!%Y!!!"@3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!",J!
-!!9S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!5m!!!&E!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%`!!!"A!)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!#!!"-3!!!9d#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!J!!6)!!!&H!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!)!!%c!!!"A`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"0!!
-!!@!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!68!!!&K!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%f!!!"BJ)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!#!!"0`!!!@-#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!J!!6J!!!&N!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!)!!%j!!!"C3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"1J!
-!!@B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!6X!!!&R!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%m!!!"D!)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!#!!"23!!!@N#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!J!!6i!!!&U!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!)!!%r!!!"D`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"3!!
-!!@`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!8%!!!&Y!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!&#!!!"EJ)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!#!!"3`!!!@m#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!J!!83!!!&`!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!)!!&&!!!"F3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"4J!
-!!A)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!8F!!!&c!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!&)!!!"G!)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!#!!"53!!!A8#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!J!!8S!!!&f!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!)!!&,!!!"G`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"6!!
-!!AJ#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!8d!!!&j!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!&1!!!"HJ)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!#!!"6`!!!AX#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!J!!9!!!!&m!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!)!!&4!!!"I3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"8J!
-!!Ai#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!9-!!!'!!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!&8!!!"J3)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!#!!"93!!!B)#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!J!!9B!!!'$!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!)!!&A!!!"K!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"@!!
-!!B8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!9N!!!''!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!&D!!!"K`)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!#!!"@`!!!BJ#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!J!!9`!!!'*!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!)!!&G!!!"LJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"AJ!
-!!BX#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!9m!!!'-!J%!!!!
-!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!&J!!!"M3)"!!!!!!!"!!%"!!!
-!!!!!!!!!!!!!!3!!!!!!!!!!#!!"B3!!!Bi#!3!!!!!!!3!"!3!!!!!!!!!!!!!
-!!!%!!!!!!!!!!!J!!@)!!!'2!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
-!!!!)!!&M!!!"N!!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!@3
-!!!'4!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!&P!!!"NJ)"!!!
-!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"CJ!!!C-#!3!!!!!!!3!"!3!
-!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!@F!!!'8!J%!!!!!!!%!!3%!!!!!!!!!!!!
-!!!!"!!!!!!!!!!!)!!&S!!!"P3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
-!!!!!#!!"D3!!!CB#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!@S
-!!!'A!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!&V!!!"Q!)"!!!
-!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"E!!!!CN#!3!!!!!!!3!"!3!
-!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!@d!!!'D!J%!!!!!!!%!!3%!!!!!!!!!!!!
-!!!!"!!!!!!!!!!!)!!&Z!!!"Q`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
-!!!!!#!!"E`!!!C`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!A!
-!!!'G!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!&a!!!"RJ)"!!!
-!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"FJ!!!Cm#!3!!!!!!!3!"!3!
-!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!A-!!!'N!J%!!!!!!!%!!3%!!!!!!!!!!!!
-!!!!"!!!!!!!!!!!)!!&d!!!"TJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
-!!!!!#!!"G3!!!DF#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!%!!!!#!!!!!`!!!!3!!!!&!!!!"J!!!!F!!!!)!!!!#3!!!!S
-!!!!,!!!!$!!!!!d!!!!1!!!!$`!!!"!!!!!4!!!!%J!!!"-!!!!8!!!!&3!!!"B
-!!!!A!!!!'!!!!"N!!!!D!!!!'`!!!"`!!!!G!!!!(J!!!"m!!!!J!!!!)3!!!#)
-!!!!M!!!!*!!!!#8!!!!Q!!!!*`!!!#J!!!!T!!!!+J!!!#X!!!!X!!!!,3!!!#i
-!!!![!!!!-!!!!$%!!!!b!!!!-`!!!$3!!!!e!!!!0J!!!$F!!!!i!!!!13!!!$S
-!!!!l!!!!2!!!!$d!!!!q!!!!2`!!!%!!!!""!!!!3J!!!%-!!!"%!!!!43!!!%B
-!!!"(!!!!5!!!!%N!!!"+!!!!5`!!!%`!!!"0!!!!6J!!!%m!!!"3!!!!83!!!&)
-!!!"6!!!!9!!!!&8!!!"@!!!!9`!!!&J!!!"C!!!!@J!!!&X!!!"F!!!!A3!!!&i
-!!!"I!!!!B!!!!'%!!!"L!!!!B`!!!'3!!!"P!!!!CJ!!!'F!!!"S!!!!D3!!!'S
-!!!"V!!!!E!!!!'d!!!"Z!!!!E`!!!(!!!!"a!!!!FJ!!!(-!!!"d!!!!G3!!!(B
-!!!"h!!!!H!!!!(N!!!"k!!!!H`!!!(`!!!"p!!!!IJ!!!(m!!!#!!!!!J3!!!))
-!!!#$!!!!K!!!!)8!!!#'!!!!K`!!!)J!!!#*!!!!LJ!!!)X!!!#-!!!!M3!!!)i
-!!!#2!!!!N!!!!!#4!!!!NJ!!!*-!!!#8!!!!P3!!!*B!!!#A!!!!Q!!!!*N!!!#
-D!!!!Q`!!!*`!!!#G!!!!RJ!!!*m!!!#J!!!!S3!!!+)!!!#M!!!!T!!!!+8!!!#
-Q!!!!T`!!!+J!!!#T!!!!UJ!!!+X!!!#X!!!!V3!!!+i!!!#[!!!!X!!!!,%!!!#
-b!!!!X`!!!,3!!!#e!!!!YJ!!!,F!!!#i!!!!Z3!!!,S!!!#l!!!![!!!!,d!!!#
-q!!!![`!!!-!!!!$"!!!!`J!!!--!!!$%!!!!a3!!!-B!!!$(!!!!b!!!!-N!!!$
-+!!!!b`!!!-`!!!$0!!!!cJ!!!-m!!!$3!!!!d3!!!0)!!!$6!!!!e!!!!08!!!$
-@!!!!e`!!!0J!!!$C!!!!fJ!!!0X!!!$F!!!!h3!!!0i!!!$I!!!!i!!!!1%!!!$
-L!!!!i`!!!13!!!$P!!!!jJ!!!1F!!!$S!!!!k3!!!1S!!!$V!!!!l!!!!1d!!!$
-Z!!!!l`!!!2!!!!$a!!!!mJ!!!2-!!!$d!!!!p3!!!2B!!!$h!!!!q!!!!2N!!!$
-k!!!!q`!!!2`!!!$p!!!!rJ!!!2m!!!%!!!!"!3!!!3)!!!%$!!!""!!!!38!!!%
-'!!!""`!!!3J!!!%*!!!"#J!!!3X!!!%-!!!"$3!!!3i!!!%2!!!"%!!!!4%!!!%
-5!!!"%`!!!43!!!%9!!!"&J!!!4F!!!%B!!!"'3!!!4S!!!%E!!!"(!!!!4d!!!%
-H!!!"(`!!!5!!!!%K!!!")J!!!5-!!!%N!!!"*3!!!5B!!!%R!!!"+!!!!5N!!!%
-U!!!"+`!!!5`!!!%Y!!!",J!!!5m!!!%`!!!"-3!!!6)!!!%c!!!"0!!!!68!!!%
-f!!!"0`!!!6J!!!%j!!!"1J!!!6X!!!%m!!!"23!!!6i!!!%r!!!"3!!!!8%!!!&
-#!!!"3`!!!83!!!&&!!!"4J!!!8F!!!&)!!!"53!!!8S!!!&,!!!"6!!!!8d!!!&
-1!!!"6`!!!9!!!!&4!!!"8J!!!9-!!!&8!!!"93!!!9B!!!&A!!!"@!!!!9N!!!&
-D!!!"@`!!!9`!!!&G!!!"AJ!!!9m!!!&J!!!"B3!!!@)!!!&M!!!"C!!!!@8!!!&
-Q!!!"C`!!!@J!!!&T!!!"DJ!!!@X!!!&X!!!"E3!!!@i!!!&[!!!"F!!!!A%!!!&
-b!!!"F`!!!A3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!A8!!!'!#!!!!!J!!A8!!!(E!!%!(!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!J!!!%)!!!##!!!!`J!!!3)!!!&#!!!"JJ!!!F)!!!)#!!!#3J!!!S)!!!
-,#!!!$!J!!!d)!!!1#!!!$`J!!"!)!!!4#!!!%JJ!!"-)!!!8#!!!&3J!!"B)!!!
-A#!!!'!J!!"N)!!!D#!!!'`J!!"`)!!!G#!!!(JJ!!"m)!!!J#!!!)3J!!#))!!!
-M#!!!*!J!!#8)!!!Q#!!!*`J!!#J)!!!T#!!!+JJ!!#X)!!!X#!!!,3J!!#i)!!!
-[#!!!-!J!!$%)!!!b#!!!-`J!!$3)!!!e#!!!0JJ!!$F)!!!i#!!!13J!!$S)!!!
-l#!!!2!J!!$d)!!!q#!!!2`J!!%!)!!""#!!!3JJ!!%-)!!"%#!!!43J!!%B)!!"
-(#!!!5!J!!%N)!!"+#!!!5`J!!%`)!!"0#!!!6JJ!!%m)!!"3#!!!83J!!&))!!"
-6#!!!9!J!!&8)!!"@#!!!9`J!!&J)!!"C#!!!@JJ!!&X)!!"F#!!!A3J!!&i)!!"
-I#!!!B!J!!'%)!!"L#!!"G!J!!'-)!!"N#!!!C3J!!'B)!!"R#!!!D!J!!'N)!!"
-U#!!!D`J!!'`)!!"Y#!!!EJJ!!'m)!!"`#!!!F3J!!())!!"c#!!!G!J!!(8)!!"
-f#!!!G`J!!(J)!!"j#!!!HJJ!!(X)!!"m#!!!I3J!!(i)!!"r#!!!J!J!!)%)!!#
-##!!!J`J!!)3)!!#&#!!!KJJ!!)F)!!#)#!!!L3J!!)S)!!#,#!!!M!J!!)d)!!#
-1#!!!M`J!!*!!#!!!N3J!!*))!!#6#!!!P!J!!*8)!!#@#!!!P`J!!*J)!!#C#!!
-!QJJ!!*X)!!#F#!!!R3J!!*i)!!#I#!!!S!J!!+%)!!#L#!!!S`J!!+3)!!#P#!!
-!TJJ!!+F)!!#S#!!!U3J!!+S)!!#V#!!!V!J!!+d)!!#Z#!!!V`J!!,!)!!#a#!!
-!XJJ!!,-)!!#d#!!!Y3J!!,B)!!#h#!!!Z!J!!,N)!!#k#!!!Z`J!!,`)!!#p#!!
-![JJ!!,m)!!$!#!!!`3J!!-))!!$$#!!!a!J!!-8)!!$'#!!!a`J!!-J)!!$*#!!
-!bJJ!!-X)!!$-#!!!c3J!!-i)!!$2#!!!d!J!!0%)!!$5#!!!d`J!!03)!!$9#!!
-!eJJ!!0F)!!$B#!!!f3J!!0S)!!$E#!!!h!J!!0d)!!$H#!!!h`J!!1!)!!$K#!!
-!iJJ!!1-)!!$N#!!!j3J!!1B)!!$R#!!!k!J!!1N)!!$U#!!!k`J!!1`)!!$Y#!!
-!lJJ!!1m)!!$`#!!!m3J!!2))!!$c#!!!p!J!!28)!!$f#!!!p`J!!2J)!!$j#!!
-!qJJ!!2X)!!$m#!!!r3J!!2i)!!$r#!!"!!J!!3%)!!%##!!"!`J!!33)!!%&#!!
-""JJ!!3F)!!%)#!!"#3J!!3S)!!&e#!!"#`J!!3`)!!%0#!!"$JJ!!3m)!!%3#!!
-"%3J!!4))!!%6#!!"&!J!!48)!!%@#!!"&`J!!4J)!!%C#!!"'JJ!!4X)!!%F#!!
-"(3J!!4i)!!%I#!!")!J!!5%)!!%L#!!")`J!!53)!!%P#!!"*JJ!!5F)!!%S#!!
-"+3J!!5S)!!%V#!!",!J!!5d)!!%Z#!!",`J!!6!)!!%a#!!"-JJ!!6-)!!%d#!!
-"03J!!6B)!!%h#!!"1!J!!6N)!!%k#!!"1`J!!6`)!!%p#!!"2JJ!!6m)!!&!#!!
-"33J!!8))!!&$#!!"4!J!!88)!!&'#!!"4`J!!8J)!!&*#!!"5JJ!!8X)!!&-#!!
-"63J!!8i)!!&2#!!"8!J!!9%)!!&5#!!"8`J!!93)!!&9#!!"9JJ!!9F)!!&B#!!
-"@3J!!9S)!!&E#!!"A!J!!9d)!!&H#!!"A`J!!@!)!!&K#!!"BJJ!!@-)!!&N#!!
-"C3J!!@B)!!&R#!!"D!J!!@N)!!&U#!!"D`J!!@`)!!&Y#!!"EJJ!!@m)!!&`#!!
-"F3J!!A))!!&c!!!!#!!!!H%"!!!"!!!!!!!!!!!!"!!"!!!"kE6H0L[rrmA@!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"iJ)!!!%!!!!!!!!!!!!%!!%!!!(eY0i
-f,!!!IZ)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!(M!`!!!3!!!!!!!!!!!!3
-!!3!!!IDdhMBX!!!f%!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!H3%!!!"!!!
-!!!!!!!!!"!!"!!!"r,6H0L`!!&C*!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-"j38!!!%!!!!!!!!!!!!%!!%!!!(pY0if,2rrp2N!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!(Q"J!!!3!!!!!!!!!!!!3!!3!!!G'dhMBX!!!Si3!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!HF(!!!"!!!!!!!!!!!!"!!"!!!"dV6H0L`!!!ca!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"k!J!!!%!!!!!!!!!!!!%!!%!!!(IY0i
-f,2rr[fi!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!!!!!H%!!!!"i`!!!!(
-L!!!!!H8!!!!"jJ!!!!(N!!!!!HF!!!!"k!!"!!!!!&*26e3!!!!!!!!!!!!!!!!
-'4e*98!!!!!!!!!!!$P*[H5Gc)%GPG%K89&"6!!!!"8C*6%8"!!'L4NP-43%!!D0
-'58a&!3!"U%C*6%8"!!'K4NP-43%!!D"(8P93!!!!!!!!!!!66h"PEP066#""F("
-XD@0KG'P[EJ!!!#0'58a&!J!!(%C*6%8#!!!U4NP-43)!!!e'58a&!J!!)%C*6%8
-#!!!54NP-43)!!"0'58a&!J!!&NC*6%8#!!!B4NP-43)!!"G'58a&!J!!$NC*6%8
-#!!!H4NP-43)!!"&'58a&!J!!%%C*6%8#!!!K4NP-43)!!"4'58a&!J!!&8C*6%8
-#!!!X4NP-43)!!"T'58a&!J!!'8C*6%8#!!!S4NP-43)!!#G'58a&!J!!*%C*6%8
-#!!!Y4NP-43)!!!Y'58a&!J!!*NC*6%8#!!!T4NP-43)!!!a'58a&!J!!+dC*6%8
-#!!!L4NP-43)!!!p'58a&!J!!'dC*6%8#!!!G4NP-43)!!"p'58a&!J!!*8C*6%8
-#!!!M4e*98!!!!!!!!!!!%8p`C@j68d`J6'PLFQ&bD@9c!!!!"%G599!!!!!!!!!
-!!!038%-!!!!#4NP-43)!!$0'58a&!J!!0%G599!!!!!!!!!!!!-f1'X!!!!#4NP
--438!!#"'58a&"3!!(dG599!!!!!!!!!!!!CMFRP`G'm!!!!S4NP-43%!!Aa'58a
-&!3!"INC*6%8"!!'N4NP-43%!!Cp'58a&!3!"I8C*6%8"!!&l4e*98!!!!!!!!!!
-!"'&cEM%!!!"A4NP-43%!!$j'58a&!3!!-8C*6%8"!!"&4NP-43%!!$P'58a&!3!
-!3dC*6%8"!!!m4NP-43%!!$p'58a&!3!!3%C*6%8"!!"%4NP-43%!!%&'58a&!3!
-!0dC*6%8"!!!e4NP-43%!!$Y'58a&!3!!-NC*6%8"!!!i4NP-43%!!%K'58a&!3!
-!4NC*6%8"!!"#4NP-43%!!$C'58a&!3!!4dC*6%8"!!')4NP-43%!!("'58a&!3!
-!I%C*6%8"!!"i4NP-43%!!(T'58a&!3!!H8C*6%8"!!"a4NP-43%!!(C'58a&!3!
-!FNC*6%8"!!"p4NP-43%!!B&'58a&!3!!FdC*6%8"!!"e4NP-43%!!(Y'58a&!3!
-!A8C*6%8"!!"04NP-43%!!&P'58a&!3!!6NC*6%8"!!"D4NP-43%!!%p'58a&!3!
-!@dC*6%8"!!"34NP-43%!!&a'58a&!3!!5dC*6%8"!!"A4NP-43%!!%a'58a&!3!
-!@%C*6%8"!!"Z4NP-43%!!'p'58a&!3!"LNC*6%8"!!"X4NP-43%!!'e'58a&!3!
-"L8C*6%8"!!',4NP-43%!!'9'58a&!3!!D8C*6%8"!!"S4NP-43%!!'G'58a&!3!
-!BdC*6%8"!!"N4NP-43%!!'&'58a&!3!!DNC*6%8"!!"L4NP-43%!!'C'58a&!3!
-!8dC*6%8"!!"84NP-43%!!&9'58a&!3!!9NC*6%8"!!"*4NP-43%!!%T'58a&!3!
-!ANC*6%8"!!"54NP-43%!!$T'58a&!3!!GdC*6%8"!!!c4NP-43%!!(4'58a&!3!
-!,dC*6%8"!!!Z4NP-43%!!#e'58a&!3!!28C*6%8"!!!d4NP-43%!!Ba'58a&!3!
-!88C*6%8"!!!`4NP-43%!!&p'58a&!3!!B%C*6%8"!!"V4e*98!!!!!!!!!!!!Q*
-Q!!!!"8C*6%8"!!##4NP-43%!!(p'58a&!3!!J%C*6%8"!!"q4NP-43%!!)&(8P9
-3!!!!!!!!!!!$BQP[!!!!$NC*6%8"!!#%4NP-43%!!Be'58a&!3!!JdC*6%8"!!'
-14NP-43%!!C&'58a&!3!"MdC*6%8"!!'3!%C*6%8"!!#&4NP-43%!!C*'58a&!3!
-"J%C*6%8"!!'(4NP-43%!!C9'58a&!3!"NdC*6%8"!!'84e*98!!!!!!!!!!!!Q*
-Z!!!!&%C*6%8"!!#'4NP-43%!!)P'58a&!3!!LdC*6%8"!!#14NP-43%!!DC'58a
-&!3!!N8C*6%8"!!#64NP-43%!!*4'58a&!3!!PNC*6%8"!!#B4NP-43%!!)K'58a
-&!3!!M8C*6%8"!!#54NP-43%!!)T'58a&!3!!PdC*6%8"!!#(4NP-43%!!*9'58a
-&!3!!MdC*6%8"!!#3!%C*6%8"!!#-4e*98!!!!!!!!!!!"Q*eCQCPFJ!!!!*'58a
-&!3!!Q8C*6%8"!!#D4e*98!!!!!!!!!!!"'0KFh3!!!!&4NP-43%!!*p'58a&!3!
-!R%C*6%8"!!#G4NP-43%!!*Y'58a&!3!!RNG599!!!!!!!!!!!!4MEfe`!!!!!dC
-*6%8"!!#J4NP-43%!!+&'58a&!3!!SNG599!!!!!!!!!!!!4MEfjQ!!!!!NC*6%8
-"!!#M4NP-43%!!+4(8P93!!!!!!!!!!!$C'9c!!!!'NC*6%8"!!#P4NP-43%!!+C
-'58a&!3!!U%C*6%8"!!#T4NP-43%!!+Y'58a&!3!!V%C*6%8"!!#Z4NP-43%!!CC
-'58a&!3!!VdC*6%8"!!#b4NP-43%!!,0'58a&!3!!Y%C*6%8"!!#e4NP-43%!!,C
-'58a&!3!!Z%C*6%8"!!#j4NP-43%!!,T'58a&!3!!UNC*6%8"!!#`4NP-43%!!,G
-'58a&!3!![8C*6%8"!!#l4NP-43%!!+G'58a&!3!!X8C*6%8"!!#m4NP-43%!!+e
-(8P93!!!!!!!!!!!#C'J!!!!&4NP-43%!!-"'58a&!3!!`8C*6%8"!!$#4NP-43%
-!!,j'58a&!3!![dG599!!!!!!!!!!!!0NFf%!!!!)4NP-43%!!-9'58a&!3!!aNC
-*6%8"!!$(4NP-43%!!-0'58a&!3!!b8C*6%8"!!$)4NP-43%!!-4'58a&!3!"JNG
-599!!!!!!!!!!!!0PFR)!!!!$4NP-43%!!-T'58a&!3!!bdC*6%8"!!$-4e*98!!
-!!!!!!!!!!f9fF!!!!$p'58a&!3!!ddC*6%8"!!$54NP-43%!!04'58a&!3!!eNC
-*6%8"!!$V4NP-43%!!0e'58a&!3!!j%C*6%8"!!$c4NP-43%!!1a'58a&!3!!hNC
-*6%8"!!$P4NP-43%!!24'58a&!3!!k%C*6%8"!!$D4NP-43%!!2G'58a&!3!"!NC
-*6%8"!!$K4NP-43%!!2"'58a&!3!!q%C*6%8"!!$Y4NP-43%!!0p'58a&!3!!jNC
-*6%8"!!$e4NP-43%!!1P'58a&!3!!fdC*6%8"!!$L4NP-43%!!2&'58a&!3!!kNC
-*6%8"!!$F4NP-43%!!10'58a&!3!!mNC*6%8"!!$Z4NP-43%!!1"'58a&!3!!jdC
-*6%8"!!$f4NP-43%!!2j'58a&!3!!qdC*6%8"!!$m4NP-43%!!3"'58a&!3!"!8C
-*6%8"!!$j4NP-43%!!2T'58a&!3!!r8C*6%8"!!$r4NP-43%!!3C'58a&!3!""dC
-*6%8"!!%)4NP-43%!!3P'58a&!3!""8C*6%8"!!%%4NP-43%!!30'58a&!3!!cdC
-*6%8"!!$04NP-43%!!-j'58a&!3!!e8C*6%8"!!$[4NP-43%!!0&'58a&!3!!edC
-*6%8"!!$34NP-43%!!0P'58a&!3!!f%C*6%8"!!'A4NP-43%!!CK(8P93!!!!!!!
-!!!!%D'eKB`!!!!&'58a&!3!"#NG599!!!!!!!!!!!!4TC'9K!!!!"8C*6%8"!!%
-,4NP-43%!!3a'58a&!3!"$NC*6%8"!!%04NP-43%!!3p(8P93!!!!!!!!!!!&E'K
-KFfJ!!!!#4NP-43%!!4"'58a&!3!"%8G599!!!!!!!!!!!!0YC$)!!!!#4NP-43%
-!!4*'58a&!3!"%dG599!!!!!!!!!!!!0YC$8!!!!#4NP-43%!!44'58a&!3!"&8G
-599!!!!!!!!!!!!4YC'-b!!!!!NC*6%8"!!%@4NP-43%!!4G(8P93!!!!!!!!!!!
-(Ef*UC@0dF`!!!!4'58a&!3!"'dC*6%8"!!%B4NP-43%!!4T'58a&!3!"'8G599!
-!!!!!!!!!!!0`C@d!!!!'4NP-43%!!5&'58a&!3!")%C*6%8"!!%H4NP-43%!!4p
-'58a&!3!"(%C*6%8"!!%G4e*98!!!!!!!!!!!"R"VBh-a-J!!!""'58a&!3!")NC
-*6%8"!!%M4NP-43%!!54'58a&!3!"*8C*6%8"!!%Q4NP-43%!!5G'58a&!3!"+%C
-*6%8"!!%T4NP-43%!!5T'58a&!3!"+dC*6%8"!!%X4NP-43%!!5e'58a&!3!",NC
-*6%8"!!%[4NP-43%!!CP'58a&!3!"-%G599!!!!!!!!!!!!9`Df0c0`!!!!C'58a
-&!3!"-NC*6%8"!!%c4NP-43%!!6&'58a&!3!"R%C*6%8"!!'D4NP-43%!!CY(8P9
-3!!!!!!!!!!!%FQ&ZC!!!!!4'58a&!3!"0%C*6%8"!!%e4NP-43%!!6C'58a&!3!
-"TdG599!!!!!!!!!!!!0bBc)!!!!&4NP-43%!!6T'58a&!3!"1dC*6%8"!!%j4NP
--43%!!6G'58a&!3!"1%G599!!!!!!!!!!!!0bBc3!!!!#4NP-43%!!6e'58a&!3!
-"2%G599!!!!!!!!!!!!0bBc8!!!!&4NP-43%!!8*'58a&!3!"3%C*6%8"!!&"4NP
--43%!!6j'58a&!3!"2dG599!!!!!!!!!!!!CbDA"PE@3!!!!#4NP-43%!!80'58a
-&!3!"4%G599!!!!!!!!!!!!0bFf%!!!!-4NP-43%!!89'58a&!3!"4dC*6%8"!!&
-)4NP-43%!!8e'58a&!3!"6%C*6%8"!!&'4NP-43%!!8Y'58a&!3!"6NC*6%8"!!&
-*4NP-43%!!8T'58a&!3!"R8C*6%8"!!'H4e*98!!!!!!!!!!!!h0SB3!!!!4'58a
-&!3!"88C*6%8"!!&24NP-43%!!9*'58a&!3!"8%G599!!!!!!!!!!!!9cG'&MD`!
-!!!&'58a&!3!"8dG599!!!!!!!!!!!!CdH(4IC')!!!!"4NP-43%!!94(8P93!!!
-!!!!!!!!%H$8`13!!!"9'58a&!3!"A%C*6%8"!!&E4NP-43%!!@&'58a&!3!"@NC
-*6%8"!!&J4NP-43%!!@*'58a&!3!"JdC*6%8"!!&Q4NP-43%!!@0'58a&!3!"@%C
-*6%8"!!&G4NP-43%!!9G'58a&!3!"C8C*6%8"!!&H4NP-43%!!9P'58a&!3!"AdC
-*6%8"!!&R4NP-43%!!@4'58a&!3!"K%C*6%8"!!&94NP-43%!!9C(8P93!!!!!!!
-!!!!'H$8`1ABc!!!!&8C*6%8"!!&V4NP-43%!!@a'58a&!3!"E8C*6%8"!!&a4NP
--43%!!A0'58a&!3!"G8C*6%8"!!&h4NP-43%!!AT'58a&!3!"D%C*6%8"!!&b4NP
--43%!!@T'58a&!3!"H%C*6%8"!!&T4NP-43%!!AC'58a&!3!"G%C*6%8"!!&`4NP
--43%!!AP'58a&!3!"ENC*6%8"!!&[4NP-43%!!B9'58a&!3!"KNG599!!!!!!!!!
-!!!0cFf`!!!!M4NP-43%!!"0'58a&!3!!&8C*6%8"!!!34NP-43%!!"*'58a&!3!
-!%8C*6%8"!!!84NP-43%!!"T'58a&!3!!(%C*6%8"!!!A4NP-43%!!"P'58a&!3!
-!'%C*6%8"!!!E4NP-43%!!"C'58a&!3!!$8C*6%8"!!!24NP-43%!!!Y'58a&!3!
-!$%C*6%8"!!!14NP-43%!!#Y'58a&!3!!,%C*6%8"!!!S4NP-43%!!#T'58a&!3!
-!+8C*6%8"!!!M4NP-43%!!#*'58a&!3!!(dC*6%8"!!!P4NP-43%!!#"'58a&!3!
-!*NC*6%8"!!!N4NP-43%!!"j'58a&!3!!*dC*6%8"!!!G4NP-43%!!!T'58a&!3!
-!)8G599!!!!!!!!!!!!j(990*)%aTBR*KFQPPF`!!!!0'58a&!J!!,dG599!!!!!
-!!!!!!!038%-!!!!$4NP-43)!!$"'58a&!J!!-8C*6%8#!!!b4e*98!!!!!!!!!!
-!!cBiD`!!!!0'58a&"3!!&%C*6%8&!!!94NP-438!!"C(8P93!!!!!!!!!!!138j
-655"-D@*bBA*TCA-!!!!#4e*98!!!!!!!!!!!!e"33`!!!!*'58a&!3!!!8C*6%8
-"!!&r4e*98!!!!!!!!!!!!cBiD`!!!!*'58a&!`!"S%C*6%8$!!'K4e*98!!!!!!
-!!!!!$8eKBb"-D@*bBA*TCA-!!!!#4e*98!!!!!!!!!!!!e"33`!!!!P'58a&!3!
-!"%C*6%8"!!!#4NP-43%!!!0'58a&!3!!#8C*6%8"!!!)4NP-43%!!!G'58a&!3!
-!"NC*6%8"!!!&4NP-43%!!D9(8P93!!!!!!!!!!!$0MKV!!!!"NC*6%8$!!'D4NP
--43-!!D*'58a&!`!"R%C*6%8$!!'G4NP-43-!!Cp'58a&!`!"Q`!!!"J!!!)!!!)
-!!!!!!J%!"3!!!!!#!J!-!!!!!!)$!!S!!!!!!J3!!J!!!!!#"3!&!!!!!!)'!!)
-!!!!!!JF!"J!!!!!##!!0!!!!!!)*!!8!!!!!!JS!"3!!!!!##`!"!!!!!!)-!!%
-!!!!!!Jd!"`!!!!!#$J!)!!!!!!)2!!8!!!!!!K!!!J!!!!!#%3!#!!!!!!)5!!J
-!!!!!!K-!!3!!!!!#&!!"!!!!!!)9!!J!!!!!!KB!#3!!!!!#&`!%!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!#"J%#!!!c"`%#!!!d!!!!!J3""3!!)!J""3!
-!(`!!!HJ!!!)!!!!6k3!!&!!!!!(S!&j1G!!-6PB!!#m+,`-NEJ!35Ui!!!$*!!!
-!i!!!&0i!!"J!!!!!b3!-,bi!##"U!-JJD!"i6T!!-"mf!!!!!K%!!!)5!!!#%`!
-!!K3!!!)9!!!"p3!!!HJ!!!(H!!!"d3!!!IX!!!(3!!!"p!!!!I`!!!)"!!!"U3!
-!!DS!!!'V!!!!,!!!!#d!!!!Z!!!!,`!!!$!!!!!a!!!!-J!!!$-!!!!d!!!!03!
-!!$B!!!!h!!!!1!!!!$N!!!!k!!!!1`!!!BF!!!!m!!!!23!!!$i!!!!r!!!!3!!
-!!%%!!!',!!!!3J!!!%-!!!"%!!!!43!!!%B!!!"(!!!"kJ!!!Am!!!"p!!!!IJ!
-!!(m!!!'5!!!"N3!!!)!!!!#"!!!!c!!!!B`!!!$0!!!!JJ!!!)-!!!$1!!!!c`!
-!!!N!!!(a!!!!K3!!!)B!!!#(!!!"T3!!!)J!!!#*!!!!LJ!!!)X!!!#-!!!!M3!
-!!)i!!!#2!!!!N!!!!!#4!!!!NJ!!!*-!!!#8!!!!P3!!!*B!!!#A!!!"N`!!!Bi
-!!!'2!!!"M3!!!C!!!!!!K!!!!*J!!!#C!!!#"!!!!93!!!&9!!!"P!!!!BB!!!)
-(!!!##!!!!D`!!!#N!!!!T3!!!+B!!!#R!!!!U!!!!KB!!!'Y!!!!R`!!!+)!!!#
-M!!!"R`!!!AS!!!'Z!!!"V`!!!AX!!!)!!!!"RJ!!!0!!!!#D!!!!Q`!!!*`!!!#
-G!!!!S!!!!*i!!!#K!!!!5!!!!%N!!!"+!!!!5`!!!%`!!!"0!!!!6J!!!%m!!!)
-&!!!#"J!!!+N!!!'`!!!"X3!!!,d!!!#q!!!![`!!!-!!!!$"!!!!d3!!!E)!!!'
-c!!!!`J!!!--!!!$%!!!!a3!!!-B!!!'"!!!!a`!!!-J!!!#U!!!!U`!!!+`!!!'
-d!!!!dJ!!!+d!!!'9!!!!b3!!!D!!!!'e!!!!bJ!!!-X!!!"3!!!!d`!!!03!!!$
-9!!!!eJ!!!0F!!!$B!!!"I!!!!0N!!!$D!!!!f`!!!0`!!!$G!!!!hJ!!!0m!!!$
-J!!!!i3!!!1)!!!$M!!!!j!!!!18!!!$Q!!!!j`!!!1J!!!$T!!!!kJ!!!1X!!!$
-X!!!!l3!!!1i!!!$[!!!!m!!!!2%!!!$b!!!!m`!!!23!!!$e!!!!pJ!!!2F!!!#
-Z!!!!V`!!!J-!!!(D!!!"l3!!!&%!!!"5!!!!8`!!!H`!!!'f!!!"Y`!!!EJ!!!(
-L!!!"i!!!!D%!!!(E!!!"c3!!!F`!!!(F!!!"cJ!!!Gd!!!(2!!!"#3!!!&3!!!"
-9!!!!9J!!!&F!!!"B!!!!@3!!!&S!!!"E!!!!!3!!!3S!!!%,!!!"$!!!!3d!!!%
-1!!!"$`!!!4!!!!(f!!!"k3!!!HF!!!(Q!!!"i`!!!H8!!!(I!!!"rJ!!!Id!!!(
-5!!!"SJ!!!!)!!!(C!!!"%3!!!4)!!!%6!!!"&!!!!48!!!%@!!!"-`!!!Ad!!!'
-M!!!"p`!!!GJ!!!!!!!!"d`!!!!-!!!(A!!!"IJ!!!IJ!!!(V!!!"q3!!!Hi!!!$
-i!!!!q3!!!2S!!!$l!!!!r!!!!2d!!!$q!!!!r`!!!3!!!!%"!!!"Z3!!!&`!!!"
-G!!!"&`!!!4J!!!%C!!!!X!!!!,%!!!#b!!!"j!!!!H%!!!'k!!!"e!!!!!3!!!!
-&!!!"e3!!!GB!!!!'!!!!"`!!!4S!!!%K!!!")J!!!5-!!!%N!!!"*3!!!5B!!!%
-R!!!"+!!!!5N!!!%U!!!"+`!!!5`!!!'B!!!",3!!!5i!!!'@!!!"P`!!!&i!!!"
-I!!!!B!!!!'%!!!"L!!!!B`!!!'3!!!"P!!!!CJ!!!'F!!!"S!!!!D3!!!'S!!!#
-c!!!"qJ!!!I-!!!%E!!!"(!!!!4d!!!%H!!!"(`!!!5!!!!%[!!!"Q3!!!6!!!!%
-a!!!"QJ!!!CX!!!'l!!!"[!!!!6)!!!'p!!!"T!!!!JN!!!)+!!!##`!!!J`!!!)
-0!!!#$J!!!I!!!!)2!!!"!J!!!3-!!!%%!!!""3!!!3B!!!%(!!!"#!!!!,3!!!%
-d!!!"T`!!!DB!!!#e!!!"03!!!6B!!!%h!!!"1!!!!6N!!!%k!!!"1`!!!6`!!!%
-p!!!"2J!!!6m!!!&!!!!"33!!!,B!!!#h!!!"[J!!!Hm!!!)3!!!"3J!!!8-!!!#
-i!!!"[`!!!C`!!!&%!!!"43!!!8B!!!&(!!!"5!!!!Cd!!!&*!!!"5J!!!8X!!!&
--!!!"63!!!!S!!!!,!!!!$!!!!!d!!!!1!!!!$`!!!"!!!!!4!!!!%J!!!"-!!!!
-8!!!!&3!!!"B!!!!A!!!!'!!!!"N!!!!D!!!!'`!!!F!!!!#j!!!"6J!!!8m!!!&
-3!!!"83!!!F%!!!(r!!!"`J!!!F-!!!!F!!!!(3!!!"i!!!!I!!!!)!!!!#%!!!!
-L!!!!)`!!!#3!!!!P!!!!*J!!!9)!!!#k!!!!Z`!!!F3!!!(&!!!"aJ!!!FF!!!(
-,!!!!*`!!!#J!!!!T!!!!+J!!!#X!!!)#!!!!#!!!!9-!!!'+!!!!D`!!!'`!!!"
-Y!!!"L!!!!'i!!!'*!!!"C`!!!@J!!!&T!!!"DJ!!!@X!!!&X!!!"E3!!!@i!!!&
-[!!!"F!!!!A%!!!&b!!!"K3!!!A-!!!&d!!!"G3!!!AB!!!'%!!!"G`!!!AJ!!!&
-j!!!"b!!!!FN!!!'S!!!"bJ!!!9B!!!&A!!!"JJ!!!9J!!!&C!!!"@J!!!9X!!!&
-F!!!"A3!!!9i!!!&I!!!"B!!!!@%!!!&L!!!"J`!!!@-!!!&N!!!"C3!!!,`!!!(
-b!!!!E`!!!@B!!!"`!!!!F3!!!()!!!"c!!!!G!!!!(8!!!"f!!!!G`!!!(J!!!"
-j!!!!HJ!!!(X!!!"m!!!"J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!"!!!!-P*26e3!!!!!!!!!!!!!!!!'4e*98!!!!!!!!!!"$P*[H5Gc)%G
-PG%K89&"6!!!!"8C*6%8"!!'L4NP-43%!!D0'58a&!3!"U%C*6%8"!!'K4NP-43%
-!!D"(8P93!!!!!!!!!!)66h"PEP066#""F("XD@0KG'P[EJ!!!#0'58a&!J!!(%C
-*6%8#!!!U4NP-43)!!!e'58a&!J!!)%C*6%8#!!!54NP-43)!!"0'58a&!J!!&NC
-*6%8#!!!B4NP-43)!!"G'58a&!J!!$NC*6%8#!!!H4NP-43)!!"&'58a&!J!!%%C
-*6%8#!!!K4NP-43)!!"4'58a&!J!!&8C*6%8#!!!X4NP-43)!!"T'58a&!J!!'8C
-*6%8#!!!S4NP-43)!!#G'58a&!J!!*%C*6%8#!!!Y4NP-43)!!!Y'58a&!J!!*NC
-*6%8#!!!T4NP-43)!!!a'58a&!J!!+dC*6%8#!!!L4NP-43)!!!p'58a&!J!!'dC
-*6%8#!!!G4NP-43)!!"p'58a&!J!!*8C*6%8#!!!M4e*98!!!!!!!!!!$%8p`C@j
-68d`J6'PLFQ&bD@9c!!!!"%G599!!!!!!!!!!"!038%-!!!!#4NP-43)!!$0'58a
-&!J!!0%G599!!!!!!!!!!"3-f1'X!!!!#4NP-438!!#"'58a&"3!!(dG599!!!!!
-!!!!!"JCMFRP`G'm!!!!S4NP-43%!!Aa'58a&!3!"INC*6%8"!!'N4NP-43%!!Cp
-'58a&!3!"I8C*6%8"!!&l4e*98!!!!!!!!!!("'&cEM%!!!"A4NP-43%!!$j'58a
-&!3!!-8C*6%8"!!"&4NP-43%!!$P'58a&!3!!3dC*6%8"!!!m4NP-43%!!$p'58a
-&!3!!3%C*6%8"!!"%4NP-43%!!%&'58a&!3!!0dC*6%8"!!!e4NP-43%!!$Y'58a
-&!3!!-NC*6%8"!!!i4NP-43%!!%K'58a&!3!!4NC*6%8"!!"#4NP-43%!!$C'58a
-&!3!!4dC*6%8"!!')4NP-43%!!("'58a&!3!!I%C*6%8"!!"i4NP-43%!!(T'58a
-&!3!!H8C*6%8"!!"a4NP-43%!!(C'58a&!3!!FNC*6%8"!!"p4NP-43%!!B&'58a
-&!3!!FdC*6%8"!!"e4NP-43%!!(Y'58a&!3!!A8C*6%8"!!"04NP-43%!!&P'58a
-&!3!!6NC*6%8"!!"D4NP-43%!!%p'58a&!3!!@dC*6%8"!!"34NP-43%!!&a'58a
-&!3!!5dC*6%8"!!"A4NP-43%!!%a'58a&!3!!@%C*6%8"!!"Z4NP-43%!!'p'58a
-&!3!"LNC*6%8"!!"X4NP-43%!!'e'58a&!3!"L8C*6%8"!!',4NP-43%!!'9'58a
-&!3!!D8C*6%8"!!"S4NP-43%!!'G'58a&!3!!BdC*6%8"!!"N4NP-43%!!'&'58a
-&!3!!DNC*6%8"!!"L4NP-43%!!'C'58a&!3!!8dC*6%8"!!"84NP-43%!!&9'58a
-&!3!!9NC*6%8"!!"*4NP-43%!!%T'58a&!3!!ANC*6%8"!!"54NP-43%!!$T'58a
-&!3!!GdC*6%8"!!!c4NP-43%!!(4'58a&!3!!,dC*6%8"!!!Z4NP-43%!!#e'58a
-&!3!!28C*6%8"!!!d4NP-43%!!Ba'58a&!3!!88C*6%8"!!!`4NP-43%!!&p'58a
-&!3!!B%C*6%8"!!"V4e*98!!!!!!!!!!)!Q*Q!!!!"8C*6%8"!!##4NP-43%!!(p
-'58a&!3!!J%C*6%8"!!"q4NP-43%!!)&(8P93!!!!!!!!!!N$BQP[!!!!$NC*6%8
-"!!#%4NP-43%!!Be'58a&!3!!JdC*6%8"!!'14NP-43%!!C&'58a&!3!"MdC*6%8
-"!!'3!%C*6%8"!!#&4NP-43%!!C*'58a&!3!"J%C*6%8"!!'(4NP-43%!!C9'58a
-&!3!"NdC*6%8"!!'84e*98!!!!!!!!!!+!Q*Z!!!!&%C*6%8"!!#'4NP-43%!!)P
-'58a&!3!!LdC*6%8"!!#14NP-43%!!DC'58a&!3!!N8C*6%8"!!#64NP-43%!!*4
-'58a&!3!!PNC*6%8"!!#B4NP-43%!!)K'58a&!3!!M8C*6%8"!!#54NP-43%!!)T
-'58a&!3!!PdC*6%8"!!#(4NP-43%!!*9'58a&!3!!MdC*6%8"!!#3!%C*6%8"!!#
--4e*98!!!!!!!!!!,"Q*eCQCPFJ!!!!*'58a&!3!!Q8C*6%8"!!#D4e*98!!!!!!
-!!!!-"'0KFh3!!!!&4NP-43%!!*p'58a&!3!!R%C*6%8"!!#G4NP-43%!!*Y'58a
-&!3!!RNG599!!!!!!!!!!$34MEfe`!!!!!dC*6%8"!!#J4NP-43%!!+&'58a&!3!
-!SNG599!!!!!!!!!!$J4MEfjQ!!!!!NC*6%8"!!#M4NP-43%!!+4(8P93!!!!!!!
-!!!m$C'9c!!!!'NC*6%8"!!#P4NP-43%!!+C'58a&!3!!U%C*6%8"!!#T4NP-43%
-!!+Y'58a&!3!!V%C*6%8"!!#Z4NP-43%!!CC'58a&!3!!VdC*6%8"!!#b4NP-43%
-!!,0'58a&!3!!Y%C*6%8"!!#e4NP-43%!!,C'58a&!3!!Z%C*6%8"!!#j4NP-43%
-!!,T'58a&!3!!UNC*6%8"!!#`4NP-43%!!,G'58a&!3!![8C*6%8"!!#l4NP-43%
-!!+G'58a&!3!!X8C*6%8"!!#m4NP-43%!!+e(8P93!!!!!!!!!"!#C'J!!!!&4NP
--43%!!-"'58a&!3!!`8C*6%8"!!$#4NP-43%!!,j'58a&!3!![dG599!!!!!!!!!
-!%30NFf%!!!!)4NP-43%!!-9'58a&!3!!aNC*6%8"!!$(4NP-43%!!-0'58a&!3!
-!b8C*6%8"!!$)4NP-43%!!-4'58a&!3!"JNG599!!!!!!!!!!%J0PFR)!!!!$4NP
--43%!!-T'58a&!3!!bdC*6%8"!!$-4e*98!!!!!!!!!!6!f9fF!!!!$p'58a&!3!
-!ddC*6%8"!!$54NP-43%!!04'58a&!3!!eNC*6%8"!!$V4NP-43%!!0e'58a&!3!
-!j%C*6%8"!!$c4NP-43%!!1a'58a&!3!!hNC*6%8"!!$P4NP-43%!!24'58a&!3!
-!k%C*6%8"!!$D4NP-43%!!2G'58a&!3!"!NC*6%8"!!$K4NP-43%!!2"'58a&!3!
-!q%C*6%8"!!$Y4NP-43%!!0p'58a&!3!!jNC*6%8"!!$e4NP-43%!!1P'58a&!3!
-!fdC*6%8"!!$L4NP-43%!!2&'58a&!3!!kNC*6%8"!!$F4NP-43%!!10'58a&!3!
-!mNC*6%8"!!$Z4NP-43%!!1"'58a&!3!!jdC*6%8"!!$f4NP-43%!!2j'58a&!3!
-!qdC*6%8"!!$m4NP-43%!!3"'58a&!3!"!8C*6%8"!!$j4NP-43%!!2T'58a&!3!
-!r8C*6%8"!!$r4NP-43%!!3C'58a&!3!""dC*6%8"!!%)4NP-43%!!3P'58a&!3!
-""8C*6%8"!!%%4NP-43%!!30'58a&!3!!cdC*6%8"!!$04NP-43%!!-j'58a&!3!
-!e8C*6%8"!!$[4NP-43%!!0&'58a&!3!!edC*6%8"!!$34NP-43%!!0P'58a&!3!
-!f%C*6%8"!!'A4NP-43%!!CK(8P93!!!!!!!!!"3%D'eKB`!!!!&'58a&!3!"#NG
-599!!!!!!!!!!&34TC'9K!!!!"8C*6%8"!!%,4NP-43%!!3a'58a&!3!"$NC*6%8
-"!!%04NP-43%!!3p(8P93!!!!!!!!!"B&E'KKFfJ!!!!#4NP-43%!!4"'58a&!3!
-"%8G599!!!!!!!!!!&`0YC$)!!!!#4NP-43%!!4*'58a&!3!"%dG599!!!!!!!!!
-!'!0YC$8!!!!#4NP-43%!!44'58a&!3!"&8G599!!!!!!!!!!'34YC'-b!!!!!NC
-*6%8"!!%@4NP-43%!!4G(8P93!!!!!!!!!"S(Ef*UC@0dF`!!!!4'58a&!3!"'dC
-*6%8"!!%B4NP-43%!!4T'58a&!3!"'8G599!!!!!!!!!!'`0`C@d!!!!'4NP-43%
-!!5&'58a&!3!")%C*6%8"!!%H4NP-43%!!4p'58a&!3!"(%C*6%8"!!%G4e*98!!
-!!!!!!!!F"R"VBh-a-J!!!""'58a&!3!")NC*6%8"!!%M4NP-43%!!54'58a&!3!
-"*8C*6%8"!!%Q4NP-43%!!5G'58a&!3!"+%C*6%8"!!%T4NP-43%!!5T'58a&!3!
-"+dC*6%8"!!%X4NP-43%!!5e'58a&!3!",NC*6%8"!!%[4NP-43%!!CP'58a&!3!
-"-%G599!!!!!!!!!!(39`Df0c0`!!!!C'58a&!3!"-NC*6%8"!!%c4NP-43%!!6&
-'58a&!3!"R%C*6%8"!!'D4NP-43%!!CY(8P93!!!!!!!!!"i%FQ&ZC!!!!!4'58a
-&!3!"0%C*6%8"!!%e4NP-43%!!6C'58a&!3!"TdG599!!!!!!!!!!(`0bBc)!!!!
-&4NP-43%!!6T'58a&!3!"1dC*6%8"!!%j4NP-43%!!6G'58a&!3!"1%G599!!!!!
-!!!!!)!0bBc3!!!!#4NP-43%!!6e'58a&!3!"2%G599!!!!!!!!!!)30bBc8!!!!
-&4NP-43%!!8*'58a&!3!"3%C*6%8"!!&"4NP-43%!!6j'58a&!3!"2dG599!!!!!
-!!!!!)JCbDA"PE@3!!!!#4NP-43%!!80'58a&!3!"4%G599!!!!!!!!!!)`0bFf%
-!!!!-4NP-43%!!89'58a&!3!"4dC*6%8"!!&)4NP-43%!!8e'58a&!3!"6%C*6%8
-"!!&'4NP-43%!!8Y'58a&!3!"6NC*6%8"!!&*4NP-43%!!8T'58a&!3!"R8C*6%8
-"!!'H4e*98!!!!!!!!!!N!h0SB3!!!!4'58a&!3!"88C*6%8"!!&24NP-43%!!9*
-'58a&!3!"8%G599!!!!!!!!!!*39cG'&MD`!!!!&'58a&!3!"8dG599!!!!!!!!!
-!*JCdH(4IC')!!!!"4NP-43%!!94(8P93!!!!!!!!!#F%H$8`13!!!"9'58a&!3!
-"A%C*6%8"!!&E4NP-43%!!@&'58a&!3!"@NC*6%8"!!&J4NP-43%!!@*'58a&!3!
-"JdC*6%8"!!&Q4NP-43%!!@0'58a&!3!"@%C*6%8"!!&G4NP-43%!!9G'58a&!3!
-"C8C*6%8"!!&H4NP-43%!!9P'58a&!3!"AdC*6%8"!!&R4NP-43%!!@4'58a&!3!
-"K%C*6%8"!!&94NP-43%!!9C(8P93!!!!!!!!!#J'H$8`1ABc!!!!&8C*6%8"!!&
-V4NP-43%!!@a'58a&!3!"E8C*6%8"!!&a4NP-43%!!A0'58a&!3!"G8C*6%8"!!&
-h4NP-43%!!AT'58a&!3!"D%C*6%8"!!&b4NP-43%!!@T'58a&!3!"H%C*6%8"!!&
-T4NP-43%!!AC'58a&!3!"G%C*6%8"!!&`4NP-43%!!AP'58a&!3!"ENC*6%8"!!&
-[4NP-43%!!B9'58a&!3!"KNG599!!!!!!!!!!+30cFf`!!!!M4NP-43%!!"0'58a
-&!3!!&8C*6%8"!!!34NP-43%!!"*'58a&!3!!%8C*6%8"!!!84NP-43%!!"T'58a
-&!3!!(%C*6%8"!!!A4NP-43%!!"P'58a&!3!!'%C*6%8"!!!E4NP-43%!!"C'58a
-&!3!!$8C*6%8"!!!24NP-43%!!!Y'58a&!3!!$%C*6%8"!!!14NP-43%!!#Y'58a
-&!3!!,%C*6%8"!!!S4NP-43%!!#T'58a&!3!!+8C*6%8"!!!M4NP-43%!!#*'58a
-&!3!!(dC*6%8"!!!P4NP-43%!!#"'58a&!3!!*NC*6%8"!!!N4NP-43%!!"j'58a
-&!3!!*dC*6%8"!!!G4NP-43%!!!T'58a&!3!!)8G599!!!!!!!!!!+Jj(990*)%a
-TBR*KFQPPF`!!!!0'58a&!J!!,dG599!!!!!!!!!!+`038%-!!!!$4NP-43)!!$"
-'58a&!J!!-8C*6%8#!!!b4e*98!!!!!!!!!!X!cBiD`!!!!0'58a&"3!!&%C*6%8
-&!!!94NP-438!!"C(8P93!!!!!!!!!#d138j655"-D@*bBA*TCA-!!!!#4e*98!!
-!!!!!!!!Z!e"33`!!!!*'58a&!3!!!8C*6%8"!!&r4e*98!!!!!!!!!![!cBiD`!
-!!!*'58a&!`!"S%C*6%8$!!'K4e*98!!!!!!!!!!`$8eKBb"-D@*bBA*TCA-!!!!
-#4e*98!!!!!!!!!!a!e"33`!!!!P'58a&!3!!"%C*6%8"!!!#4NP-43%!!!0'58a
-&!3!!#8C*6%8"!!!)4NP-43%!!!G'58a&!3!!"NC*6%8"!!!&4NP-43%!!D9(8P9
-3!!!!!!!!!$)$0MKV!!!!"NC*6%8$!!'D4NP-43-!!D*'58a&!`!"R%C*6%8$!!'
-G4NP-43-!!Cp'58a&!`!"Q`!!!4#V3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!"+!!!'!"YFh4b!!!!!!!!!!!!!!!!!!!C+!!!#S"YFh4X!!!!!!!
-!!!!!!!!!!!!MU!!!!i"YFh4Z!!!!!!!!!!!!!!!!!!!R+!!!'!"YFh4b!!!$k!!
-!!!!!!!!!!!!r+!!!'B"YFh4X!!!$k!!!!!!!!!!!!!0TDJ!!#)"YFh4Z!!!$k!!
-!!!!!!!!!!!"E+!!!"4"`FQ9Q!!P'eJ!!!!%!!!!!!!"J1!!!!!K`FQ9Q!!L`,3!
-!!!)!!!!!!!"J3!!!!"T`FQ9Q!!PX2!!!!!-!!!!!!!"J@J!!$+"`FQ9Q!!MrS3!
-!!!3!!!!!!!"XqJ!!"K4`FQ9Q!!L+i3!!!!8!!!!!!!"c$J!!#*C`FQ9Q!!P5m!!
-!!!B!!!!!!!"lT!!!!3G`FQ9Q!!Le63!!!!F!!!!!!!"mU`!!!b"`FQ9Q!!N!,`!
-!!!J!!!!!!!"rb`!!!"4`FQ9Q!!NR4!!!!!N!!!!!!!"rh`!!!!T`FQ9Q!!M`UJ!
-!!!S!!!!!!!"rk3!!!!a`FQ9Q!!L"hJ!!!!X!!!!!!!"rp3!!!!j`FQ9Q!!M0!!!
-!!!`!!!!!!!#!!`!!!3C`FQ9Q!!Kpf3!!!!d!!!!!!!#"#3!!!$j`FQ9Q!!N#K!!
-!!!i!!!!!!!#"4`!!!!j`FQ9Q!!PRC3!!!!m!!!!!!!#"93!!!GT`FQ9Q!!MG@`!
-!!"!!!!!!!!#$,`!!!'*`FQ9Q!!M*!3!!!"%!!!!!!!#$N3!!!"4`FQ9Q!!MP"`!
-!!")!!!!!!!#$T3!!!!T`FQ9Q!!LpV!!!!"-!!!!!!!#$V`!!!!a`FQ9Q!!PJK`!
-!!"3!!!!!!!#$Z`!!!-T`FQ9Q!!L(e!!!!"8!!!!!!!#%K3!!!4K`FQ9Q!!LAh3!
-!!"B!!!!!!!#&R3!!!+K`FQ9Q!!LpP!!!!"F!!!!!!!#'43!!!#j`FQ9Q!!PBJJ!
-!!"J!!!!!!!#'F`!!!Ja`FQ9Q!!N()3!!!"N!!!!!!!#)I`!!4J"YG("X!!!!!3!
-!!!!!!!!!!!$1I`!!"`"YG("c!!!!!3!!!!!!!!!!!!$9I`!!!""YG("T!!!!!3!
-!!!!!!!!!!!$9M`!!"U"YG'a[!!!!!3!!!!!!!!!!!!$F,`!!!#"YG(0X!!!!!3!
-!!!!!!!!!!!$F6`!!"4"`FQ9Q!!NN23!!!"S!!!!!!!$KA`!!!!K`FQ9Q!!M6`J!
-!!"X!!!!!!!$KC`!!!"T`FQ9Q!!KkI3!!!"`!!!!!!!$KJ3!!%0"`FQ9Q!!LKD`!
-!!"d!!!!!!!$b83!!"K4`FQ9Q!!PS2J!!!"i!!!!!!!$iC3!!#*C`FQ9Q!!M14`!
-!!"m!!!!!!!%!q`!!!3G`FQ9Q!!P,IJ!!!#!!!!!!!!%#!J!!!b"`FQ9Q!!Mle3!
-!!#%!!!!!!!%&)J!!!"4`FQ9Q!!NP93!!!#)!!!!!!!%&0J!!!!T`FQ9Q!!LIJJ!
-!!#-!!!!!!!%&3!!!!!a`FQ9Q!!L8Z!!!!#3!!!!!!!%&6!!!!!j`FQ9Q!!P54!!
-!!#8!!!!!!!%&@J!!!3C`FQ9Q!!P'2`!!!#B!!!!!!!%'B!!!!$j`FQ9Q!!N63!!
-!!#F!!!!!!!%'RJ!!!!j`FQ9Q!!MZ(3!!!#J!!!!!!!%'V!!!!GT`FQ9Q!!Lmf!!
-!!#N!!!!!!!%)KJ!!!'*`FQ9Q!!LrK!!!!#S!!!!!!!%)k!!!!"4`FQ9Q!!NchJ!
-!!#X!!!!!!!%)r!!!!!T`FQ9Q!!M,S!!!!#`!!!!!!!%*"J!!!!a`FQ9Q!!N%'3!
-!!#d!!!!!!!%*%J!!!-T`FQ9Q!!NJ2!!!!#i!!!!!!!%*h!!!!4K`FQ9Q!!PIl3!
-!!#m!!!!!!!%+p!!!!+K`FQ9Q!!Lq%J!!!$!!!!!!!!%,R!!!!#j`FQ9Q!!LM0`!
-!!$%!!!!!!!%,bJ!!!Ja`FQ9Q!!NG#`!!!$)!!!!!!!%0eJ!!#J"YG("X!!!!!J!
-!!!!!!!!!!!%AeJ!!!3"YG("c!!!!!J!!!!!!!!!!!!%BeJ!!!""YG("T!!!!!J!
-!!!!!!!!!!!%BjJ!!!0"YG'a[!!!!!J!!!!!!!!!!!!%CYJ!!!#"YG(0X!!!!!J!
-!!!!!!!!!!!%CeJ!!"4"`FQ9Q!!PDj!!!!$-!!!!!!!%HjJ!!!!K`FQ9Q!!NN$!!
-!!$3!!!!!!!%HlJ!!!"T`FQ9Q!!MT*`!!!$8!!!!!!!%I#!!!$+"`FQ9Q!!P`ZJ!
-!!$B!!!!!!!%VU!!!"K4`FQ9Q!!N$-3!!!$F!!!!!!!%a[!!!#5C`FQ9Q!!L9f`!
-!!$J!!!!!!!%kiJ!!!3G`FQ9Q!!LI%`!!!$N!!!!!!!%lk3!!!b"`FQ9Q!!Lj$!!
-!!$S!!!!!!!%r#3!!!"4`FQ9Q!!MhR`!!!$X!!!!!!!%r(3!!!!T`FQ9Q!!M-hJ!
-!!$`!!!!!!!%r*`!!!!a`FQ9Q!!N&m!!!!$d!!!!!!!%r-`!!!!j`FQ9Q!!P[``!
-!!$i!!!!!!!%r33!!!3C`FQ9Q!!MmQ!!!!$m!!!!!!!&!4`!!!$j`FQ9Q!!MK!J!
-!!%!!!!!!!!&!K3!!!!j`FQ9Q!!LfY`!!!%%!!!!!!!&!N`!!!GT`FQ9Q!!MPM!!
-!!%)!!!!!!!&#E3!!!'*`FQ9Q!!PS+!!!!%-!!!!!!!&#c`!!!"4`FQ9Q!!MH03!
-!!%3!!!!!!!&#i`!!!!T`FQ9Q!!PH+3!!!%8!!!!!!!&#l3!!!!a`FQ9Q!!L*a3!
-!!%B!!!!!!!&#q3!!!-T`FQ9Q!!L*,!!!!%F!!!!!!!&$``!!!4K`FQ9Q!!MZ"!!
-!!%J!!!!!!!&%f`!!!+K`FQ9Q!!L@Q`!!!%N!!!!!!!&&J`!!!#j`FQ9Q!!M8&3!
-!!%S!!!!!!!&&X3!!!Ja`FQ9Q!!Lj"J!!!%X!!!!!!!&([3!!4J"YG("X!!!!!`!
-!!!!!!!!!!!'0[3!!"`"YG("c!!!!!`!!!!!!!!!!!!'8[3!!!""YG("T!!!!!`!
-!!!!!!!!!!!'8c3!!!#"YG(0X!!!!!`!!!!!!!!!!!!'8l3!!"T4YG'a[!!!!!`!
-!!!!!!!!!!!'EJ3!!"4"`FQ9Q!!N*[!!!!%`!!!!!!!'JN3!!!!K`FQ9Q!!Kq93!
-!!%d!!!!!!!'JQ3!!!"T`FQ9Q!!M+H`!!!%i!!!!!!!'JX`!!%0"`FQ9Q!!N6p!!
-!!%m!!!!!!!'aJ`!!"K4`FQ9Q!!M$+3!!!&!!!!!!!!'hP`!!#5C`FQ9Q!!L!9`!
-!!&%!!!!!!!(![3!!!3G`FQ9Q!!N`BJ!!!&)!!!!!!!("a!!!!b"`FQ9Q!!M3)3!
-!!&-!!!!!!!(%j!!!!"4`FQ9Q!!L4H3!!!&3!!!!!!!(%q!!!!!T`FQ9Q!!NR0J!
-!!&8!!!!!!!(&!J!!!!a`FQ9Q!!L'$3!!!&B!!!!!!!(&$J!!!!j`FQ9Q!!MR53!
-!!&F!!!!!!!(&(!!!!3C`FQ9Q!!PEH!!!!&J!!!!!!!(')J!!!$j`FQ9Q!!MfA3!
-!!&N!!!!!!!('B!!!!!j`FQ9Q!!N&53!!!&S!!!!!!!('EJ!!!GT`FQ9Q!!LB-`!
-!!&X!!!!!!!()5!!!!'*`FQ9Q!!L6[3!!!&`!!!!!!!()UJ!!!"4`FQ9Q!!LeT`!
-!!&d!!!!!!!()[J!!!!T`FQ9Q!!N,D`!!!&i!!!!!!!()b!!!!!a`FQ9Q!!LcY`!
-!!&m!!!!!!!()e!!!!-T`FQ9Q!!LFj`!!!'!!!!!!!!(*RJ!!!4K`FQ9Q!!N!V3!
-!!'%!!!!!!!(+YJ!!!+K`FQ9Q!!N(2!!!!')!!!!!!!(,AJ!!!#j`FQ9Q!!LQY!!
-!!'-!!!!!!!(,M!!!!Ja`FQ9Q!!M053!!!'3!!!!!!!(0Q!!!#J"YG("X!!!!"!!
-!!!!!!!!!!!(AQ!!!!3"YG("c!!!!"!!!!!!!!!!!!!(BQ!!!!""YG("T!!!!"!!
-!!!!!!!!!!!(BU!!!!#"YG(0X!!!!"!!!!!!!!!!!!!(Bb!!!!)aYG'a[!!!!"!!
-!!!!!!!!!!!(C9!!!"4"`FQ9Q!!MM#`!!!'8!!!!!!!(HC!!!!!K`FQ9Q!!M"$!!
-!!'B!!!!!!!(HE!!!!"T`FQ9Q!!MYHJ!!!'F!!!!!!!(HKJ!!%0"`FQ9Q!!MKm`!
-!!'J!!!!!!!([9J!!"K4`FQ9Q!!Nre3!!!'N!!!!!!!(eDJ!!#5C`FQ9Q!!LZ3J!
-!!'S!!!!!!!(qN!!!!!%(F(*PCJ!)KRi!!!"V!!!!!!!"rjF!!!-JF(*PCJ!)PD8
-!!!"X!!!!!!!#!VF!!!!8F(*PCJ!*0m)!!!"Y!!!!!!!#!XX!!!!+F(*PCJ!*AZd
-!!!"Z!!!!!!!#!Y8!!!!-F(*PCJ!)Vii!!!"[!!!!!!!#!Z%!!!!1F(*PCJ!*,[d
-!!!"`!!!!!!!#!Zm!!!%'F(*PCJ!*'EB!!!"a!!!!!!!#!r8!!!!qF(*PCJ!*0P8
-!!!"b!!!!!!!#"$-!!!!1F(*PCJ!*-D%!!!"c!!!!!!!#"%%!!!(DF(*PCJ!*0"i
-!!!"d!!!!!!!#"KX!!!"LF(*PCJ!)GH!!!!"e!!!!!!!#"Rd!!!!8F(*PCJ!)Q)S
-!!!"f!!!!!!!#"T%!!!!+F(*PCJ!*!Pd!!!"h!!!!!!!#"TX!!!!-F(*PCJ!)PR-
-!!!"i!!!!!!!#"UF!!!$+F(*PCJ!)TC!!!!!!H3!!!!!!!JGa!!!"'("bC@B!#-A
-9!!!!HJ!!!!!!!JL*!!!!U("bC@B!#86U!!!!H`!!!!!!!JNa!!!!,R"bC@B!#@@
-8!!!!I!!!!!!!!JPI!!!#$("bC@B!#(ep!!!!I3!!!!!!!JYV!!!&!'edF'`!!!!
-&!!!!!!!!!!!!!K"V!!!!J'edF(-!!!!&!!!!!!!!!!!!!K$V!!!!%'edF'N!!!!
-&!!!!!!!!!!!!!K$l!!!!)'edFf`!!!!&!!!!!!!!!!!!!K%E!!!!J'edE'm!!!!
-&!!!!!!!!!!!!!K'E!!!&%("bC@B!#8UQ!!!!IJ!!!!!!!KDV!!!!#("bC@B!#22
-(!!!!I`!!!!!!!KDc!!!!'R"bC@B!#3#p!!!!J!!!!!!!!KE0!!!3d("bC@B!#2`
-[!!!!J3!!!!!!!LHG!!!'&("bC@B!#1[4!!!!JJ!!!!!!!Lfa!!!)PR"bC@B!#(,
-9!!!!J`!!!!!!!MC(!!!""h"bC@B!#@rk!!!!K!!!!!!!!MG1!!!$)("bC@B!#1G
-'!!!!K3!!!!!!!MTZ!!!!&("bC@B!#128!!!!KJ!!!!!!!MU#!!!!#R"bC@B!#,1
-q!!!!K`!!!!!!!MU-!!!!$("bC@B!#)c'!!!!L!!!!!!!!MUB!!!!$R"bC@B!#4S
-,!!!!L3!!!!!!!MUQ!!!""R"bC@B!#-iX!!!!LJ!!!!!!!MZX!!!!2R"bC@B!#(C
-#!!!!L`!!!!!!!M[U!!!!$R"bC@B!#@+F!!!!M!!!!!!!!M[i!!!"fR"bC@B!#8(
-h!!!!M3!!!!!!!Mh5!!!!BR"bC@B!#2!L!!!!MJ!!!!!!!Mid!!!!&("bC@B!#(d
-@!!!!M`!!!!!!!Mj)!!!!#R"bC@B!#2iC!!!!N!!!!!!!!!)q8J!!!!a`FQ9Q!!M
-YZ!!!!*%!!!!!!!)qAJ!!!-T`FQ9Q!!Pb83!!!*)!!!!!!!)r+!!!!4K`FQ9Q!!L
-a"3!!!*-!!!!!!!*!3!!!!+K`FQ9Q!!NZf`!!!*3!!!!!!!*!k!!!!#j`FQ9Q!!K
-j[`!!!*8!!!!!!!*"&J!!!Ja`FQ9Q!!Mi,3!!!*B!!!!!!!*$)J!!#J"YG("X!!!
-!"J!!!!!!!!!!!!*0)J!!!3"YG("c!!!!"J!!!!!!!!!!!!*1)J!!!""YG("T!!!
-!"J!!!!!!!!!!!!*1-J!!!)aYG'a[!!!!"J!!!!!!!!!!!!*1[J!!!#"YG(0X!!!
-!"J!!!!!!!!!!!!*1hJ!!"4"`FQ9Q!!Kf)J!!!*F!!!!!!!*6lJ!!!!K`FQ9Q!!N
-bh`!!!*J!!!!!!!*6pJ!!!"T`FQ9Q!!MZB3!!!*N!!!!!!!*8%!!!%0"`FQ9Q!!M
-[m`!!!*S!!!!!!!*Ni!!!"K4`FQ9Q!!NVZ`!!!*X!!!!!!!*Up!!!#*C`FQ9Q!!M
-b!J!!!*`!!!!!!!*cLJ!!!3G`FQ9Q!!P083!!!*d!!!!!!!*dN3!!!b"`FQ9Q!!M
-a13!!!*i!!!!!!!*hX3!!!"4`FQ9Q!!P9h3!!!*m!!!!!!!*ha3!!!!T`FQ9Q!!M
-+,3!!!+!!!!!!!!*hc`!!!!a`FQ9Q!!L6T`!!!+%!!!!!!!*hf`!!!!j`FQ9Q!!M
-jB3!!!+)!!!!!!!*hk3!!!3C`FQ9Q!!L0Z`!!!+-!!!!!!!*il`!!!$j`FQ9Q!!M
-P3J!!!+3!!!!!!!*j,3!!!!j`FQ9Q!!N6hJ!!!+8!!!!!!!*j1`!!!GT`FQ9Q!!N
-kJ`!!!+B!!!!!!!*l&3!!!'*`FQ9Q!!N&H!!!!+F!!!!!!!*lG`!!!"4`FQ9Q!!L
-,iJ!!!+J!!!!!!!*lL`!!!!T`FQ9Q!!MDI3!!!+N!!!!!!!*lP3!!!!a`FQ9Q!!K
-l33!!!+S!!!!!!!*lS3!!!-T`FQ9Q!!MlG3!!!+X!!!!!!!*mD`!!!4K`FQ9Q!!L
-e&!!!!+`!!!!!!!*pJ`!!!+K`FQ9Q!!MK1`!!!+d!!!!!!!*q+`!!!#j`FQ9Q!!L
-Y#!!!!+i!!!!!!!*q@3!!!Ja`FQ9Q!!L42`!!!+m!!!!!!!+!C3!!2!"YG("X!!!
-!"`!!!!!!!!!!!!+mC3!!"J"YG("c!!!!"`!!!!!!!!!!!!,#C3!!!""YG("T!!!
-!"`!!!!!!!!!!!!,#G3!!"G4YG'a[!!!!"`!!!!!!!!!!!!,)53!!!#"YG(0X!!!
-!"`!!!!!!!!!!!!,)D3!!"4"`FQ9Q!!NXL3!!!,!!!!!!!!,0H3!!!!K`FQ9Q!!P
-%U3!!!,%!!!!!!!,0J3!!!"T`FQ9Q!!LT(!!!!,)!!!!!!!,0Q`!!%0"`FQ9Q!!N
-(M3!!!,-!!!!!!!,HD`!!"K4`FQ9Q!!PH[`!!!,3!!!!!!!,NI`!!#5C`FQ9Q!!M
-Hh!!!!,8!!!!!!!,YT3!!!3G`FQ9Q!!M`h!!!!,B!!!!!!!,ZV!!!!b"`FQ9Q!!L
-N03!!!,F!!!!!!!,ac!!!!"4`FQ9Q!!Mb6J!!!,J!!!!!!!,ai!!!!!T`FQ9Q!!N
-a@!!!!,N!!!!!!!,akJ!!!!a`FQ9Q!!LH1J!!!,S!!!!!!!,apJ!!!!j`FQ9Q!!N
-"f3!!!,X!!!!!!!,b"!!!!3C`FQ9Q!!P`p!!!!,`!!!!!!!,c#J!!!$j`FQ9Q!!P
-Qf!!!!,d!!!!!!!,c5!!!!!j`FQ9Q!!PYDJ!!!,i!!!!!!!,c9J!!!GT`FQ9Q!!N
-#-!!!!,m!!!!!!!,e-!!!!'*`FQ9Q!!ME@!!!!-!!!!!!!!,eNJ!!!"4`FQ9Q!!L
-j4`!!!-%!!!!!!!,eTJ!!!!T`FQ9Q!!Mf$3!!!-)!!!!!!!,eX!!!!!a`FQ9Q!!M
-eDJ!!!--!!!!!!!,e[!!!!-T`FQ9Q!!MfF3!!!-3!!!!!!!,fKJ!!!4K`FQ9Q!!N
-`R`!!!-8!!!!!!!,hRJ!!!+K`FQ9Q!!LqH3!!!-B!!!!!!!,i4J!!!#j`FQ9Q!!L
-3!*S!!!$(!!!!!!!#q(3!!!)-F(*PCJ!)d'B!!!$)!!!!!!!#qS!!!$`!EA4`E!!
-!!!J!!!!!!!!!!!!$0S!!!!B!EA4`F`!!!!J!!!!!!!!!!!!$2)!!!!!3EA4`D3!
-!!!J!!!!!!!!!!!!$2*!!!!!!)'edFf`!!!!)!!!!!!!!!!!!!cb`!!!&e'edE'm
-!!!!)!!!!!!!!!!!!!d+%!!!3a'edCf`!!!2S!!!!!!!!!!!!!e0)!!!!,'e[G'N
-!!!!!!!!!!!!!!!!!!h(U!!!6J&"-Fh3!#,"V!!!!b3!!!!!!!&LS!!!#,'e`FfN
-!!!2S!!!!!!!!!!!!!fMk!!!!%'ecG(!!!!!#!!!!!!!!!!!!!fN+!!!!%'ecG(!
-!!!!&!!!!!!!!!!!!!&V8!!!!+'ecG'N!!!2S!!!!!!!!!!!!!fP#!!!!+'ecG'N
-!!!!!!!!!!!!!!!!!!&Vm!!!!$'eKE'`!!!!!!!!!!!!!!!!!!fE1!!!!a'eKF'`
-!!!!!!!!!!!!!!!$B03!!:
diff --git a/src/lib/libssl/src/MacOS/Randomizer.cpp b/src/lib/libssl/src/MacOS/Randomizer.cpp
deleted file mode 100644
index cceb6bde44..0000000000
--- a/src/lib/libssl/src/MacOS/Randomizer.cpp
+++ /dev/null
@@ -1,476 +0,0 @@
-/* 
-------- Strong random data generation on a Macintosh (pre - OS X) ------
-                
---      GENERAL: We aim to generate unpredictable bits without explicit
-        user interaction. A general review of the problem may be found
-        in RFC 1750, "Randomness Recommendations for Security", and some
-        more discussion, of general and Mac-specific issues has appeared
-        in "Using and Creating Cryptographic- Quality Random Numbers" by
-        Jon Callas (www.merrymeet.com/jon/usingrandom.html).
-
-        The data and entropy estimates provided below are based on my
-        limited experimentation and estimates, rather than by any
-        rigorous study, and the entropy estimates tend to be optimistic.
-        They should not be considered absolute.
-
-        Some of the information being collected may be correlated in
-        subtle ways. That includes mouse positions, timings, and disk
-        size measurements. Some obvious correlations will be eliminated
-        by the programmer, but other, weaker ones may remain. The
-        reliability of the code depends on such correlations being
-        poorly understood, both by us and by potential interceptors.
-
-        This package has been planned to be used with OpenSSL, v. 0.9.5.
-        It requires the OpenSSL function RAND_add. 
-
---      OTHER WORK: Some source code and other details have been
-        published elsewhere, but I haven't found any to be satisfactory
-        for the Mac per se:
-
-        * The Linux random number generator (by Theodore Ts'o, in
-          drivers/char/random.c), is a carefully designed open-source
-          crypto random number package. It collects data from a variety
-          of sources, including mouse, keyboard and other interrupts.
-          One nice feature is that it explicitly estimates the entropy
-          of the data it collects. Some of its features (e.g. interrupt
-          timing) cannot be reliably exported to the Mac without using
-          undocumented APIs.
-
-        * Truerand by Don P. Mitchell and Matt Blaze uses variations
-          between different timing mechanisms on the same system. This
-          has not been tested on the Mac, but requires preemptive
-          multitasking, and is hardware-dependent, and can't be relied
-          on to work well if only one oscillator is present.
-
-        * Cryptlib's RNG for the Mac (RNDMAC.C by Peter Gutmann),
-          gathers a lot of information about the machine and system
-          environment. Unfortunately, much of it is constant from one
-          startup to the next. In other words, the random seed could be
-          the same from one day to the next. Some of the APIs are
-          hardware-dependent, and not all are compatible with Carbon (OS
-          X). Incidentally, the EGD library is based on the UNIX entropy
-          gathering methods in cryptlib, and isn't suitable for MacOS
-          either.
-
-        * Mozilla (and perhaps earlier versions of Netscape) uses the
-          time of day (in seconds) and an uninitialized local variable
-          to seed the random number generator. The time of day is known
-          to an outside interceptor (to within the accuracy of the
-          system clock). The uninitialized variable could easily be
-          identical between subsequent launches of an application, if it
-          is reached through the same path.
-
-        * OpenSSL provides the function RAND_screen(), by G. van
-          Oosten, which hashes the contents of the screen to generate a
-          seed. This is not useful for an extension or for an
-          application which launches at startup time, since the screen
-          is likely to look identical from one launch to the next. This
-          method is also rather slow.
-
-        * Using variations in disk drive seek times has been proposed
-          (Davis, Ihaka and Fenstermacher, world.std.com/~dtd/;
-          Jakobsson, Shriver, Hillyer and Juels,
-          www.bell-labs.com/user/shriver/random.html). These variations
-          appear to be due to air turbulence inside the disk drive
-          mechanism, and are very strongly unpredictable. Unfortunately
-          this technique is slow, and some implementations of it may be
-          patented (see Shriver's page above.) It of course cannot be
-          used with a RAM disk.
-
---      TIMING: On the 601 PowerPC the time base register is guaranteed
-        to change at least once every 10 addi instructions, i.e. 10
-        cycles. On a 60 MHz machine (slowest PowerPC) this translates to
-        a resolution of 1/6 usec. Newer machines seem to be using a 10
-        cycle resolution as well.
-        
-        For 68K Macs, the Microseconds() call may be used. See Develop
-        issue 29 on the Apple developer site
-        (developer.apple.com/dev/techsupport/develop/issue29/minow.html)
-        for information on its accuracy and resolution. The code below
-        has been tested only on PowerPC based machines.
-
-        The time from machine startup to the launch of an application in
-        the startup folder has a variance of about 1.6 msec on a new G4
-        machine with a defragmented and optimized disk, most extensions
-        off and no icons on the desktop. This can be reasonably taken as
-        a lower bound on the variance. Most of this variation is likely
-        due to disk seek time variability. The distribution of startup
-        times is probably not entirely even or uncorrelated. This needs
-        to be investigated, but I am guessing that it not a majpor
-        problem. Entropy = log2 (1600/0.166) ~= 13 bits on a 60 MHz
-        machine, ~16 bits for a 450 MHz machine.
-
-        User-launched application startup times will have a variance of
-        a second or more relative to machine startup time. Entropy >~22
-        bits.
-
-        Machine startup time is available with a 1-second resolution. It
-        is predictable to no better a minute or two, in the case of
-        people who show up punctually to work at the same time and
-        immediately start their computer. Using the scheduled startup
-        feature (when available) will cause the machine to start up at
-        the same time every day, making the value predictable. Entropy
-        >~7 bits, or 0 bits with scheduled startup.
-
-        The time of day is of course known to an outsider and thus has 0
-        entropy if the system clock is regularly calibrated.
-
---      KEY TIMING: A  very fast typist (120 wpm) will have a typical
-        inter-key timing interval of 100 msec. We can assume a variance
-        of no less than 2 msec -- maybe. Do good typists have a constant
-        rhythm, like drummers? Since what we measure is not the
-        key-generated interrupt but the time at which the key event was
-        taken off the event queue, our resolution is roughly the time
-        between process switches, at best 1 tick (17 msec). I  therefore
-        consider this technique questionable and not very useful for
-        obtaining high entropy data on the Mac.
-
---      MOUSE POSITION AND TIMING: The high bits of the mouse position
-        are far from arbitrary, since the mouse tends to stay in a few
-        limited areas of the screen. I am guessing that the position of
-        the mouse is arbitrary within a 6 pixel square. Since the mouse
-        stays still for long periods of time, it should be sampled only
-        after it was moved, to avoid correlated data. This gives an
-        entropy of log2(6*6) ~= 5 bits per measurement.
-
-        The time during which the mouse stays still can vary from zero
-        to, say, 5 seconds (occasionally longer). If the still time is
-        measured by sampling the mouse during null events, and null
-        events are received once per tick, its resolution is 1/60th of a
-        second, giving an entropy of log2 (60*5) ~= 8 bits per
-        measurement. Since the distribution of still times is uneven,
-        this estimate is on the high side.
-
-        For simplicity and compatibility across system versions, the
-        mouse is to be sampled explicitly (e.g. in the event loop),
-        rather than in a time manager task.
-
---      STARTUP DISK TOTAL FILE SIZE: Varies typically by at least 20k
-        from one startup to the next, with 'minimal' computer use. Won't
-        vary at all if machine is started again immediately after
-        startup (unless virtual memory is on), but any application which
-        uses the web and caches information to disk is likely to cause
-        this much variation or more. The variation is probably not
-        random, but I don't know in what way. File sizes tend to be
-        divisible by 4 bytes since file format fields are often
-        long-aligned. Entropy > log2 (20000/4) ~= 12 bits.
-        
---      STARTUP DISK FIRST AVAILABLE ALLOCATION BLOCK: As the volume
-        gets fragmented this could be anywhere in principle. In a
-        perfectly unfragmented volume this will be strongly correlated
-        with the total file size on the disk. With more fragmentation
-        comes less certainty. I took the variation in this value to be
-        1/8 of the total file size on the volume.
-
---      SYSTEM REQUIREMENTS: The code here requires System 7.0 and above
-        (for Gestalt and Microseconds calls). All the calls used are
-        Carbon-compatible.
-*/
-
-/*------------------------------ Includes ----------------------------*/
-
-#include "Randomizer.h"
-
-// Mac OS API
-#include <Files.h>
-#include <Folders.h>
-#include <Events.h>
-#include <Processes.h>
-#include <Gestalt.h>
-#include <Resources.h>
-#include <LowMem.h>
-
-// Standard C library
-#include <stdlib.h>
-#include <math.h>
-
-/*---------------------- Function declarations -----------------------*/
-
-// declared in OpenSSL/crypto/rand/rand.h
-extern "C" void RAND_add (const void *buf, int num, double entropy);
-
-unsigned long GetPPCTimer (bool is601); // Make it global if needed
-                                        // elsewhere
-
-/*---------------------------- Constants -----------------------------*/
-
-#define kMouseResolution 6              // Mouse position has to differ
-                                        // from the last one by this
-                                        // much to be entered
-#define kMousePositionEntropy 5.16      // log2 (kMouseResolution**2)
-#define kTypicalMouseIdleTicks 300.0    // I am guessing that a typical
-                                        // amount of time between mouse
-                                        // moves is 5 seconds
-#define kVolumeBytesEntropy 12.0        // about log2 (20000/4),
-                                        // assuming a variation of 20K
-                                        // in total file size and
-                                        // long-aligned file formats.
-#define kApplicationUpTimeEntropy 6.0   // Variance > 1 second, uptime
-                                        // in ticks  
-#define kSysStartupEntropy 7.0          // Entropy for machine startup
-                                        // time
-
-
-/*------------------------ Function definitions ----------------------*/
-
-CRandomizer::CRandomizer (void)
-{
-        long    result;
-        
-        mSupportsLargeVolumes =
-                (Gestalt(gestaltFSAttr, &result) == noErr) &&
-                ((result & (1L << gestaltFSSupports2TBVols)) != 0);
-        
-        if (Gestalt (gestaltNativeCPUtype, &result) != noErr)
-        {
-                mIsPowerPC = false;
-                mIs601 = false;
-        }
-        else
-        {
-                mIs601 = (result == gestaltCPU601);
-                mIsPowerPC = (result >= gestaltCPU601);
-        }
-        mLastMouse.h = mLastMouse.v = -10;      // First mouse will
-                                                // always be recorded
-        mLastPeriodicTicks = TickCount();
-        GetTimeBaseResolution ();
-        
-        // Add initial entropy
-        AddTimeSinceMachineStartup ();
-        AddAbsoluteSystemStartupTime ();
-        AddStartupVolumeInfo ();
-        AddFiller ();
-}
-
-void CRandomizer::PeriodicAction (void)
-{
-        AddCurrentMouse ();
-        AddNow (0.0);   // Should have a better entropy estimate here
-        mLastPeriodicTicks = TickCount();
-}
-
-/*------------------------- Private Methods --------------------------*/
-
-void CRandomizer::AddCurrentMouse (void)
-{
-        Point mouseLoc;
-        unsigned long lastCheck;        // Ticks since mouse was last
-                                        // sampled
-
-#if TARGET_API_MAC_CARBON
-        GetGlobalMouse (&mouseLoc);
-#else
-        mouseLoc = LMGetMouseLocation();
-#endif
-        
-        if (labs (mLastMouse.h - mouseLoc.h) > kMouseResolution/2 &&
-            labs (mLastMouse.v - mouseLoc.v) > kMouseResolution/2)
-                AddBytes (&mouseLoc, sizeof (mouseLoc),
-                                kMousePositionEntropy);
-        
-        if (mLastMouse.h == mouseLoc.h && mLastMouse.v == mouseLoc.v)
-                mMouseStill ++;
-        else
-        {
-                double entropy;
-                
-                // Mouse has moved. Add the number of measurements for
-                // which it's been still. If the resolution is too
-                // coarse, assume the entropy is 0.
-
-                lastCheck = TickCount() - mLastPeriodicTicks;
-                if (lastCheck <= 0)
-                        lastCheck = 1;
-                entropy = log2l
-                        (kTypicalMouseIdleTicks/(double)lastCheck);
-                if (entropy < 0.0)
-                        entropy = 0.0;
-                AddBytes (&mMouseStill, sizeof (mMouseStill), entropy);
-                mMouseStill = 0;
-        }
-        mLastMouse = mouseLoc;
-}
-
-void CRandomizer::AddAbsoluteSystemStartupTime (void)
-{
-        unsigned long   now;            // Time in seconds since
-                                        // 1/1/1904
-        GetDateTime (&now);
-        now -= TickCount() / 60;        // Time in ticks since machine
-                                        // startup
-        AddBytes (&now, sizeof (now), kSysStartupEntropy);
-}
-
-void CRandomizer::AddTimeSinceMachineStartup (void)
-{
-        AddNow (1.5);                   // Uncertainty in app startup
-                                        // time is > 1.5 msec (for
-                                        // automated app startup).
-}
-
-void CRandomizer::AddAppRunningTime (void)
-{
-        ProcessSerialNumber PSN;
-        ProcessInfoRec          ProcessInfo;
-        
-        ProcessInfo.processInfoLength = sizeof (ProcessInfoRec);
-        ProcessInfo.processName = nil;
-        ProcessInfo.processAppSpec = nil;
-        
-        GetCurrentProcess (&PSN);
-        GetProcessInformation (&PSN, &ProcessInfo);
-
-        // Now add the amount of time in ticks that the current process
-        // has been active
-
-        AddBytes (&ProcessInfo, sizeof (ProcessInfoRec),
-                        kApplicationUpTimeEntropy);
-}
-
-void CRandomizer::AddStartupVolumeInfo (void)
-{
-        short                   vRefNum;
-        long                    dirID;
-        XVolumeParam    pb;
-        OSErr                   err;
-        
-        if (!mSupportsLargeVolumes)
-                return;
-                
-        FindFolder (kOnSystemDisk, kSystemFolderType, kDontCreateFolder,
-                        &vRefNum, &dirID);
-        pb.ioVRefNum = vRefNum;
-        pb.ioCompletion = 0;
-        pb.ioNamePtr = 0;
-        pb.ioVolIndex = 0;
-        err = PBXGetVolInfoSync (&pb);
-        if (err != noErr)
-                return;
-                
-        // Base the entropy on the amount of space used on the disk and
-        // on the next available allocation block. A lot else might be
-        // unpredictable, so might as well toss the whole block in. See
-        // comments for entropy estimate justifications.
-
-        AddBytes (&pb, sizeof (pb),
-                kVolumeBytesEntropy +
-                log2l (((pb.ioVTotalBytes.hi - pb.ioVFreeBytes.hi)
-                                * 4294967296.0D +
-                        (pb.ioVTotalBytes.lo - pb.ioVFreeBytes.lo))
-                                / pb.ioVAlBlkSiz - 3.0));
-}
-
-/*
-        On a typical startup CRandomizer will come up with about 60
-        bits of good, unpredictable data. Assuming no more input will
-        be available, we'll need some more lower-quality data to give
-        OpenSSL the 128 bits of entropy it desires. AddFiller adds some
-        relatively predictable data into the soup.
-*/
-
-void CRandomizer::AddFiller (void)
-{
-        struct
-        {
-                ProcessSerialNumber psn;        // Front process serial
-                                                // number
-                RGBColor        hiliteRGBValue; // User-selected
-                                                // highlight color
-                long            processCount;   // Number of active
-                                                // processes
-                long            cpuSpeed;       // Processor speed
-                long            totalMemory;    // Total logical memory
-                                                // (incl. virtual one)
-                long            systemVersion;  // OS version
-                short           resFile;        // Current resource file
-        } data;
-        
-        GetNextProcess ((ProcessSerialNumber*) kNoProcess);
-        while (GetNextProcess (&data.psn) == noErr)
-                data.processCount++;
-        GetFrontProcess (&data.psn);
-        LMGetHiliteRGB (&data.hiliteRGBValue);
-        Gestalt (gestaltProcClkSpeed, &data.cpuSpeed);
-        Gestalt (gestaltLogicalRAMSize, &data.totalMemory);
-        Gestalt (gestaltSystemVersion, &data.systemVersion);
-        data.resFile = CurResFile ();
-        
-        // Here we pretend to feed the PRNG completely random data. This
-        // is of course false, as much of the above data is predictable
-        // by an outsider. At this point we don't have any more
-        // randomness to add, but with OpenSSL we must have a 128 bit
-        // seed before we can start. We just add what we can, without a
-        // real entropy estimate, and hope for the best.
-
-        AddBytes (&data, sizeof(data), 8.0 * sizeof(data));
-        AddCurrentMouse ();
-        AddNow (1.0);
-}
-
-//-------------------  LOW LEVEL ---------------------
-
-void CRandomizer::AddBytes (void *data, long size, double entropy)
-{
-        RAND_add (data, size, entropy * 0.125); // Convert entropy bits
-                                                // to bytes
-}
-
-void CRandomizer::AddNow (double millisecondUncertainty)
-{
-        long time = SysTimer();
-        AddBytes (&time, sizeof (time), log2l (millisecondUncertainty *
-                        mTimebaseTicksPerMillisec));
-}
-
-//----------------- TIMING SUPPORT ------------------
-
-void CRandomizer::GetTimeBaseResolution (void)
-{       
-#ifdef __powerc
-        long speed;
-        
-        // gestaltProcClkSpeed available on System 7.5.2 and above
-        if (Gestalt (gestaltProcClkSpeed, &speed) != noErr)
-                // Only PowerPCs running pre-7.5.2 are 60-80 MHz
-                // machines.
-                mTimebaseTicksPerMillisec =  6000.0D;
-        // Assume 10 cycles per clock update, as in 601 spec. Seems true
-        // for later chips as well.
-        mTimebaseTicksPerMillisec = speed / 1.0e4D;
-#else
-        // 68K VIA-based machines (see Develop Magazine no. 29)
-        mTimebaseTicksPerMillisec = 783.360D;
-#endif
-}
-
-unsigned long CRandomizer::SysTimer (void)      // returns the lower 32
-                                                // bit of the chip timer
-{
-#ifdef __powerc
-        return GetPPCTimer (mIs601);
-#else
-        UnsignedWide usec;
-        Microseconds (&usec);
-        return usec.lo;
-#endif
-}
-
-#ifdef __powerc
-// The timebase is available through mfspr on 601, mftb on later chips.
-// Motorola recommends that an 601 implementation map mftb to mfspr
-// through an exception, but I haven't tested to see if MacOS actually
-// does this. We only sample the lower 32 bits of the timer (i.e. a
-// few minutes of resolution)
-
-asm unsigned long GetPPCTimer (register bool is601)
-{
-        cmplwi  is601, 0        // Check if 601
-        bne     _601            // if non-zero goto _601
-        mftb    r3              // Available on 603 and later.
-        blr                     // return with result in r3
-_601:
-        mfspr r3, spr5          // Available on 601 only.
-                                // blr inserted automatically
-}
-#endif
diff --git a/src/lib/libssl/src/MacOS/Randomizer.h b/src/lib/libssl/src/MacOS/Randomizer.h
deleted file mode 100644
index 565537b15d..0000000000
--- a/src/lib/libssl/src/MacOS/Randomizer.h
+++ /dev/null
@@ -1,43 +0,0 @@
-
-//      Gathers unpredictable system data to be used for generating
-//      random bits
-
-#include <MacTypes.h>
-
-class CRandomizer
-{
-public:
-        CRandomizer (void);
-        void PeriodicAction (void);
-        
-private:
-
-        // Private calls
-
-        void            AddTimeSinceMachineStartup (void);
-        void            AddAbsoluteSystemStartupTime (void);
-        void            AddAppRunningTime (void);
-        void            AddStartupVolumeInfo (void);
-        void            AddFiller (void);
-
-        void            AddCurrentMouse (void);
-        void            AddNow (double millisecondUncertainty);
-        void            AddBytes (void *data, long size, double entropy);
-        
-        void            GetTimeBaseResolution (void);
-        unsigned long   SysTimer (void);
-
-        // System Info  
-        bool            mSupportsLargeVolumes;
-        bool            mIsPowerPC;
-        bool            mIs601;
-        
-        // Time info
-        double          mTimebaseTicksPerMillisec;
-        unsigned long   mLastPeriodicTicks;
-        
-        // Mouse info
-        long            mSamplePeriod;
-        Point           mLastMouse;
-        long            mMouseStill;
-};
diff --git a/src/lib/libssl/src/MacOS/TODO b/src/lib/libssl/src/MacOS/TODO
deleted file mode 100644
index 903eb133de..0000000000
--- a/src/lib/libssl/src/MacOS/TODO
+++ /dev/null
@@ -1,18 +0,0 @@
--------------------------------------------------------------------
-Verify server certificate
--------------------------------------------------------------------
-Currently omitted from the project:
-
-        crypto/tmdiff.c
-        crypto/bio/bss_conn.c
-        crypto/bio/b_sock.c
-        crypto/bio/bss_acpt.c
-        crypto/bio/bss_log.h
-
--------------------------------------------------------------------
-Build libraries to link with...
--------------------------------------------------------------------
-Port openssl application.
--------------------------------------------------------------------
-BN optimizations (currently PPC version is compiled with BN_LLONG)
--------------------------------------------------------------------
diff --git a/src/lib/libssl/src/MacOS/_MWERKS_GUSI_prefix.h b/src/lib/libssl/src/MacOS/_MWERKS_GUSI_prefix.h
deleted file mode 100644
index fe6b5387d6..0000000000
--- a/src/lib/libssl/src/MacOS/_MWERKS_GUSI_prefix.h
+++ /dev/null
@@ -1,9 +0,0 @@
-#include <MacHeaders.h>
-#define B_ENDIAN
-#ifdef __POWERPC__
-#pragma longlong on
-#endif
-#if 1
-#define MAC_OS_GUSI_SOURCE
-#endif
-#define MONOLITH
diff --git a/src/lib/libssl/src/MacOS/_MWERKS_prefix.h b/src/lib/libssl/src/MacOS/_MWERKS_prefix.h
deleted file mode 100644
index 2189da753b..0000000000
--- a/src/lib/libssl/src/MacOS/_MWERKS_prefix.h
+++ /dev/null
@@ -1,9 +0,0 @@
-#include <MacHeaders.h>
-#define B_ENDIAN
-#ifdef __POWERPC__
-#pragma longlong on
-#endif
-#if 0
-#define MAC_OS_GUSI_SOURCE
-#endif
-#define MONOLITH
diff --git a/src/lib/libssl/src/MacOS/buildinf.h b/src/lib/libssl/src/MacOS/buildinf.h
deleted file mode 100644
index 90875b6e2f..0000000000
--- a/src/lib/libssl/src/MacOS/buildinf.h
+++ /dev/null
@@ -1,5 +0,0 @@
-#ifndef MK1MF_BUILD
-#  define CFLAGS        "-DB_ENDIAN"
-#  define PLATFORM      "macos"
-#  define DATE          "Sun Feb 27 19:44:16 MET 2000"
-#endif
diff --git a/src/lib/libssl/src/MacOS/mklinks.as.hqx b/src/lib/libssl/src/MacOS/mklinks.as.hqx
deleted file mode 100644
index fe3e7d53da..0000000000
--- a/src/lib/libssl/src/MacOS/mklinks.as.hqx
+++ /dev/null
@@ -1,820 +0,0 @@
-(This file must be converted with BinHex 4.0)
-
-:#QeVE'PZDh-ZBA-!39"36'&`E(3J!!!!!!!!!*LiI6m!!!!!!3!!!*G#!!#@3J!
-!!AChFQPd!!!!K3)"!3m(Fh9`F'pbG!!!!)B#!3%$"(0eFQ8!!!#(!J-%"!3("3C
-cGfPdBfJ!!!#)!J%"#39cH@jMD!!!!)N#"J%$!`-&"3-'FhPcG'9Y!!!!LJ)&"3)
-%!J8("!-#!`4dB@*X!!!!L`))!3-$!`-$!`-$"(4PE'`!!!#-!J)"#38$G'KP!!!
-!M3))(J)@!Ki#!J))!K)#!`)B!Kd%G'KPE3!!!)i#!J%&#`4dD'9j!!!!M`)#!J)
-#$3TdD(*[G@GSEh9d!!!!N!!#!3%&"(4TCQB!!!#4!J%"!`4dD@eP!!!!NJ)"!JS
-#!h4T!!!!'N!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!H!!!!!!!#!!!!!!
-!!!!!!!!!!!!!rrrrr`!!!$3!!!!N!!!!!#"[!!5JAb"[!!5K++!M6R9$9'mJFR9
-Z)(4SDA-JFf0bDA"d)'&`F'aTBf&dD@pZ,#"jEh8JEA9cG#"QDA*cG#"TER0dB@a
-X)%&`F'aP8f0bDA"d,J!!!)C8D'Pc)(0MFQP`G#"MFQ9KG'9c)#iZ,fPZBfaeC'8
-[Eh"PER0cE#"KEQ3JCQPXE(-JDA3JGfPdD#"ZC@0PFh0KFRNJB@aTBA0PFbi0$8P
-d)'eTCfKd)(4KDf8JB5"hD'PXC5"dEb"MEfe`E'9dC5"cEb"`E'9KFf8JBQ8JF'&
-dD@9ZG$SY+3!!!#S!!J!!!!!!$3!+!"!!!!!-!!!!!!!!!!!!63!0!!S!%!%!!!`
-!!!!!!!!!!!!B!!!!+!!!!!!!!!!)!!!!)!#N2c`!!DR`!!!!l!!!!!&19[ri,`0
-f!#m$-$bKVDG'*KmY52ri,`-`2+LITdBQ(b!ZrrLa`'FJ,`-J2'0`ER4"l[rm)NL
-KV5+)*Kp+3'B)5Ulrr'F#GJ%3!bBZrr41ANje6PB!!#m-@Bm[2%j29%Nr2!#!U"m
-SAb!-CJK`!cm!UFKJ+#m-UC)J9#!)d+J!'#&!!"JJ9#!)d+J!(#&!!"a9Mbm8)&q
-JAMk!9%mSE[rm6Pj1G8j@!!![$%kkre4+!'FU@Bm[2'&`E(3[2(0MF(4`)DJU+&m
-J$'F5@Bm[$#mm!!!!!A!!U#UTp&K26VVrG#KZrra1ANje!!!!('&`E(3!!!!"4P*
-&4J!!!!!!J%P$6L-!!!!!!*B!!!!"!!!!!!G"8&"-!!!!!!!"!!!"!!!!!S!!!!4
-!!!"i)!!!K"!!!3))!!)#"!!%"!)!#!J"!"!8!)!J)J"!3%%!)2#!J"#*!%!)KJ!
-J")3!)!*!!"!")!!3!K!!%!3)!"!)"!!J%!)!3#!"!)"!!S%!J!5#!3!)4!)!#%J
-%!!KB#!!%C"!!!m)J!!!"3!!!!)!!!!%!!!!$J!!!"m!!!(rJ!!$rm!!"rrJ!!rr
-m!!IrrJ!2rrm!(rrrJ$rrrm"rrrrJrrrrm2rrrrMrrrrmrrrrrRrrrrmrrrrq(rr
-rr!rrrrJ(rrr`!rrri!(rrm!$rrq!"rrr!!rrrJ!2rr`!$rri!!IRm!!$`q!!!!(
-!!!!!J!!!!!)!!!!!!!!!!!m!!!!!!!!!!!!!!!!!!!$`m!!!!!!!!!!!!!!!!!!
-2!!m!!!!!!!!!!!!!!!rrm!!!m!!!!!!!!!!!!!$`c0m!!!m!!!!!!!!!!!!2!!c
--m!!!m!!!!!!!!!!!m!$-cI!!!!m!!!!!!!!!$`!-c0m!!!!!m!!!!!!!!2!!c-h
-`!!!!!!m!!!!!!!m!$-cIh`!!!!!!m!!!!!$`!-c0rGh`!!!!!!m!!!!2!!c-hph
--h`!!!!!!m!!!rrr-cIhF`-h`!!!!!!m!!2lFr0rGc!`-h`!!!!!!m!$pc-rph-$
-!`-h`!!!!!!m!r-`2cF`-$!!-r3!!!!!!m!m!`-c!`-!!$0m!!!!!$-m!m!`-$!`
-!!-cI!!!!!-c`!!m!`-$!!!`-h`!!!!c2!!!!m!`-!!$!c0m!!!$-m!!!!!m!`!!
--$-hm!!!-c`!!!!!!m!!!`-cIc!!!c2!!!!!!!!m!$!c0r-`!$-m!!!!!!!$pm-$
--hmc!!-c`!!!!!!!2hI`-cIc-!!c2!!!!!!!!rGc2c0r-`!$-m!!!!!!!!2h-cmh
-mc!!-c`!!!!!!!!$mc!rIr-!!c2!!!!!!!!!!$m$2m!r-$-m!!!!!!!!!!!$rr`!
-!r-c`!!!!!!!!!!!!!!!!!!r2!!!!!!!!!!!!!!!!!!!!m!!!!!!!!!!!!!"!!B!
-13"%J)4"##18%Q)+3!%&!)5!L%%3BL#83*L!G3!#!!B!2`"rJ2r"rq2rmrrlrrhr
-r2riIr"ri2r!ri"h!!)!!!!#!!!!!$r!!!!!!!2r`$`!!!!!2$!m!m!!!!2$!c`!
-2!!!2$!c`!!$`!2r`cpm!!!m!rGrpc2!!!2$p$p`-c`!!$`m!`-$0m!$2!2!-$-h
-`$2!!$`$-hm$2!!!2m-hm$2!!!2h2hm$2!!!!r-rm$2!!!!!2r`r2!!!!!!!!!2!
-!!!!!!!#D8f0bDA"d)%&`F'aTBf&dD@pZ$3e8D'Pc)(0MFQP`G#"MFQ9KG'9c)#i
-Z,fPZBfaeC'8[Eh"PER0cE#"KEQ3JCQPXE(-JDA3JGfPdD#"ZC@0PFh0KFRNJB@a
-TBA0PFbi0$8Pd)'eTCfKd)(4KDf8JB5"hD'PXC5"dEb"MEfe`E'9dC5"cEb"`E'9
-KFf8JBQ8JF'&dD@9ZG$SY+3!!!")!!J!!!!!!!!!!!!%!"J!'%iN!!!!+@1!!!b!
-!!!-J!!!!!"3!+`!(!Cm#@!!V!!F"f!*B!!!!!3!!M`C'BA0N98&6)$%Z-6!a,M%
-`$J!!!!32rrm!!3!#!!-"rrm!!!d!!3!"D`!!!!!!!!!%!J!%!!)!"3!'$3!&!!*
-X!!)!!!U`!!IrrJd!"`!#6`!!!!!+X!!)!!N0!!J!!@X!!!!%#Um!#J)!#J!#!!X
-!$!d!#`!#E!!#!!3!"2rprr`"rrd!!!(rr!!!!J!-!!)!$3!1$3!0!!*X!!%!"!!
-%rrX!$`(rq`!!$!!2!&N!8b"(CA3JF'&dD#"dEb"dD'Pc)%&`F'aP8f0bDA"d)'&
-`F'aPG$XJGA0P)'Pd)(4[)'C[FQdJG'KP)("KG'JJG'mJG'KP)'PZBfaeC'8JCQp
-XC'9b!!)!!!)!$J!#!"!!%3d!%!!#E!!"!!3!"2rk!")"rrS!!!`!%J!Q!#!JB@j
-N)(4SC5"[G'KPFL"bC@aPGQ&ZG#"QEfaNCA*c,J!#!!!#!"%!!J!6!"30!"-!!R-
-!!!!%!"%!&3!@$3!9!!*M!!!!"!!1!"F!'!d!&`!#E!!&!!3!$!!CrrN0!"N!!Qi
-!!!!%!!`!'J!E$3!D!!)d!!!!"3!-rrJ!(!Vrq!!%#Q0[BQS0!"`!!Q`!"3!'!!X
-!(Irh$3!G!!0*!!)!"J!,rrB!([re#[rf!"JZC@&bFfCQC(*KE'Pc!!!!!!!!)!"
-KCQ4b$3!H!!"Q!!!!"J!(![re!!!"rrF!!!d!'`!"E3!!!!3!"3!I$`!I!6J)ER9
-XE!!!!!!!!Gq!rrm!!!!A"NCTEQ4PFJ!!(`*[Me!!ASfm!Qq,i!"HA[!!I&M!!!!
-!!!!!'mi!!JN#!Qq-1!!!Kb%#Ei`J!!!!!%C14&*038e"3e-!!"%!B@aTF`!!!!!
-!fJ!#!!!-6@&MD@jdEh0S)%K%!!!!!!!!!!!!!!!!!!!!XSA5h%*%!!!!!!!A"NC
-TEQ4PFJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!!!!!!!!!!!!!!!!!!!!!3rLc#@a!4Nj%8Ne"3e2rrrrr!!!!!!!!!!!!!!!!!!!
-!!!!!!!e6HA0dC@dJ4QpXC'9b!!!"!!3!!!!A!!)!)8eKBfPZG'pcD#")4$T6HA0
-dC@dJ4QpXC'9b1NCTEQ4PFJ$rr`!!!Irj!!!0!"J!!@d!!!!-!!hrp!Vrp!!%#Q0
-dH(30!"B!!@m!!!!!!!$rm`[rm`!5-!!(G'KPF'&dD!!(G'KP8'&dD!)!&!!#!#!
-!)3d!)!!#E!!#!")!%[rbrr%"rr)!!!(rm3!!!J!K!!)!)J!M$3!L!!*b!!!!%J!
-A!#3!*3d!*!!#EJ!$!")!&3!Q!#F0!#B!!6%!!!!6!"Arm!Vrm!!%#R4iC'`0!#F
-!!6%!!!!5!"2rl`Vrl`!%#Q&cBh)0!#8!!@m!!!!!!!$rlJ[rlJ!F-!!-G'KPEfa
-NC'9XD@ec!!adD'92E'4%C@aTEA-#!#-!!J!S!#N0!#J!!R)!!!!B!"d!+J!V$3!
-U!!&Y!!!!'!!C!#`-!#`!"`!"1J!#!!!0!#X!!Qi!!`!!!!!!,3!Z$3!Y!!%a!!!
-!'J!Frqd+rqd!"!TdH'4X$3!Z!!%a!!!!'3!Drq`+rq`!"!TKFf0b!J!T!!)!,`!
-`$3![!!*X!!)!(J!Hrq[rkJ(rk`!!!IrU!!!#!$!!!J!a!$)0!$%!!R)!!!!H!#X
-!-`!d$3!c!!*X!!8!(J!T!$Ark3d!03!#EJ!!!"i!+3!f!$F0!$B!!cF"!!!I!#R
-rk!!i!$N+rqJ!"!TMDA4Y$3!i!!&Y!!!!)`!PrqF$rqF!!3d!13!"E3!!!#B!+2r
-Q!rrQrrd0!$F!!@m!!!!H!"rrj3[rj3!5-!!(G'KPF'&dD!!(G'KP8'&dD!(rk3!
-!$3!d!!&[!!!!!!!!rq3,rq3!)$!!$R4SCA"bEfTPBh4`BA4S!!jdD'93FQpUC@0
-d8'&dD!)!-J!#!$S!1`d!1J!#FJ!!!#`!1`!m!$d0!$`!!Q-!!!!X!$N!2J!r$3!
-q!!*X!!8!,!!h!%$ri`d!3!!#EJ!!!#`!0`""!%)0!%%!!cF"!!!Y!$IriJ"$!%3
-+rq)!"!TMDA4Y$3"$!!&Y!!!!-3!crq%$rq%!!3d!4!!"E3!!!$3!0[rJ!rrJrri
-0!%)!!@m!!!!X!#hrh`[rh`!5-!!(G'KPF'&dD!!(G'KP8'&dD!(ri`!!$3!r!!&
-Y!!!!0`!irpi+rpi!"!T849K8$3!p!!&[!!!!!!!!rpd,rpd!&M!!#A4SC@ePF'&
-dD!!*G'KP6@93BA4S!J!l!!)!43"'$3"&!!*X!!)!2!!mrpcrf`(rh!!!!IrE!!!
-#!%B!!J"(!%J0!%F!!R)!!!!m!%8!53"+$3"*!!*M!!!!2!""!%X!6!d!5`!#BJ!
-!!$`!2`"0!%i0!%d!!@m!!!!m!$hrfJ[rfJ!J-!!1G'KPF(*[DQ9MG("KG'J!$R4
-SC9"bEfTPBh43BA4S$3"1!!&Y!!!!23!q!%m-!%m!$3!(D@jME(9NC3!#!!!0!%`
-!!@d!!!!r!%$rf3Vrf3!%#P4&@&30!%S!!@m!!!!!!!$rf![rf!!Q-!!4D@jME(9
-NC@C[E'4PFR"KG'J!%@PZBfaeC'9'EfaNCA*3BA4S!J")!!)!8!"4$3"3!!*b!!!
-!4J"9!&)!8`d!8J!#B`!!!%B!83"8!&80!&3!!Q)!!!"'!%m!9J"A$3"@!!*L!!!
-!4J",!&J!@3d!@!!"E`!!!%B!4rrA#rrA!#!`!!jdD'9`FQpUC@0dF'&dD!!1G'K
-P8(*[DQ9MG&"KG'J0!&N!!@d!!!"(!%S!@J`!@J!0!!GTEQ0XG@4P!!)!!!d!9`!
-"E3!!!%X!6J"E$!"E!!d!"fp`C@jcFf`!!J!!$3"9!!&Y!!!!6`"3rpB+rpB!"!T
-849K8$3"6!!&[!!!!!!!!rp8,rp8!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&
-dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S!J"4!!)!A!"G$3"F!!*b!!!!9J"
-K!&i!A`d!AJ!#B`!!!&B!A3"J!'%0!'!!!Q)!!!"@!&X!BJ"M$3"L!!&[!!!!9J"
-Arp3,rp3!)$!!$R4SCA"bEfTPBh4`BA4S!!jdD'93FQpUC@0d8'&dD!d!B`!"E3!
-!!&F!@J"N$!"N!!`!"Q0bHA"dE`!#!!!0!'%!!@d!!!"E!&crd`Vrd`!%#P4&@&3
-0!&m!!@m!!!!!!!$rdJ[rdJ!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4Qp
-XC'9b8'&dD!)!A3!#!'8!CJd!C3!#FJ!!!')!E3"R!'J0!'F!!Q-!!!"L!'N!D3"
-U$3"T!!*L!!!!BJ"R!'X!E!d!D`!"E`!!!')!Brr4#rr4!#!`!!jdD'9`FQpUC@0
-dF'&dD!!1G'KP8(*[DQ9MG&"KG'J0!'`!!@d!!!"M!'B!E3`!E3!*!!0cFf`!!J!
-!$3"U!!&Y!!!!C`"Srp!+rp!!"!T849K8$3"S!!&[!!!!!!!!rmm,rmm!(M!!$A0
-cE'C[E'4PFR"KG'J!$A0cE%C[E'4PFP"KG'J#!'B!!J"Z!'m0!'i!!R)!!!"Z!(8
-!F!"a$3"`!!*M!!!!EJ"a!()!F`d!FJ!"E`!!!'i!Err1#rr1!#!`!!jdD'9`FQp
-UC@0dF'&dD!!1G'KP8(*[DQ9MG&"KG'J0!(-!!@d!!!"[!($rc3Vrc3!%#P4&@&3
-0!(%!!@m!!!!!!!$rc![rc!!Q-!!4Eh"PER0cE'C[E'4PFR"KG'J!%@p`C@jcFfa
-'EfaNCA*3BA4S!J"[!!)!G!"e$3"d!!*X!!)!GJ"frm[rbJ(rb`!!!Ir+!!!#!(8
-!!J"f!(F0!(B!!R)!!!"f!(X!H!"j$3"i!!&[!!!!GJ"hrmN,rmN!($!!$(4SC@p
-XC'4PE'PYF`!-G'KP6faN4'9XD@ec$3"j!!*Z!!-!!!!!!(S!H`d!HJ!"-3!!!(J
-!H[r)#[r)!!3+G(KNE!d!H`!"-3!!!(F!H2r(#[r(!!3+BA0MFJ)!G`!#!(`!I3d
-!I!!#E!!#!(`!I2r'rm8"rmB!!!(ra3!!!J"p!!)!IJ"r$3"q!!*X!!%!I!"mrm3
-!J!(ra!!!$!#!!%!!1L"NC@aPG'8JEfaN)'PZBfaeC'8kEh"PER0cE#"QEfaNCA)
-JB@jN)(*PBh*PBA4P)'Pd)'0XC@&ZE(N!!J!!!J"r!!)!J3##$3#"!!*X!!)!I!"
-mrm2r`J(r``!!!Ir#!!!#!))!!J#$!)30!)-!!e%!!!"m!+8!K3#'!)F0!)8!!@X
-!!!"r!*`!L!)!L!!#!)N!LJd!L3!$53!#!(m!N[r"!)[r`!Vr`3!B,QeTFf0cE'0
-d+LSU+J!!!!!!!*!!!#SU+LS0!)X!!Qi!!!"r!)i!M!#0$3#-!!)d!!!!K`#1rlm
-!MJVr[`!%#Q0QEf`0!)i!!@d!!!#+!)d!M``!M`!0!!G[F'9ZFh0X!!)!!!d!M3!
-#0!!!!(m!Krqq!*!!#[qq!!3+BfC[E!d!N!!!!@m!!!#$!)Er[3[r[3!Q-!!4D@j
-ME(9NC@C[E'4PFR"KG'J!%@PZBfaeC'9'EfaNCA*3BA4S![r!!!!#!)S!!J#4rl`
-0!*%!!dN!!J#6!*crZ`#5rlS+rlX!'#jMEh*PC'9XEbSU+LS!!!!!!!#3!!!U+LS
-U$3#5!!%a!!!!N`#BrlN+rlN!"!TcC@aP![qk!!!#rl`!!!d!KJ!$8J!!!!!!!2q
-irlIrYJVrZ!!B,Q&cBh*PFR)J+LSU+J!!!!!!!*!!!#SU+LS"rlF!!!,rYJ!!$3#
-(!!*X!!%!T!#Nrl8!N`(rY3!!$!#6!"-!$5"TCfj[FQ8JCA*bEh)!!J!!!J#%!!)
-!P!#9$3#8!!*X!!)!TJ#Qrl6rX`(rY!!!!Iqc!!!#!*8!!J#@!*F0!*B!!dN!!J#
-Q!,lrX[qa!*J+rl)!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Iqa!!!'!*J
-!!rq`!*N!QJVrX!!%#QY[Bf`0!*N!!@d!!!#U!+hrV`VrV`!%#Q0QEf`'!*S!!rq
-Z!*[rV3VrVJ!%#QPZFfJ0!*X!!M3!!!#`!,MrV!#F#[qX!!3+BfC[E!d!R!!"E`!
-!!,3!YrqV#rqV!#B`!"&TEQ0XG@4PCQpXC'9bF'&dD!!4D@jME(9NC8C[E'4PFP"
-KG'J'rkd!!!)!P`!#!*d!RJd!R3!#FJ!!!,m!aJ#I!+!0!*m!!Q`"!!#r!-)!SIq
-U$3#K!!%a!!!![`$#rkN+rkN!"!TbFfad!IqU!!!0!+!!!@m!!!!!!!$rU![rU!!
-Z-!!9G'KPEQ9hCQpXC'9bFQ9QCA*PEQ0P!"9dD'91CAG'EfaNCA*5C@CPFQ9ZBf8
-#!*i!!J#L!+-0!+)!!dN!!J$(!-lrT`#NrkB+rkF!'#jYDA0MFfaMG#SU+LS!!!!
-!!!#3!!!U+LSU$3#N!!&[!!!!a`$+rk8,rk8!,M!!&A4SC@jPGfC[E'4PFR*PCQ9
-bC@jMC3!9G'KP6Q9h4QpXC'9b8Q9QCA*PEQ0P![qQ!!!#!+-!!J#P!+B0!+8!!R)
-!!!$2!0`!T`#S$3#R!!&Y!!!!c`$5!+N-!+N!$3!(Eh"PER0cE!!#!!!0!+J!!Qi
-!!!!!!!!!UJ#V$3#U!!%a!!!!e`$Erk3+rk3!"!T`EQ&Y$3#V!!%a!!!!dJ$Ark-
-+rk-!"!TcC@aP!J#Q!!)!V!#Y$3#X!!*X!!)!h3$Grk,rS3(rSJ!!!IqK!!!#!+d
-!!J#Z!+m0!+i!!Q`!!3$G!0hrS!#`!IqJ!!!-!,!!(`!C)&0dBA*d)'eKDfPZCb"
-dD'8JB@aTBA0PF`!#!!!#!+m!!J#a!,)0!,%!!dN!!J$G!3ArRrqH!,-+rjm!'#j
-MEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!IqH!!!'!,-!!rqG!,3!Y3VrR3!%#QY
-[Bf`0!,3!!@d!!!$K!16rR!VrR!!%#Q&XD@%'!,8!!rqE!,B!Y`VrQ`!%#QPZFfJ
-0!,B!!M3!!!$R!1rrQJ#i#[qD!!3+BfC[E!d!Z!!"E`!!!1X!l[qC#rqC!$3`!"K
-[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&
-dD!B!Y`!$rjJ!ZIqA#[qB!!3+G'mJ)!d!Z3!#EJ!!!2)!r`#k!,X0!,S!!M3!!!$
-i!2rrPJ#m#[q@!!3+CQPXC3d![!!"E3!!!2X!rJ#p$!#p!"-!$@p`C@jcFfaMEfj
-Q,QJ!!J!!$3#l!!)d!!!!mJ$irj8![JVrP3!%#Q0QEf`0!,i!!@m!!!$f!2IrP![
-rP!!@-!!*G'KPE@9`BA4S!!PdD'90C9"KG'J'rjF!!!)!XJ!#!,m!`!d![`!#E!!
-#!3B""[q6rj)"rj-!!!(rNJ!!!J$!!!)!`3$#$3$"!!*b!!!""J%4!--!a!d!``!
-#BJ!!!3B"$3$&!-B0!-8!!@m!!!%'!3RrN3[rN3!N-!!3Bh*jF(4[CQpXC'9bF'&
-dD!!3Bh*jF(4[4QpXC'9b8'&dD!d!aJ!"E3!!!3N"$!$($!$(!!X!"6TKFfia!!)
-!!!d!a!!"E`!!!!!!!2q3!![rN!!!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)!`J!
-#!-J!b3d!b!!$53!#!4)"22q2rii!bJVrM`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!
-!!'jeE'`"rii!!!B!bJ!$rid!b`$-#[q0!!3+DfpME!d!b`!"E3!!!4B"'Iq-#[q
--!!3+B@aTB3B!c!!$riX!c3$1#[q,!!3+D@jcD!d!c3!#0!!!!4`"*2q+!-m+riS
-!"!TMCQpX$3$2!!&[!!!")!%MriN,riN!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9
-bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J$1!!2rL!$3riF+riJ!"!T
-dEb!J$3$3!!*Z!!!"*`%f!0%!dJd!d3!#0!!!!5m"0[q'!0-+riB!"!TQD@aP$3$
-6!!&Y!!!"-J%e!03-!03!$!!'BA0Z-5jS!!)!!!d!dJ!#0!!!!5F",rq&!08+ri8
-!"!TMCQpX$3$9!!&[!!!"+`%Zri3,ri3!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!E
-rK`!!!J$*!!)!eJ$A$3$@!!0*!!)"23&Rri2rJJ$B#[q$!"JZBfpbC@0bC@`U+LS
-U!!!!!!!!N!!!ER9XE!(rJJ!!"J$B!!2rJ3$C!0S+ri%!"!TVEf0X$3$C!!&Y!!!
-"33&%ri!+ri!!"!TKE'PK"J$D!!2rI`$E!0`+rhm!"!TTER0S$3$E!!)d!!!"4`&
-2rhi!h3VrIJ!%#Q0QEf`0!0d!!@m!!!&,!8lrI3[rI3!d-!!BEh"PER0cE'PZBfa
-eC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!0`!!rpm!0l
-rH`VrI!!%#R4[)#!0!0i!!Qi!!!&5!@%!h`$J$3$I!!)d!!!"@J&KrhS!i3VrHJ!
-%#QCTE'80!1%!!@d!!!&G!@!!iJ`!iJ!3!!TKFfiaAfeKBbjS!!)!!!d!i!!#0!!
-!!9)"@[pj!1-+rhN!"!TMCQpX$3$M!!&[!!!"9J&CrhJ,rhJ!&$!!#(4PEA"`BA4
-S!!KdC@e`8'&dD!ErH`!!!J$A!!)!j!$P$3$N!!*X!!)"D!&SrhIrGJ(rG`!!!Ip
-f!!!#!18!!J$Q!1F0!1B!!R)!!!&S!A-!k!$T$3$S!!*L!!!"D!&[!1S!k`d!kJ!
-"E`!!!@J"Drpe#rpe!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*
-3BA4S$3$V!!&Y!!!"D`&Z!1`-!1`!#J!%1Q*TE`!#!!!0!1N!!@m!!!!!!!$rG![
-rG!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J$R!!)!l3$Z$3$Y!!0*!!)"G!'Hrh2
-rFJ$[#[pc!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(rFJ!!"J$[!!2rF3$
-`!2%+rh%!"!TVEf0X$3$`!!&Y!!!"H!&lrh!+rh!!"!TKE'PK"J$a!!2rE`$b!2-
-+rfm!"!TTER0S$3$b!!)d!!!"IJ''rfi!p!VrEJ!%#Q0QEf`0!23!!@m!!!'#!BA
-rE3[rE3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9
-NC8C[E'4PFP"KG'J'!2-!!rpX!2ArD`VrE!!%#R4[)#!0!28!!Qi!!!'*!CJ!pJ$
-h$3$f!!)d!!!"N3'BrfS!q!VrDJ!%#QCTE'80!2J!!@d!!!'8!CF!q3`!q3!,!!9
-LD@mZD!!#!!!0!2F!!M3!!!'*!C(rD3$k#[pT!!3+BfC[E!d!qJ!"E`!!!Bd"N!$
-rD![rD!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[pV!!!#!1i!!J$l!2`0!2X!!Q`
-!!J'I!CrrCrpQ!IpR!!!"rfB!!!)!r!!#!2d!rJd!r3!#FJ!!!Cm"UJ$r!3!0!2m
-!!Q)!!!'I!DB"!3%#$3%"!!&[!!!"R`'Lrf8,rf8!*$!!%'0bHA"dEfC[E'4PFR"
-KG'J!%'0bHA"dEdC[E'4PFP"KG'J0!3)!!@d!!!'L!D8"!``"!`!*!!-kBQB!!J!
-!$3%!!!&[!!!!!!!!rf3,rf3!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)!rJ!#!33
-""3d""!!$53!#!DX"eIpMrf)""JVrB`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'j
-eE'`"rf)!!!B""J!$rf%""`%)#[pK!!3+DfpME!d""`!"E3!!!Dm"X[pJ#[pJ!!3
-+B@aTB3B"#!!$rem"#3%+#[pI!!3+D@jcD!d"#3!#0!!!!E8"[IpH!3X+rei!"!T
-MCQpX$3%,!!&[!!!"Z3'mred,red!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&
-dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J%+!!2rA!%-reX+re`!"!TdEb!
-J$3%-!!*Z!!!"`!(2!3d"$Jd"$3!#0!!!!FJ"crpD!3m+reS!"!TQD@aP$3%2!!&
-Y!!!"b`(1!4!-!4!!%!!+BQa[GfCTFfJZD!!#!!!0!3i!!M3!!!(!!FMr@3%4#[p
-C!!3+BfC[E!d"%3!"E`!!!F3"arpB#rpB!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J
-'reX!!!)""3!#!4)"%`d"%J!#E!!#!GB"e[pAreB"reF!!!(r9J!!!J%6!!)"&!%
-9$3%8!!*b!!!"eJ(K!4B"&`d"&J!#BJ!!!GB"h3%B!4N0!4J!!@m!!!(@!GRr93[
-r93!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d"'3!"E3!
-!!GN"h!%D$!%D!!N!!cTLEJ!#!!!0!4F!!@m!!!!!!!$r9![r9!!8-!!)G'9YF("
-KG'J!#(4PEA"3BA4S!J%9!!)"'`%F$3%E!!0*!!)"iJ)-re2r8J%G#[p6!"JZBfp
-bC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(r8J!!"J%G!!2r83%H!4m+re%!"!TVEf0
-X$3%H!!&Y!!!"jJ(Tre!+re!!"!TKE'PK"J%I!!2r6`%J!5%+rdm!"!TTER0S$3%
-J!!)d!!!"l!(drdi")JVr6J!%#Q0QEf`0!5)!!@m!!!(`!I2r63[r63!d-!!BEh"
-PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J
-'!5%!!rp-!52r5`Vr6!!%#R4[)#!0!5-!!Qi!!!(h!JB"*!%P$3%N!!)d!!!"r`)
-'rdS"*JVr5J!%#QCTE'80!5B!!@d!!!)#!J8"*``"*`!+!!4LELjS!!)!!!d"*3!
-#0!!!!IF"rrp*!5J+rdN!"!TMCQpX$3%S!!&[!!!"q`(qrdJ,rdJ!&$!!#(4PEA"
-`BA4S!!KdC@e`8'&dD!Er5`!!!J%F!!)"+3%U$3%T!!*X!!)#$3)0rdIr4J(r4`!
-!!Ip'!!!#!5S!!J%V!5`0!5X!!R)!!!)0!KJ",3%Z$3%Y!!*L!!!#$3)8!5m"-!d
-",`!"E`!!!Jd#%2p&#rp&!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'Efa
-NCA*3BA4S$3%`!!&Y!!!#%!)6!6%-!6%!$3!(1Q*eCQCPFJ!#!!!0!5i!!@m!!!!
-!!!$r4![r4!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J%X!!)"-J%c$3%b!!0*!!)
-#'3*$rd2r3J%d#[p$!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(r3J!!"J%
-d!!2r33%e!6B+rd%!"!TVEf0X$3%e!!&Y!!!#(3)Jrd!+rd!!"!TKE'PK"J%f!!2
-r2`%h!6J+rcm!"!TTER0S$3%h!!)d!!!#)`)Vrci"13Vr2J!%#Q0QEf`0!6N!!@m
-!!!)R!LVr23[r23!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0
--5@jME(9NC8C[E'4PFP"KG'J'!6J!!rmm!6Vr1`Vr2!!%#R4[)#!0!6S!!Qi!!!)
-Z!Md"1`%m$3%l!!)d!!!#0J)prcS"23Vr1J!%#QCTE'80!6d!!@d!!!)j!M`"2J`
-"2J!1!!KLG@CQCA)ZD!!#!!!0!6`!!M3!!!)Z!MEr13%r#[mj!!3+BfC[E!d"2`!
-"E`!!!M)#0Imi#rmi!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'rcX!!!)"-`!#!8!
-"33d"3!!#E!!#!N3#42mhrcB"rcF!!!(r0J!!!J&"!!)"3J&$$3&#!!*b!!!#4!*
-2!83"43d"4!!#BJ!!!N3#5`&'!8F0!8B!!@m!!!*%!NIr03[r03!N-!!3Bh*jF(4
-[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d"4`!"E3!!!NF#5J&)$!&)!!X
-!"6TMBA0d!!)!!!d"43!"E`!!!!!!!2md#rmd!"3`!!KdC@e`F'&dD!!)G'9YF&"
-KG'J#!8-!!J&*!8S0!8N!!dN!!J*3!RVr-rmb!8X+rc-!'#jMEh*PBh*PE#SU+LS
-!!!!!!!#3!!"ZG@aX!Imb!!!'!8X!!rma!8`"63Vr-3!%#QY[Bf`0!8`!!@d!!!*
-8!PIr-!Vr-!!%#Q&XD@%'!8d!!rm[!8i"6`Vr,`!%#QPZFfJ0!8i!!M3!!!*D!Q,
-r,J&3#[mZ!!3+BfC[E!d"8!!"E`!!!Pi#BImY#rmY!$3`!"K[F'9ZFh0XD@jME(9
-NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B"6`!$rb`"8Im
-V#[mX!!3+G'mJ)!d"83!#EJ!!!Q8#G!&5!9-0!9)!!M3!!!*Y!R6r+J&8#[mU!!3
-+CQPXC3d"9!!"E3!!!R!#F`&9$!&9!!`!"Q0KFh3ZD!!#!!!0!9-!!M3!!!*P!Qh
-r+3&@#[mT!!3+BfC[E!d"9J!"E`!!!QN#E2mS#rmS!"3`!!KdC@e`F'&dD!!)G'9
-YF&"KG'J'rbX!!!)"5J!#!9F"@!d"9`!#E!!#!RX#HrmRrbB"rbF!!!(r*J!!!J&
-B!!)"@3&D$3&C!!*b!!!#H`+'!9X"A!d"@`!#BJ!!!RX#JJ&G!9i0!9d!!@m!!!*
-l!Rlr*3[r*3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d
-"AJ!"E3!!!Ri#J3&I$!&I!!X!"6TMEfe`!!)!!!d"A!!"E`!!!!!!!2mN#rmN!"3
-`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!9S!!J&J!@%0!@!!!dN!!J+(!V(r)rmL!@)
-+rb-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!ImL!!!'!@)!!rmK!@-"C!V
-r)3!%#QY[Bf`0!@-!!@d!!!+,!Slr)!Vr)!!%#Q&XD@%'!@3!!rmI!@8"CJVr(`!
-%#QPZFfJ0!@8!!M3!!!+4!TRr(J&R#[mH!!3+BfC[E!d"C`!"E`!!!T8#Q2mG#rm
-G!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4Qp
-XC'9b8'&dD!B"CJ!$ra`"D2mE#[mF!!3+G'mJ)!d"D!!#EJ!!!T`#U`&T!@S0!@N
-!!M3!!!+N!U[r'J&V#[mD!!3+CQPXC3d"D`!"E3!!!UF#UJ&X$!&X!!`!"Q0[EA!
-ZD!!#!!!0!@S!!M3!!!+F!U6r'3&Y#[mC!!3+BfC[E!d"E3!"E`!!!U!#SrmB#rm
-B!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'raX!!!)"B3!#!@i"E`d"EJ!#E!!#!V)
-#X[mAraB"raF!!!(r&J!!!J&[!!)"F!&a$3&`!!*b!!!#XJ+p!A)"F`d"FJ!#BJ!
-!!V)#Z3&d!A80!A3!!@m!!!+b!VAr&3[r&3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!
-3Bh*jF(4[4QpXC'9b8'&dD!d"G3!"E3!!!V8#Z!&f$!&f!!X!"6TMEfjQ!!)!!!d
-"F`!"E`!!!!!!!2m8#rm8!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!A%!!J&h!AJ
-0!AF!!dN!!J+q!ZMr%rm5!AN+ra-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@a
-X!Im5!!!'!AN!!rm4!AS"H`Vr%3!%#QY[Bf`0!AS!!@d!!!,#!XAr%!Vr%!!%#Q&
-XD@%'!AX!!rm2!A`"I3Vr$`!%#QPZFfJ0!A`!!M3!!!,)!Y$r$J&q#[m1!!3+BfC
-[E!d"IJ!"E`!!!X`#crm0#rm0!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J
-!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B"I3!$r``"Irm,#[m-!!3+G'mJ)!d
-"I`!#EJ!!!Y-#iJ'!!B%0!B!!!M3!!!,E!Z,r#J'##[m+!!3+CQPXC3d"JJ!"E3!
-!!Yi#i3'$$!'$!!`!"Q0[EQBZD!!#!!!0!B%!!M3!!!,6!Y[r#3'%#[m*!!3+BfC
-[E!d"K!!"E`!!!YF#f[m)#rm)!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'r`X!!!)
-"H!!#!B8"KJd"K3!#E!!#!ZN#kIm(r`B"r`F!!!(r"J!!!J''!!)"K`')$3'(!!*
-b!!!#k3,d!BN"LJd"L3!#BJ!!!ZN#m!',!B`0!BX!!@m!!!,T!Zcr"3[r"3!N-!!
-3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d"M!!"E3!!!Z`#l`'
-0$!'0!!S!"$TNCA-!!J!!$3'+!!&[!!!!!!!!r`3,r`3!&$!!#(4PEA"`BA4S!!K
-dC@e`8'&dD!)"L!!#!Bi"M`d"MJ!$53!#![8$(rm$r`)"N!!+r`-!'#jMEh*PBh*
-PE#SU+LS!!!!!!!#3!!"ZG@aX!Im#!!!'!C!!!!2r!3'4!C)+r`%!"!TVEf0X$3'
-4!!&Y!!!#q3,mr`!+r`!!"!TKE'PK"J'5!!2qr`'6!C3+r[m!"!TTER0S$3'6!!)
-d!!!#r`-(r[i"P3VqrJ!%#Q0QEf`0!C8!!@m!!!-$!`Eqr3[qr3!d-!!BEh"PER0
-cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!C3
-!!rlm!CEqq`Vqr!!%#R4[)#!0!CB!!Qi!!!-+!aN"P`'B$3'A!!)d!!!$%J-Cr[S
-"Q3VqqJ!%#QCTE'80!CN!!@d!!!-9!aJ"QJ`"QJ!,!!9NCA-ZD!!#!!!0!CJ!!M3
-!!!-+!a,qq3'E#[lj!!3+BfC[E!d"Q`!"E`!!!`i$%Ili#rli!"3`!!KdC@e`F'&
-dD!!)G'9YF&"KG'J'r[X!!!)"M`!#!C`"R3d"R!!#E!!#!b!$)2lhr[B"r[F!!!(
-qpJ!!!J'G!!)"RJ'I$3'H!!*b!!!$)!-V!D!"S3d"S!!#BJ!!!b!$*`'L!D-0!D)
-!!@m!!!-J!b2qp3[qp3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9
-b8'&dD!d"S`!"E3!!!b-$*J'N$!'N!!N!!cTND!!#!!!0!D%!!@m!!!!!!!$qp![
-qp!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J'I!!)"T3'Q$3'P!!0*!!)$,!0@r[2
-qmJ'R#[lc!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(qmJ!!"J'R!!2qm3'
-S!DN+r[%!"!TVEf0X$3'S!!&Y!!!$-!-cr[!+r[!!"!TKE'PK"J'T!!2ql`'U!DX
-+rZm!"!TTER0S$3'U!!)d!!!$0J-qrZi"V!VqlJ!%#Q0QEf`0!D`!!@m!!!-k!ch
-ql3[ql3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9
-NC8C[E'4PFP"KG'J'!DX!!rlX!Dhqk`Vql!!%#R4[)#!0!Dd!!Qi!!!0"!e!"VJ'
-[$3'Z!!)d!!!$5303rZS"X!VqkJ!%#QCTE'80!E!!!@d!!!0-!dm"X3`"X3!+!!4
-ND#jS!!)!!!d"V`!#0!!!!d%$5IlT!E)+rZN!"!TMCQpX$3'b!!&[!!!$430)rZJ
-,rZJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eqk`!!!J'Q!!)"X`'d$3'c!!*X!!)
-$9`0ArZIqjJ(qj`!!!IlQ!!!#!E3!!J'e!EB0!E8!!R)!!!0A!f)"Y`'i$3'h!!*
-L!!!$9`0H!EN"ZJd"Z3!"E`!!!eF$@[lP#rlP!#3`!""MFRP`G'pQEfaNCA*`BA4
-S!""MFRP`G'p'EfaNCA*3BA4S$3'k!!&Y!!!$@J0G!EX-!EX!#J!%1Q4cB3!#!!!
-0!EJ!!@m!!!!!!!$qj![qj!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J'f!!)"[!'
-p$3'm!!0*!!)$B`10rZ2qiJ'q#[lM!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9
-XE!(qiJ!!"J'q!!2qi3'r!F!+rZ%!"!TVEf0X$3'r!!&Y!!!$C`0UrZ!+rZ!!"!T
-KE'PK"J(!!!2qh`("!F)+rYm!"!TTER0S$3("!!)d!!!$E30erYi"``VqhJ!%#Q0
-QEf`0!F-!!@m!!!0a!h6qh3[qh3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4
-S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!F)!!rlF!F6qf`Vqh!!%#R4[)#!
-0!F3!!Qi!!!0i!iF"a3('$3(&!!)d!!!$J!1(rYS"a`VqfJ!%#QCTE'80!FF!!@d
-!!!1$!iB"b!`"b!!,!!9NFf%ZD!!#!!!0!FB!!M3!!!0i!i$qf3(*#[lC!!3+BfC
-[E!d"b3!"E`!!!h`$IrlB#rlB!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'rYX!!!)
-"[3!#!FS"b`d"bJ!#E!!#!ii$M[lArYB"rYF!!!(qeJ!!!J(,!!)"c!(0$3(-!!*
-b!!!$MJ1C!Fi"c`d"cJ!#BJ!!!ii$P3(3!G%0!G!!!@m!!!11!j(qe3[qe3!N-!!
-3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d"d3!"E3!!!j%$P!(
-5$!(5!!S!"$TPFR)!!J!!$3(2!!&[!!!!!!!!rY3,rY3!&$!!#(4PEA"`BA4S!!K
-dC@e`8'&dD!)"c3!#!G-"e!d"d`!$53!#!jS$a2l6rY)"e3Vqd`!B,Q0[FQ9MFQ9
-X+LSU+J!!!!!!!*!!!'jeE'`"rY)!!!B"e3!$rY%"eJ(A#[l4!!3+DfpME!d"eJ!
-"E3!!!ji$SIl3#[l3!!3+B@aTB3B"e`!$rXm"f!(C#[l2!!3+D@jcD!d"f!!#0!!
-!!k3$V2l1!GS+rXi!"!TMCQpX$3(D!!&[!!!$U!1VrXd,rXd!0$!!''p`C@jcFfa
-TEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J(C!!2
-qc!(ErXX+rX`!"!TdEb!J$3(E!!*Z!!!$V`1q!G`"h3d"h!!#0!!!!lF$[[l+!Gi
-+rXS!"!TQD@aP$3(H!!&Y!!!$ZJ1p!Gm-!Gm!#`!&CA*b,QJ!!J!!$3(G!!)d!!!
-$V`1hrXN"i!Vqb3!%#Q0QEf`0!H!!!@m!!!1c!lEqb![qb!!8-!!)G'9YF("KG'J
-!#(4PEA"3BA4S"[l,!!!#!G3!!J(K!H)0!H%!!Q`!!J2&!mAqarl'!Il(!!!"rXB
-!!!)"iJ!#!H-"j!d"i`!#FJ!!!m8$d!(P!HB0!H8!!Q)!!!2&!m`"j`(S$3(R!!&
-[!!!$a32)rX8,rX8!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0bHA"dEdC[E'4PFP"
-KG'J0!HJ!!@d!!!2)!mX"k3`"k3!+!!3kCAC`!!)!!!d"jJ!"E`!!!!!!!2l%#rl
-%!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!H3!!J(U!HX0!HS!!dN!!J24!r[q`rl
-#!H`+rX-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Il#!!!'!H`!!rl"!Hd
-"lJVq`3!%#QY[Bf`0!Hd!!@d!!!29!pMq`!Vq`!!%#Q&XD@%'!Hi!!rkr!Hm"m!V
-q[`!%#QPZFfJ0!Hm!!M3!!!2E!q2q[J(a#[kq!!3+BfC[E!d"m3!"E`!!!pm$i[k
-p#rkp!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4
-P4QpXC'9b8'&dD!B"m!!$rV`"m[kl#[km!!3+G'mJ)!d"mJ!#EJ!!!qB$p3(c!I3
-0!I-!!M3!!!2Z!rAqZJ(e#[kk!!3+CQPXC3d"p3!"E3!!!r%$p!(f$!(f!!X!"@9
-fF#jS!!)!!!d"p!!#0!!!!qB$l[kj!IF+rVN!"!TMCQpX$3(h!!&[!!!$kJ2YrVJ
-,rVJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!EqZ`!!!J(V!!)"q!(j$3(i!!*X!!)
-$r!2mrVIqYJ(qY`!!!Ikf!!!#!IN!!J(k!IX0!IS!!R)!!!2m"!F"r!(p$3(m!!*
-L!!!$r!3$!Ii"r`d"rJ!"E`!!!r`$rrke#rke!#3`!""MFRP`G'pQEfaNCA*`BA4
-S!""MFRP`G'p'EfaNCA*3BA4S$3(r!!&Y!!!$r`3#!J!-!J!!#`!&1QKYB@-!!J!
-!$3(p!!&[!!!!!!!!rV3,rV3!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)"q`!#!J%
-#!Jd#!3!$53!#"!J%-[kcrV)#!`VqX`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'j
-eE'`"rV)!!!B#!`!$rV%#"!)&#[ka!!3+DfpME!d#"!!"E3!!"!`%$rk`#[k`!!3
-+B@aTB3B#"3!$rUm#"J)(#[k[!!3+D@jcD!d#"J!#0!!!"")%'[kZ!JJ+rUi!"!T
-MCQpX$3))!!&[!!!%&J3CrUd,rUd!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&
-dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J)(!!2qV!)*rUX+rU`!"!TdEb!
-J$3)*!!*Z!!!%(33X!JS##`d##J!#0!!!"#8%,2kU!J`+rUS!"!TQD@aP$3)-!!&
-Y!!!%+!3V!Jd-!Jd!$!!'D'eKBbjS!!)!!!d##`!#0!!!""d%*IkT!Ji+rUN!"!T
-MCQpX$3)1!!&[!!!%)33NrUJ,rUJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!EqU`!
-!!J)#!!)#$`)3$3)2!!*X!!)%-`3crUIqTJ(qT`!!!IkQ!!!#!K!!!J)4!K)0!K%
-!!R)!!!3c"$i#%`)8$3)6!!*L!!!%-`3k!K8#&Jd#&3!"E`!!"$-%0[kP#rkP!#3
-`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3)@!!&Y!!!%0J3
-j!KF-!KF!#`!&1QPNC@%!!J!!$3)8!!&[!!!!!!!!rU3,rU3!&$!!#(4PEA"`BA4
-S!!KdC@e`8'&dD!)#%J!#!KJ#'3d#'!!$53!#"$m%DIkMrU)#'JVqS`!B,Q0[FQ9
-MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rU)!!!B#'J!$rU%#'`)F#[kK!!3+DfpME!d
-#'`!"E3!!"%-%4[kJ#[kJ!!3+B@aTB3B#(!!$rTm#(3)H#[kI!!3+D@jcD!d#(3!
-#0!!!"%N%8IkH!Km+rTi!"!TMCQpX$3)I!!&[!!!%6343rTd,rTd!0$!!''p`C@j
-cFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J)
-H!!2qR!)JrTX+rT`!"!TdEb!J$3)J!!*Z!!!%9!4M!L%#)Jd#)3!#0!!!"&`%Brk
-D!L-+rTS!"!TQD@aP$3)M!!&Y!!!%A`4L!L3-!L3!$!!'D@4PB5jS!!)!!!d#)J!
-#0!!!"&3%A2kC!L8+rTN!"!TMCQpX$3)P!!&[!!!%@!4ErTJ,rTJ!&$!!#(4PEA"
-`BA4S!!KdC@e`8'&dD!EqQ`!!!J)C!!)#*J)R$3)Q!!*X!!)%DJ4UrTIqPJ(qP`!
-!!Ik@!!!#!LF!!J)S!LN0!LJ!!R)!!!4U"(8#+J)V$3)U!!*L!!!%DJ4a!L`#,3d
-#,!!"E`!!"'S%EIk9#rk9!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'Efa
-NCA*3BA4S$3)Y!!&Y!!!%E34`!Li-!Li!$!!'1QaSBA0S!!)!!!d#+`!"E`!!!!!
-!!2k8#rk8!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!LN!!J)[!M!0!Lm!!dN!!J4
-f"+$qNrk5!M%+rT-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Ik5!!!'!M%
-!!rk4!M)#-`VqN3!%#QY[Bf`0!M)!!@d!!!4k"(hqN!!+rT!!!!3+B@aTB3B#-`!
-$rSm#0!)e#[k2!!3+D@jcD!d#0!!#0!!!")!%L2k1!MB+rSi!"!TMCQpX$3)f!!&
-[!!!%K!5(rSd,rSd!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP0
-66%PZBfaeC'9'EfaNCA*3BA4S"J)e!!2qM!)hrSX+rS`!"!TdEb!J$3)h!!*Z!!!
-%L`5D!MJ#13d#1!!#0!!!"*-%Q[k+!MS+rSS!"!TQD@aP$3)k!!&Y!!!%PJ5C!MX
--!MX!$3!(E'KKFfJZD!!#!!!0!MN!!M3!!!5,"*2qL3)m#[k*!!3+BfC[E!d#2!!
-"E`!!")m%N[k)#rk)!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'rSX!!!)#-!!#!Md
-#2Jd#23!#E!!#"+%%SIk(rSB"rSF!!!(qKJ!!!J)q!!)#2`*!$3)r!!*b!!!%S35
-X!N%#3Jd#33!#BJ!!"+%%U!*$!N30!N-!!@m!!!5K"+6qK3[qK3!N-!!3Bh*jF(4
-[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d#4!!"E3!!"+3%T`*&$!*&!!S
-!"$TYC$)!!J!!$3*#!!&[!!!!!!!!rS3,rS3!&$!!#(4PEA"`BA4S!!KdC@e`8'&
-dD!)#3!!#!NB#4`d#4J!$53!#"+d%erk$rS)#5!VqJ`!B,Q0[FQ9MFQ9X+LSU+J!
-!!!!!!*!!!'jeE'`"rS)!!!B#5!!$rS%#53*+#[k"!!3+DfpME!d#53!"E3!!",%
-%Y2k!#[k!!!3+B@aTB3B#5J!$rRm#5`*-#[jr!!3+D@jcD!d#5`!#0!!!",F%[rj
-q!Nd+rRi!"!TMCQpX$3*0!!&[!!!%Z`5qrRd,rRd!0$!!''p`C@jcFfaTEQ0XG@4
-PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J*-!!2qI!*1rRX
-+rR`!"!TdEb!J$3*1!!*Z!!!%`J64!Nm#8!d#6`!#0!!!"-S%dIjk!P%+rRS!"!T
-QD@aP$3*4!!&Y!!!%c363!P)-!P)!#`!&E@3b,QJ!!J!!$3*3!!)d!!!%`J6+rRN
-#8`VqH3!%#Q0QEf`0!P-!!@m!!!6'"-RqH![qH!!8-!!)G'9YF("KG'J!#(4PEA"
-3BA4S"[jl!!!#!NF!!J*8!P80!P3!!Q`!!J6B"0MqGrjf!Ijh!!!"rRB!!!)#93!
-#!PB#9`d#9J!#FJ!!"0J%i`*B!PN0!PJ!!Q)!!!6B"0m#@J*E$3*D!!&[!!!%f!6
-ErR8,rR8!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0bHA"dEdC[E'4PFP"KG'J0!PX
-!!@d!!!6E"0i#A!`#A!!+!!3kE@3e!!)!!!d#@3!"E`!!!!!!!2jd#rjd!"3`!!K
-dC@e`F'&dD!!)G'9YF&"KG'J#!PF!!J*G!Pi0!Pd!!dN!!J6N"3lqFrjb!Pm+rR-
-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Ijb!!!'!Pm!!rja!Q!#B3VqF3!
-%#QY[Bf`0!Q!!!@d!!!6S"1[qF!VqF!!%#Q&XD@%'!Q%!!rj[!Q)#B`VqE`!%#QP
-ZFfJ0!Q)!!M3!!!6Z"2EqEJ*N#[jZ!!3+BfC[E!d#C!!"E`!!"2)%pIjY#rjY!$3
-`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9
-b8'&dD!B#B`!$rQ`#CIjV#[jX!!3+G'mJ)!d#C3!#EJ!!"2N&#!*Q!QF0!QB!!M3
-!!!8""3MqDJ*S#[jU!!3+CQPXC3d#D!!"E3!!"33&"`*T$!*T!!X!"@eN05jS!!)
-!!!d#C`!#0!!!"2N&!IjT!QS+rQN!"!TMCQpX$3*U!!&[!!!%r38!rQJ,rQJ!&$!
-!#(4PEA"`BA4S!!KdC@e`8'&dD!EqD`!!!J*H!!)#D`*X$3*V!!*X!!)&$`82rQI
-qCJ(qC`!!!IjQ!!!#!Q`!!J*Y!Qi0!Qd!!R)!!!82"4S#E`*`$3*[!!*L!!!&$`8
-@!R%#FJd#F3!"E`!!"3m&%[jP#rjP!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP
-`G'p'EfaNCA*3BA4S$3*b!!&Y!!!&%J89!R--!R-!#`!&1QeNBc)!!J!!$3*`!!&
-[!!!!!!!!rQ3,rQ3!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)#EJ!#!R3#G3d#G!!
-$53!#"4X&4IjMrQ)#GJVqB`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rQ)
-!!!B#GJ!$rQ%#G`*i#[jK!!3+DfpME!d#G`!"E3!!"4m&)[jJ#[jJ!!3+B@aTB3B
-#H!!$rPm#H3*k#[jI!!3+D@jcD!d#H3!#0!!!"58&,IjH!RX+rPi!"!TMCQpX$3*
-l!!&[!!!&+38XrPd,rPd!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"
-PEP066%PZBfaeC'9'EfaNCA*3BA4S"J*k!!2qA!*mrPX+rP`!"!TdEb!J$3*m!!*
-Z!!!&-!8r!Rd#IJd#I3!#0!!!"6J&2rjD!Rm+rPS!"!TQD@aP$3*r!!&Y!!!&1`8
-q!S!-!S!!$!!'E@4M-LjS!!)!!!d#IJ!#0!!!"6!&12jC!S%+rPN!"!TMCQpX$3+
-"!!&[!!!&0!8hrPJ,rPJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eq@`!!!J*e!!)
-#JJ+$$3+#!!*X!!)&4J9'rPIq9J(q9`!!!Ij@!!!#!S-!!J+%!S80!S3!!R)!!!9
-'"9%#KJ+($3+'!!*L!!!&4J90!SJ#L3d#L!!"E`!!"8B&5Ij9#rj9!#3`!""MFRP
-`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3+*!!&Y!!!&539-!SS-!SS
-!$J!)1QpLDQ9MG(-!!J!!$3+(!!&[!!!!!!!!rP3,rP3!&$!!#(4PEA"`BA4S!!K
-dC@e`8'&dD!)#K3!#!SX#M!d#L`!$53!#"9)&I2j6rP)#M3Vq8`!B,Q0[FQ9MFQ9
-X+LSU+J!!!!!!!*!!!'jeE'`"rP)!!!B#M3!$rP%#MJ+2#[j4!!3+DfpME!d#MJ!
-"E3!!"9B&@Ij3#[j3!!3+B@aTB3B#M`!$rNm#N!!#N3Vq6`!%#QPZFfJ0!T!!!!)
-d!!!&A!9NrNi#NJVq6J!%#Q0QEf`0!T)!!@m!!!9J"@2q63[q63!d-!!BEh"PER0
-cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!T%
-!!rj-!T2q5`Vq6!!%#R4[)#!0!T-!!Qi!!!9R"AB#P!+9$3+8!!)d!!!&E`9frNS
-#PJVq5J!%#QCTE'80!TB!!@d!!!9b"A8#P``#P`!2!!P[BQTPBh4c,QJ!!J!!$3+
-9!!)d!!!&C`9[rNN#Q!Vq53!%#Q0QEf`0!TJ!!@m!!!9V"@lq5![q5!!8-!!)G'9
-YF("KG'J!#(4PEA"3BA4S"[j,!!!#!S`!!J+C!TS0!TN!!Q`!!J9p"Ahq4rj'!Ij
-(!!!"rNB!!!)#QJ!#!TX#R!d#Q`!#FJ!!"Ad&L!+G!Ti0!Td!!Q)!!!9p"B3#R`+
-J$3+I!!&[!!!&I3@!rN8,rN8!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0bHA"dEdC
-[E'4PFP"KG'J0!U!!!@d!!!@!"B-#S3`#S3!+!!3kF'9Y!!)!!!d#RJ!"E`!!!!!
-!!2j%#rj%!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!T`!!J+L!U-0!U)!!dN!!J@
-*"E2q3rj#!U3+rN-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Ij#!!!'!U3
-!!rj"!U8#TJVq33!%#QY[Bf`0!U8!!@d!!!@0"C!!rN!+rN!!"!TKE'PK"J+Q!!2
-q2`+R!UJ+rMm!"!TTER0S$3+R!!)d!!!&N`@ErMi#U3Vq2J!%#Q0QEf`0!UN!!@m
-!!!@A"CVq23[q23!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0
--5@jME(9NC8C[E'4PFP"KG'J'!UJ!!rim!UVq1`Vq2!!%#R4[)#!0!US!!Qi!!!@
-H"Dd#U`+X$3+V!!)d!!!&TJ@YrMS#V3Vq1J!%#QCTE'80!Ud!!@d!!!@T"D`#VJ`
-#VJ!,!!9`C@dZD!!#!!!0!U`!!M3!!!@H"DEq13+[#[ij!!3+BfC[E!d#V`!"E`!
-!"D)&TIii#rii!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'rMX!!!)#S`!#!V!#X3d
-#X!!$53!#"E3&h[ihrMB#XJVq0`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`
-"rMB!!!B#XJ!$rM8#X`+d#[ie!!3+DfpME!d#X`!"E3!!"EJ&Zrid#[id!!3+B@a
-TB3B#Y!!$rM-#Y3+f#[ic!!3+D@jcD!d#Y3!#0!!!"Ei&a[ib!VF+rM)!"!TMCQp
-X$3+h!!&[!!!&`JA&rM%,rM%!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!
-BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J+f!!2q-!+irLm+rM!!"!TdEb!J$3+
-i!!*Z!!!&b3AB!VN#ZJd#Z3!#0!!!"G%&f2iZ!VX+rLi!"!TQD@aP$3+l!!&Y!!!
-&e!AA!V`-!V`!$!!'F'9Y-LjS!!)!!!d#ZJ!#0!!!"FN&dIiY!Vd+rLd!"!TMCQp
-X$3+p!!&[!!!&c3A3rL`,rL`!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eq,`!!!J+
-a!!)#[J+r$3+q!!*X!!)&h`AIrL[q+J(q+`!!!IiU!!!#!Vm!!J,!!X%0!X!!!R)
-!!!AI"HS#`J,$$3,#!!*L!!!&h`AQ!X3#a3d#a!!"E`!!"Gm&i[iT#riT!#3`!""
-MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3,&!!&Y!!!&iJAP!XB
--!XB!$3!(1R"VBh-a-J!#!!!0!X-!!@m!!!!!!!$q+![q+!!8-!!)G'9YF("KG'J
-!#(4PEA"3BA4S!J,"!!)#a`,)$3,(!!0*!!)&k`B9rLIq*J,*#[iR!"JZBfpbC@0
-bC@`U+LSU!!!!!!!!N!!!ER9XE!(q*J!!"J,*!!2q*3,+!XX+rL8!"!TVEf0X$3,
-+!!&Y!!!&l`AbrL3+rL3!"!TKE'PK"J,,!!2q)`,-!Xd+rL-!"!TTER0S$3,-!!)
-d!!!&p3AprL)#cJVq)J!%#Q0QEf`0!Xi!!@m!!!Aj"Icq)3[q)3!d-!!BEh"PER0
-cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!Xd
-!!riJ!Xrq(`Vq)!!%#R4[)#!0!Xm!!Qi!!!B!"Jm#d!,4$3,3!!)d!!!'#!B2rKi
-#dJVq(J!%#QCTE'80!Y)!!@d!!!B,"Ji#d``#d`!1!!K`Df0c-6)ZD!!#!!!0!Y%
-!!M3!!!B!"JMq(3,8#[iG!!3+BfC[E!d#e!!"E`!!"J3'"riF#riF!"3`!!KdC@e
-`F'&dD!!)G'9YF&"KG'J'rKm!!!)#b!!#!Y8#eJd#e3!#E!!#"KB'&[iErKS"rKX
-!!!(q'J!!!J,@!!)#e`,B$3,A!!*b!!!'&JBK!YN#fJd#f3!#BJ!!"KB'(3,E!Y`
-0!YX!!@m!!!B@"KRq'3[q'3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4Qp
-XC'9b8'&dD!d#h!!"E3!!"KN'(!,G$!,G!!`!"MT`Df0c0`!#!!!0!YS!!@m!!!!
-!!!$q'![q'!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J,B!!)#hJ,I$3,H!!0*!!)
-')JC-rKIq&J,J#[iA!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(q&J!!"J,
-J!!2q&3,K!Z)+rK8!"!TVEf0X$3,K!!&Y!!!'*JBTrK3+rK3!"!TKE'PK"J,L!!2
-q%`,M!Z3+rK-!"!TTER0S$3,M!!)d!!!',!BdrK)#j3Vq%J!%#Q0QEf`0!Z8!!@m
-!!!B`"M2q%3[q%3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0
--5@jME(9NC8C[E'4PFP"KG'J'!Z3!!ri3!ZEq$`Vq%!!%#R4[)#!0!ZB!!Qi!!!B
-h"NB#j`,S$3,R!!)d!!!'2`C'rJi#k3Vq$J!%#QCTE'80!ZN!!@d!!!C#"N8#kJ`
-#kJ!0!!G`Df0c0bjS!!)!!!d#k!!#0!!!"MF'2ri0!ZX+rJd!"!TMCQpX$3,V!!&
-[!!!'1`BqrJ`,rJ`!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eq$`!!!J,I!!)#l!,
-Y$3,X!!*X!!)'63C0rJ[q#J(q#`!!!Ii+!!!#!Zd!!J,Z!Zm0!Zi!!R)!!!C0"PJ
-#m!,a$3,`!!*L!!!'63C8![)#m`d#mJ!"E`!!"Nd'82i*#ri*!#3`!""MFRP`G'p
-QEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3,c!!&Y!!!'8!C6![3-![3!#`!
-&1R*KEQ3!!J!!$3,a!!&[!!!!!!!!rJJ,rJJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&
-dD!)#l`!#![8#pJd#p3!$53!#"PN'Jri(rJB#p`Vq"`!B,Q0[FQ9MFQ9X+LSU+J!
-!!!!!!*!!!'jeE'`"rJB!!!B#p`!$rJ8#q!,j#[i&!!3+DfpME!d#q!!"E3!!"Pd
-'B2i%#[i%!!3+B@aTB3B#q3!$rJ-#qJ,l#[i$!!3+D@jcD!d#qJ!#0!!!"Q-'Dri
-#![`+rJ)!"!TMCQpX$3,m!!&[!!!'C`CUrJ%,rJ%!0$!!''p`C@jcFfaTEQ0XG@4
-PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J,l!!2q!!,prIm
-+rJ!!"!TdEb!J$3,p!!*Z!!!'EJCp![i#r`d#rJ!#0!!!"RB'IIhq!`!+rIi!"!T
-QD@aP$3-!!!&Y!!!'H3Cm!`%-!`%!$!!'FQ&ZC#jS!!)!!!d#r`!#0!!!"Qi'G[h
-p!`)+rId!"!TMCQpX$3-#!!&[!!!'FJCerI`,rI`!&$!!#(4PEA"`BA4S!!KdC@e
-`8'&dD!Epr`!!!J,f!!)$!`-%$3-$!!*X!!)'K!D%rI[pqJ(pq`!!!Ihk!!!#!`3
-!!J-&!`B0!`8!!R)!!!D%"Sm$"`-)$3-(!!*L!!!'K!D,!`N$#Jd$#3!"E`!!"S3
-'Krhj#rhj!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3-
-+!!&Y!!!'K`D+!`X-!`X!#J!%1R*M-J!#!!!0!`J!!@m!!!!!!!$pq![pq!!8-!!
-)G'9YF("KG'J!#(4PEA"3BA4S!J-'!!)$$!-0$3--!!0*!!)'N!!'Z[hhrIB$$JV
-pp`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rIB!!!B$$J!$rI8$$`-3#[h
-e!!3+DfpME!d$$`!"E3!!"T3'Prhd#[hd!!3+B@aTB3B$%!!$rI-$%3-5#[hc!!3
-+D@jcD!d$%3!#0!!!"TS'S[hb!a-+rI)!"!TMCQpX$3-6!!&[!!!'RJDKrI%,rI%
-!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'Efa
-NCA*3BA4S"J-5!!2pm!-8rHm+rI!!"!TdEb!J$3-8!!*Z!!!'T3Dd!a8$&Jd$&3!
-#0!!!"Ud'Y2hZ!aF+rHi!"!TQD@aP$3-A!!&Y!!!'X!Dc!aJ-!aJ!#`!&FQ-b,QJ
-!!J!!$3-@!!)d!!!'T3DYrHd$'3Vpl3!%#Q0QEf`0!aN!!@m!!!DT"Ucpl![pl!!
-8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[h[!!!#!`d!!J-D!aX0!aS!!Q`!!JDl"V[
-pkrhU!IhV!!!"rHS!!!)$'`!#!a`$(3d$(!!#FJ!!"VX'aJ-H!am0!ai!!Q)!!!D
-l"X)$)!-K$3-J!!&[!!!'Z`DqrHN,rHN!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0
-bHA"dEdC[E'4PFP"KG'J0!b%!!@d!!!Dq"X%$)J`$)J!+!!3kFQ-d!!)!!!d$(`!
-"E`!!!!!!!2hS#rhS!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!ad!!J-M!b30!b-
-!!dN!!JE("[(pjrhQ!b8+rHF!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Ih
-Q!!!'!b8!!rhP!bB$*`Vpj3!%#QY[Bf`0!bB!!@d!!!E,"Xlpj!Vpj!!%#Q&XD@%
-'!bF!!rhM!bJ$+3Vpi`!%#QPZFfJ0!bJ!!M3!!!E4"YRpiJ-U#[hL!!3+BfC[E!d
-$+J!"E`!!"Y8'f2hK#rhK!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p
-`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B$+3!$rH!$+rhI#[hJ!!3+G'mJ)!d$+`!
-#EJ!!"Y`'k`-X!bd0!b`!!M3!!!EN"Z[phJ-Z#[hH!!3+CQPXC3d$,J!"E3!!"ZF
-'kJ-[$!-[!!X!"A*M0#jS!!)!!!d$,3!#0!!!"Y`'j2hG!c!+rGd!"!TMCQpX$3-
-`!!&[!!!'i!EMrG`,rG`!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eph`!!!J-N!!)
-$-3-b$3-a!!*X!!)'mJEbrG[pfJ(pf`!!!IhD!!!#!c)!!J-c!c30!c-!!R)!!!E
-b"[d$03-f$3-e!!*L!!!'mJEj!cF$1!d$0`!"E`!!"[)'pIhC#rhC!#3`!""MFRP
-`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3-i!!&Y!!!'p3Ei!cN-!cN
-!#J!%1R*M03!#!!!0!cB!!@m!!!!!!!$pf![pf!!8-!!)G'9YF("KG'J!#(4PEA"
-3BA4S!J-d!!)$1J-l$3-k!!0*!!)'rJFSrGIpeJ-m#[hA!"JZBfpbC@0bC@`U+LS
-U!!!!!!!!N!!!ER9XE!(peJ!!"J-m!!2pe3-p!ci+rG8!"!TVEf0X$3-p!!&Y!!!
-(!JF&rG3+rG3!"!TKE'PK"J-q!!2pd`-r!d!+rG-!"!TTER0S$3-r!!)d!!!(#!F
-3rG)$33VpdJ!%#Q0QEf`0!d%!!@m!!!F-"`rpd3[pd3!d-!!BEh"PER0cE'PZBfa
-eC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!d!!!rh3!d,
-pc`Vpd!!%#R4[)#!0!d)!!Qi!!!F6"b)$3`0%$30$!!)d!!!('`FLrFi$43VpcJ!
-%#QCTE'80!d8!!@d!!!FH"b%$4J`$4J!,!!9bBc8ZD!!#!!!0!d3!!M3!!!F6"a[
-pc30(#[h0!!3+BfC[E!d$4`!"E`!!"aF('[h-#rh-!"3`!!KdC@e`F'&dD!!)G'9
-YF&"KG'J'rFm!!!)$1`!#!dJ$53d$5!!#E!!#"bN(+Ih,rFS"rFX!!!(pbJ!!!J0
-*!!)$5J0,$30+!!*b!!!(+3Fd!d`$63d$6!!#BJ!!"bN(-!01!dm0!di!!@m!!!F
-T"bcpb3[pb3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d
-$6`!"E3!!"b`(,`03$!03!!d!"cTbDA"PE@3!!J!!$300!!&[!!!!!!!!rFJ,rFJ
-!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)$5`!#!e%$8Jd$83!$53!#"c8(Arh(rFB
-$8`Vpa`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rFB!!!B$8`!$rF8$9!0
-9#[h&!!3+DfpME!d$9!!"E3!!"cN(22h%#[h%!!3+B@aTB3B$93!$rF-$9J0A#[h
-$!!3+D@jcD!d$9J!#0!!!"cm(4rh#!eJ+rF)!"!TMCQpX$30B!!&[!!!(3`G'rF%
-,rF%!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9
-'EfaNCA*3BA4S"J0A!!2p`!0CrEm+rF!!"!TdEb!J$30C!!*Z!!!(5JGC!eS$@`d
-$@J!#0!!!"e)(@Ifq!e`+rEi!"!TQD@aP$30F!!&Y!!!(93GB!ed-!ed!$J!)FQP
-`C@eN,QJ!!J!!$30E!!)d!!!(5JG5rEd$AJVp[3!%#Q0QEf`0!ei!!@m!!!G1"e(
-p[![p[!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[fr!!!#!e)!!J0I!f!0!em!!Q`
-!!JGJ"f$pZrfk!Ifl!!!"rES!!!)$B!!#!f%$BJd$B3!#FJ!!"f!(D`0M!f30!f-
-!!Q)!!!GJ"fF$C30Q$30P!!&[!!!(B!GMrEN,rEN!*$!!%'0bHA"dEfC[E'4PFR"
-KG'J!%'0bHA"dEdC[E'4PFP"KG'J0!fB!!@d!!!GM"fB$C``$C`!+!!3kFR0K!!)
-!!!d$C!!"E`!!!!!!!2fi#rfi!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!f)!!J0
-S!fN0!fJ!!dN!!JGX"jEpYrff!fS+rEF!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"
-ZG@aX!Iff!!!'!fS!!rfe!fX$E!VpY3!%#QY[Bf`0!fX!!@d!!!G`"h2pY!VpY!!
-%#Q&XD@%'!f`!!rfc!fd$EJVpX`!%#QPZFfJ0!fd!!M3!!!Gf"hlpXJ0[#[fb!!3
-+BfC[E!d$E`!"E`!!"hS(IIfa#rfa!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"
-KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B$EJ!$rE!$F2f[#[f`!!3+G'm
-J)!d$F!!#EJ!!"i%(N!!$F30b$30a!!)d!!!(L3H3!2fZ!h-+rDi!"!TQD@aP$30
-c!!&Y!!!(M!H2!h3-!h3!#`!&FR0K,QJ!!J!!$30b!!)d!!!(J3H*rDd$G3VpV3!
-%#Q0QEf`0!h8!!@m!!!H&"iMpV![pV!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[f
-[!!!#!fN!!J0f!hF0!hB!!Q`!!JHA"jIpUrfU!IfV!!!"rDS!!!)$G`!#!hJ$H3d
-$H!!#FJ!!"jF(SJ0k!hX0!hS!!Q)!!!HA"ji$I!0p$30m!!&[!!!(P`HDrDN,rDN
-!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0bHA"dEdC[E'4PFP"KG'J0!hd!!@d!!!H
-D"jd$IJ`$IJ!-!!BkFh4KBfX!!J!!$30l!!&[!!!!!!!!rDJ,rDJ!&$!!#(4PEA"
-`BA4S!!KdC@e`8'&dD!)$H3!#!hm$J!d$I`!$53!#"k-(cIfRrDB$J3VpT`!B,Q0
-[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rDB!!!B$J3!$rD8$JJ1$#[fP!!3+Dfp
-ME!d$JJ!"E3!!"kF(U[fN#[fN!!3+B@aTB3B$J`!$rD-$K!1&#[fM!!3+D@jcD!d
-$K!!#0!!!"kd(YIfL!iB+rD)!"!TMCQpX$31'!!&[!!!(X3HdrD%,rD%!0$!!''p
-`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4
-S"J1&!!2pS!1(rCm+rD!!"!TdEb!J$31(!!*Z!!!(Z!I(!iJ$L3d$L!!#0!!!"m!
-(arfH!iS+rCi!"!TQD@aP$31+!!&Y!!!(``I'!iX-!iX!$3!(Fh4KBfXZD!!#!!!
-0!iN!!M3!!!Hi"m$pR31-#[fG!!3+BfC[E!d$M!!"E`!!"l`([rfF#rfF!"3`!!K
-dC@e`F'&dD!!)G'9YF&"KG'J'rCm!!!)$J!!#!id$MJd$M3!$53!#"mi(q2fErCS
-$M`VpQ`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rCS!!!B$M`!$rCN$N!!
-$N3VpQ3!%#QY[Bf`0!j!!!!&Y!!!(dJI9rCJ+rCJ!"!TKE'PK"J14!!2pP`15!j-
-+rCF!"!TTER0S$315!!)d!!!(f!IJrCB$P!VpPJ!%#Q0QEf`0!j3!!@m!!!IF"pr
-pP3[pP3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9
-NC8C[E'4PFP"KG'J'!j-!!rf8!jApN`VpP!!%#R4[)#!0!j8!!Qi!!!IM"r)$PJ1
-A$31@!!)d!!!(k`IbrC)$Q!VpNJ!%#QCTE'80!jJ!!@d!!!IZ"r%$Q3`$Q3!4!!Y
-cB@CPFh4KBfXZD!!#!!!0!jF!!M3!!!IM"q[pN31D#[f4!!3+BfC[E!d$QJ!"E`!
-!"qF(k[f3!![pN!!!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!EpN`!!!J11!!)$Q`1
-F$31E!!*X!!)(q3IjrBrpMJ(pM`!!!If1!!!#!j`!!J1G!ji0!jd!!R)!!!Ij#!3
-$R`1J$31I!!*L!!!(q3J!!k%$SJd$S3!"E`!!"rN(r2f0#rf0!#3`!""MFRP`G'p
-QEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$31L!!&Y!!!(r!Ir!k--!k-!#J!
-%1R0SB3!#!!!0!k!!!@m!!!!!!!$pM![pM!!8-!!)G'9YF("KG'J!#(4PEA"3BA4
-S!J1H!!)$T!1P$31N!!0*!!))"3J[rB[pLJ1Q#[f,!"JZBfpbC@0bC@`U+LSU!!!
-!!!!!N!!!ER9XE!(pLJ!!"J1Q!!2pL31R!kJ+rBN!"!TVEf0X$31R!!&Y!!!)#3J
--rBJ+rBJ!"!TKE'PK"J1S!!2pK`1T!kS+rBF!"!TTER0S$31T!!)d!!!)$`JArBB
-$U`VpKJ!%#Q0QEf`0!kX!!@m!!!J6#"EpK3[pK3!d-!!BEh"PER0cE'PZBfaeC'9
-QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!kS!!rf%!kcpJ`V
-pK!!%#R4[)#!0!k`!!Qi!!!JD##N$V31Z$31Y!!)d!!!))JJTrB)$V`VpJJ!%#QC
-TE'80!km!!@d!!!JP##J$X!`$X!!,!!9cD'%ZD!!#!!!0!ki!!M3!!!JD##,pJ31
-a#[f"!!3+BfC[E!d$X3!"E`!!#"i))If!#rf!!"3`!!KdC@e`F'&dD!!)G'9YF&"
-KG'J'rB-!!!)$T3!#!l)$X`d$XJ!#E!!##$!)-2errAi"rAm!!!(pIJ!!!J1c!!)
-$Y!1e$31d!!*b!!!)-!Jl!lB$Y`d$YJ!#BJ!!#$!)0`1i!lN0!lJ!!@m!!!J`#$2
-pI3[pI3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d$Z3!
-"E3!!#$-)0J1k$!1k!!d!"cTdH(4IC')!!J!!$31h!!&[!!!!!!!!rA`,rA`!&$!
-!#(4PEA"`BA4S!!KdC@e`8'&dD!)$Y3!#!lX$[!d$Z`!$53!##$`)C[elrAS$[3V
-pH`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rAS!!!B$[3!$rAN$[J1r#[e
-j!!3+DfpME!d$[J!"E3!!#%!)3rei#[ei!!3+B@aTB3B$[`!$rAF$`!2"#[eh!!3
-+D@jcD!d$`!!#0!!!#%B)6[ef!m)+rAB!"!TMCQpX$32#!!&[!!!)5JK0rA8,rA8
-!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'Efa
-NCA*3BA4S"J2"!!2pG!2$rA-+rA3!"!TdEb!J$32$!!*Z!!!)83KJ!m3$a3d$a!!
-#0!!!#&N)B2eb!mB+rA)!"!TQD@aP$32'!!&Y!!!)A!KI!mF-!mF!$J!)G(KdAf4
-L,QJ!!J!!$32&!!)d!!!)83KCrA%$b!VpF3!%#Q0QEf`0!mJ!!@m!!!K9#&MpF![
-pF!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[ec!!!#!l`!!J2*!mS0!mN!!Q`!!JK
-R#'IpEreZ!Ie[!!!"r@i!!!)$bJ!#!mX$c!d$b`!#FJ!!#'F)FJ20!mi0!md!!Q)
-!!!KR#'i$c`23$322!!&[!!!)C`KUr@d,r@d!*$!!%'0bHA"dEfC[E'4PFR"KG'J
-!%'0bHA"dEdC[E'4PFP"KG'J0!p!!!@d!!!KU#'d$d3`$d3!,!!8kH$8`13!#!!!
-0!mi!!@m!!!!!!!$pE![pE!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J2-!!)$dJ2
-6$325!!0*!!))F`LGr@[pDJ28#[eV!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9
-XE!(pDJ!!"J28!!2pD329!pB+r@N!"!TVEf0X$329!!&Y!!!)G`Kkr@J+r@J!"!T
-KE'PK"J2@!!2pC`2A!pJ+r@F!"!TTER0S$32A!!)d!!!)I3L&r@B$f3VpCJ!%#Q0
-QEf`0!pN!!@m!!!L"#)6pC3[pC3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4
-S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!pJ!!reN!pVpB`VpC!!%#R4[)#!
-0!pS!!Qi!!!L)#*F$f`2F$32E!!)d!!!)N!!)PreL!pd+r@)!"!TQD@aP$32G!!&
-Y!!!)N`L@!pi-!pi!$!!'H$8`15jS!!)!!!d$h!!#0!!!#)J)N!$pB32I#[eK!!3
-+BfC[E!d$h`!"E`!!#)`)MreJ#reJ!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'r@-
-!!!)$d`!#!q!$i3d$i!!$53!##*i)b2eIr9i$iJVpA`!B,Q0[FQ9MFQ9X+LSU+J!
-!!!!!!*!!!'jeE'`"r9i!!!B$iJ!$r9d$i`2N#[eG!!3+DfpME!d$i`!"E3!!#+)
-)TIeF#[eF!!3+B@aTB3B$j!!$r9X$j32Q#[eE!!3+D@jcD!d$j3!#0!!!#+J)X2e
-D!qF+r9S!"!TMCQpX$32R!!&[!!!)V!L[r9N,r9N!0$!!''p`C@jcFfaTEQ0XG@4
-PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J2Q!!2p@!2Sr9F
-+r9J!"!TdEb!J$32S!!*Z!!!)X`M#!qN$kJd$k3!#0!!!#,X)`[e@!qX+r9B!"!T
-QD@aP$32V!!&Y!!!)[JM"!q`-!q`!%!!+H$8`19pfCRNZD!!#!!!0!qS!!M3!!!L
-c#,[p932Y#[e9!!3+BfC[E!d$l3!"E`!!#,F)Z[e8#re8!"3`!!KdC@e`F'&dD!!
-)G'9YF&"KG'J'r9F!!!)$i3!#!qi$l`d$lJ!#E!!##-N)bIe6r9)"r9-!!!(p8J!
-!!J2[!!)$m!2a$32`!!*b!!!)b3M8!r)$m`d$mJ!#BJ!!#-N)d!2d!r80!r3!!@m
-!!!M*#-cp83[p83!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&
-dD!d$p3!"E3!!#-`)c`2f$!2f!!d!"cTi06!jGM-!!J!!$32c!!&[!!!!!!!!r9!
-,r9!!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)$m3!#!rF$q!d$p`!$53!##08)rre
-2r8i$q3Vp6`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r8i!!!B$q3!$r8d
-$qJ2l#[e0!!3+DfpME!d$qJ!"E3!!#0N)h2e-#[e-!!3+B@aTB3B$q`!$r8X$r!2
-p#[e,!!3+D@jcD!d$r!!#0!!!#0m)jre+!ri+r8S!"!TMCQpX$32q!!&[!!!)i`M
-Qr8N,r8N!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfa
-eC'9'EfaNCA*3BA4S"J2p!!2p5!2rr8F+r8J!"!TdEb!J$32r!!*Z!!!)kJMj"!!
-%!3d%!!!#0!!!#2))qIe'"!)+r8B!"!TQD@aP$33#!!&Y!!!)p3Mi"!--"!-!$J!
-)H$8`1ABc,QJ!!J!!$33"!!)d!!!)kJMbr88%"!Vp43!%#Q0QEf`0"!3!!@m!!!M
-Z#2(p4![p4!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[e(!!!#!rJ!!J3&"!B0"!8
-!!Q`!!JN!#3$p3re#!Ie$!!!"r8)!!!)%"J!#"!F%#!d%"`!$53!##3!*+[e"r8!
-%#3Vp33!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r8!!!!B%#3!$r6m%#J3
-,#[dr!!3+DfpME!d%#J!"E3!!#33*"rdq#[dq!!3+B@aTB3B%#`!$r6d%$!30#[d
-p!!3+D@jcD!d%$!!#0!!!#3S*%[dm"!i+r6`!"!TMCQpX$331!!&[!!!*$JN4r6X
-,r6X!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9
-'EfaNCA*3BA4S"J30!!2p1J32r6N+r6S!"!TdEb!J$332!!*Z!!!*&3NN""!%%3d
-%%!!#0!!!#4d**2di"")+r6J!"!TQD@aP$335!!&Y!!!*)!NM""--""-!#`!&Fh0
-X,QJ!!J!!$334!!)d!!!*&3NGr6F%&!Vp0`!%#Q0QEf`0""3!!@m!!!NC#4cp0J[
-p0J!H-!!0Fh0XCQpXC'9bF'&dD!!0Fh0X4QpXC'9b8'&dD!Ep13!!!J3)!!)%&33
-@$339!!0*!!)*+`P9r6Ap0!3A#[de!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9
-XE!(p0!!!"J3A!!2p-`3B""N+r6-!"!TVEf0X$33B!!&Y!!!*,`Nbr6)+r6)!"!T
-KE'PK"J3C!!2p-33D""X+r6%!"!TTER0S$33D!!)d!!!*03Npr6!%(!Vp-!!%#Q0
-QEf`0""`!!@m!!!Nj#6cp,`[p,`!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4
-S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'""X!!rdZ""hp,3Vp,J!%#R4[)#!
-0""d!!Qi!!!P!#8m%(J3I$33H!!)d!!!*5!P2r5`%)!Vp,!!%#QCTE'80"#!!!@d
-!!!P,#8i%)3`%)3!-!!CcFf`b,QJ!!J!!$33I!!)d!!!*3!P)r5X%)JVp+`!%#Q0
-QEf`0"#)!!@m!!!P%#8Ip+J[p+J!H-!!0Fh0XCQpXC'9bF'&dD!!0Fh0X4QpXC'9
-b8'&dD!Ep,3!!!J3@!!)%)`3N$33M!!0*!!)*9JQ!r5Rp+!3P#[dT!"JZBfpbC@0
-bC@`U+LSU!!!!!!!!N!!!ER9XE!(p+!!!"J3P!!2p*`3Q"#F+r5F!"!TVEf0X$33
-Q!!&Y!!!*@JPGr5B+r5B!"!TKE'PK"J3R!!2p*33S"#N+r58!"!TTER0S$33S!!)
-d!!!*B!PSr53%+JVp*!!%#Q0QEf`0"#S!!@m!!!PN#@Ip)`[p)`!d-!!BEh"PER0
-cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'"#N
-!!rdL"#[p)3Vp)J!%#R4[)#!0"#X!!Qi!!!PV#AS%,!3Y$33X!!)d!!!*F`Pkr5!
-%,JVp)!!%#QCTE'80"#i!!@d!!!Pf#AN%,``%,`!0!!GcFf`b-bjS!!)!!!d%,3!
-#0!!!#@X*FrdI"$!+r4m!"!TMCQpX$33`!!&[!!!*E`Pbr4i,r4i!(M!!$A0cE'C
-[E'4PFR"KG'J!$A0cE%C[E'4PFP"KG'J'r5%!!!)%*!!#"$%%-Jd%-3!$53!##B%
-*UrdGr4`%-`Vp(3!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r4`!!!B%-`!
-$r4X%0!3e#[dE!!3+DfpME!d%0!!"E3!!#B8*L2dD#[dD!!3+B@aTB3B%03!$r4N
-%0J3h#[dC!!3+D@jcD!d%0J!#0!!!#BX*NrdB"$J+r4J!"!TMCQpX$33i!!&[!!!
-*M`Q5r4F,r4F!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%P
-ZBfaeC'9'EfaNCA*3BA4S"J3h!!2p&J3jr48+r4B!"!TdEb!J$33j!!*Z!!!*PJQ
-P"$S%1`d%1J!#0!!!#Ci*TId8"$`+r43!"!TQD@aP$33m!!&Y!!!*S3QN"$d-"$d
-!$!!'Fh0X-bjS!!)!!!d%1`!#0!!!#CB*R[d6"$i+r4-!"!TMCQpX$33q!!&[!!!
-*QJQGr4),r4)!(M!!$A0cE'C[E'4PFR"KG'J!$A0cE%C[E'4PFP"KG'J'r48!!!)
-%-J!#"$m%3!d%2`!$53!##D`*e[d4r4!%33Vp%3!B,Q0[FQ9MFQ9X+LSU+J!!!!!
-!!*!!!'jeE'`"r4!!!!B%33!$r3m%3J4$#[d2!!3+DfpME!d%3J!"E3!!#E!*Xrd
-1#[d1!!3+B@aTB3B%3`!$r3d%4!4&#[d0!!3+D@jcD!d%4!!#0!!!#EB*[[d-"%B
-+r3`!"!TMCQpX$34'!!&[!!!*ZJQpr3X,r3X!0$!!''p`C@jcFfaTEQ0XG@4PCQp
-XC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J4&!!2p#J4(r3N+r3S
-!"!TdEb!J$34(!!*Z!!!*`3R3"%J%53d%5!!#0!!!#FN*d2d)"%S+r3J!"!TQD@a
-P$34+!!&Y!!!*c!R2"%X-"%X!$!!'G'ac-5jS!!)!!!d%53!#0!!!#F%*bId("%`
-+r3F!"!TMCQpX$34-!!&[!!!*a3R)r3B,r3B!(M!!$A0cE'C[E'4PFR"KG'J!$A0
-cE%C[E'4PFP"KG'J'r3N!!!)%3!!#"%d%6Jd%63!#E!!##GF*erd&r33"r38!!!(
-p"!!!!J41!!)%6`43$342!!0*!!)*e`S"r32p!J44#[d$!"JZBfpbC@0bC@`U+LS
-U!!!!!!!!N!!!ER9XE!(p!J!!"J44!!2p!345"&-+r3%!"!TVEf0X$345!!&Y!!!
-*f`RHr3!+r3!!"!TKE'PK"J46!!2mr`48"&8+r2m!"!TTER0S$348!!)d!!!*i3R
-Tr2i%9JVmrJ!%#Q0QEf`0"&B!!@m!!!RP#HMmr3[mr3!d-!!BEh"PER0cE'PZBfa
-eC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'"&8!!rcm"&I
-mq`Vmr!!%#R4[)#!0"&F!!Qi!!!RX#IX%@!4C$34B!!)d!!!*p!Rlr2S%@JVmqJ!
-%#QCTE'80"&S!!@d!!!Rh#IS%@``%@`!1!!KMFRP`G'mZD!!#!!!0"&N!!M3!!!R
-X#I6mq34F#[cj!!3+BfC[E!d%A!!"E`!!#I!*mrci#rci!#3`!""MFRP`G'pQEfa
-NCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S"[cl!!!#"&!!!J4G"&i0"&d!!Q`!!JS
-##J,mprcf!Ich!!!"r2B!!!)%AJ!#"&m%B!d%A`!$53!##J)+,2cer23%B3Vmp3!
-B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r23!!!B%B3!$r2-%BJ4M#[cc!!3
-+DfpME!d%BJ!"E3!!#JB+#Icb#[cb!!3+B@aTB3B%B`!$r2%%C!4P#[ca!!3+D@j
-cD!d%C!!#0!!!#J`+&2c`"'B+r2!!"!TMCQpX$34Q!!&[!!!+%!S6r1m,r1m!0$!
-!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*
-3BA4S"J4P!!2mlJ4Rr1d+r1i!"!TdEb!J$34R!!*Z!!!+&`SQ"'J%D3d%D!!#0!!
-!#Km+*[cX"'S+r1`!"!TQD@aP$34U!!&Y!!!+)JSP"'X-"'X!%!!+Eh"PER0cE(B
-ZD!!#!!!0"'N!!M3!!!SA#Krmk`4X#[cV!!3+BfC[E!d%E!!"E`!!#KX+([cU#rc
-U!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S"[cY!!!#"'!
-!!J4Y"'i0"'d!!dN!!JSY#PImkIcS"'m+r1N!'#jMEh*PBh*PE#SU+LS!!!!!!!#
-3!!"ZG@aX!IcS!!!'"'m!!rcR"(!%F3Vmj`!%#QY[Bf`0"(!!!@d!!!Sa#M6mjJV
-mjJ!%#Q&XD@%'"(%!!rcP"()%F`Vmj3!%#QPZFfJ0"()!!M3!!!Sh#Mrmj!4d#[c
-N!!3+BfC[E!d%G!!"E`!!#MX+2[cM#rcM!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4
-PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B%F`!$r1)%GIcK#[cL!!3
-+G'mJ)!d%G3!#EJ!!#N)+834f"(F0"(B!!M3!!!T+#P(mi!4i#[cJ!!3+CQPXC3d
-%H!!"E3!!#Nd+8!4j$!4j!!i!#(4YC'PQCLjS!!)!!!d%G`!#0!!!#N)+5[cI"(S
-+r0m!"!TMCQpX$34k!!&[!!!+4JT*r0i,r0i!*$!!%'0bHA"dEfC[E'4PFR"KG'J
-!%'0bHA"dEdC[E'4PFP"KG'J'r1%!!!)%EJ!#"(X%I!d%H`!#E!!##PJ+@2cGr0`
-"r0d!!!(mh!!!!J4m!!)%I34q$34p!!*X!!)+@!TBr0[mfJ(mf`!!!IcD!!!#"(i
-!!J4r")!0"(m!!dN!!JTB#S,mfIcB")%+r0N!'#jMEh*PBh*PE#SU+LS!!!!!!!#
-3!!"ZG@aX!IcB!!!'")%!!rcA"))%J`Vme`!%#QY[Bf`0"))!!@d!!!TF#PrmeJV
-meJ!%#Q&XD@%'")-!!rc9")3%K3Vme3!%#QPZFfJ0")3!!M3!!!TL#QVme!5'#[c
-8!!3+BfC[E!d%KJ!"E`!!#QB+DIc6#rc6!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4
-PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B%K3!$r0)%Krc4#[c5!!3
-+G'mJ)!d%K`!#EJ!!#Qd+I!5)")N0")J!!M3!!!Te#Rcmd!5+#[c3!!3+CQPXC3d
-%LJ!"E3!!#RJ+H`5,$!5,!!`!"Q9IEh-ZD!!#!!!0")N!!M3!!!TY#RAmc`5-#[c
-2!!3+BfC[E!d%M!!"E`!!#R%+G2c1#rc1!#B`!"&[F'9ZFh0XCQpXC'9bF'&dD!!
-4Eh"PER0cE%C[E'4PFP"KG'J'r0%!!!)%J!!#")d%MJd%M3!$53!##S-+VIc0r-`
-%M`Vmc3!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r-`!!!B%M`!$r-X%N!!
-%N3Vmb`!%#QY[Bf`0"*!!!!&Y!!!+K`U+r-S+r-S!"!TKE'PK"J54!!2mb355"*-
-+r-N!"!TTER0S$355!!)d!!!+M3U9r-J%P!Vmb!!%#Q0QEf`0"*3!!@m!!!U4#T6
-ma`[ma`!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9
-NC8C[E'4PFP"KG'J'"*-!!rc'"*Ama3VmaJ!%#R4[)#!0"*8!!Qi!!!UB#UF%PJ5
-A$35@!!)d!!!+S!URr-3%Q!Vma!!%#QCTE'80"*J!!@d!!!UM#UB%Q3`%Q3!0!!G
-PAfpc-LjS!!)!!!d%P`!#0!!!#TJ+S2c$"*S+r--!"!TMCQpX$35D!!&[!!!+R!U
-Ir-),r-)!*M!!%@p`C@jcFfaQEfaNCA*`BA4S!"&[F'9ZFh0X4QpXC'9b8'&dD!E
-ma3!!!J51!!)%Qrc"$35E!!*X!!)+VJUZr-$m[`(m`!!!!Ibr!!!#r-%!!!d!#3!
-"E3!!!!!!!3!I!Irq!!!#!!B!!J5F"*d0"*`!!Q`!!J!!!!$m[[bp!Ibq!!!"r,d
-!!!)%R3!#"*i%R`d%RJ!#E!!##V%+b!5Jr,`0"+!!!dN!!JUa#XMmZ`5K"+)+r,X
-!'#jcHA0[C'a[Cf&cDh)!!!!!!!!!!&4&@&30"+%!!@d!!!Ua#V3%S``%S`!'!!!
-!!J!!"J5L!!2mZJ5N"+8+r,S!"!TLG'jc$35N!!&+!!!+Y`Um"+B#"+B!!J5Rr,N
-0"+F!!@d!!!Uh#VS%U!`%U!!+!!4%EfjP!!)!!!,mZ3!!"J5P!!2mZ!5Tr,F+r,J
-!"!TRDACe$35T!!&Y!!!+[`V#r,B$r,B!"3EmY`!!!Ibm!!!#"*m!!J5Ur,80"+S
-!!Q`!!J!!!!$mY2bc!Ibd!!!"r,-!!!,mY3!!$J!#!!!2%!!$!",mXJ5V"+`%V35
-Z"+m%X!5a",)%X`5d",8%YJ5hr,(mX2b[r+i"r,)!!"!%U`!3r+hmV2bVr+VmUIb
-Sr+ImT[bPr+6mSrbLr+(mS2bIr*i+r+d!'#jKCACdEf&`F'jeE'`!!)!!!!#3!!!
-U+LSU#rbX!")`!!GdD'9`BA4S!!GdD'93BA4S#rbV!"``!!adD'9[E'4NC@aTEA-
-!$(4SC8pXC%4PE'PYF`[mUJ!J-!!1G'KPF(*[DQ9MG("KG'J!$R4SC9"bEfTPBh4
-3BA4S#rbT!"B`!!PdD'9YCA"KG'J!#A4SC8eP8'&dD![mU!!Q-!!4D@jME(9NC@C
-[E'4PFR"KG'J!%@PZBfaeC'9'EfaNCA*3BA4S#rbR!$3`!"K[F'9ZFh0XD@jME(9
-NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD![mTJ!N-!!3Bh*
-jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD![mT3!H-!!0Fh0XCQpXC'9
-bF'&dD!!0Fh0X4QpXC'9b8'&dD![mT!!Q-!!4Eh"PER0cE'C[E'4PFR"KG'J!%@p
-`C@jcFfa'EfaNCA*3BA4S#rbM!#i`!"9dD'9ZCAGQEfaNCA*bC@CPFQ9ZBf8!&A4
-SC8jPGdC[E'4PFP*PCQ9bC@jMC3[mSJ!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!Ib
-K!!!"r+!!!!(mR`!!!IbH!!!1"+`!"a$mR35ir*cmQ`5j",VmQJVmR3!B,Q&PGR4
-[BA"`ER9XE!!!J!!!!*!!!#SU+LS0",J!!@X!!!!!#XJ%Z`)%Z`!#!!8%[!)%[!!
-#"*lmQ3,mQ3!!!IbF!!!#r*X!!"!%Z3!!%!5k!)B!(rbBr*ImP[b9r*6mNrb5!#c
-mNIb3!2b2r)lmMIb-!%rmL`"D!&[mLJ"Nr)N!EIb)r)ImKJ#2r)AmK2b$r),mJIb
-!r(rmI[apr(cmH`#Tr(VmHIair(F![Iaf!-ImG3$8!1)!l!$j!3-"%!%D!5F"-3%
-q!8J"93&I!@`"GJ'$!Bd"QJ'N!E%"Z`()!G)"h`(T!IB#!!)0!KF#*!)Z!MX#43*
-5!P`#D3*c!S!#LJ+A!U%#VJ+m!XB#d`,G!ZS#p!-"!`X$'!-L!bm$130'!e!$A30
-R!h3$IJ1,!jN$S`1`!lS$a`24!pi$l!2f"!-%%`3K"#m%234,"&X%D`4j")X%Q35
-Mr(3%U2acr(,mF3VmQ!!%#Q0[BQS+r*F!'#jPBA*cCQCNFQ&XDA-!!!!!!!!J!'&
-QC()+r*B!"!TMG(Kd#rb9!")`!!GdD'9`BA4S!!GdD'93BA4S#[b8!!3+BA0MFJV
-mN`!%#R4iC'`,r*)!($!!$(4SC@pXC'4PE'PYF`!-G'KP6faN4'9XD@ec#[b4!!3
-+BfPdE32mN!$rr3[mM`!J-!!1G'KPF(*[DQ9MG("KG'J!$R4SC9"bEfTPBh43BA4
-S!rb1rri+r)d!"!T849K8#rb-!"B`!!PdD'9YCA"KG'J!#A4SC8eP8'&dD![mL`!
-Q-!!4D@jME(9NC@C[E'4PFR"KG'J!%@PZBfaeC'9'EfaNCA*3BA4S#rb+!$3`!"K
-[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&
-dD![mL3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD![mL!!
-H-!!0Fh0XCQpXC'9bF'&dD!!0Fh0X4QpXC'9b8'&dD![mK`!Q-!!4Eh"PER0cE'C
-[E'4PFR"KG'J!%@p`C@jcFfa'EfaNCA*3BA4S#[b'!!3+BfC[E!VmK3!B,QeTFf0
-cE'0d+LSU+J!!!!!!!*!!!#SU+LS+r)3!"!TcC@aP#[b$!"JZBfpbC@4PE'mU+LS
-U!!!!!!!!N!!!+LSU+J(mJJ!!![b"!!!+r)!!"!TVEf0X#[ar!!3+D@jcD!2mIJ!
-%#[ap!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!VmI!!%#R*cE(3,r(X!,M!
-!&A4SC@jPGfC[E'4PFR*PCQ9bC@jMC3!9G'KP6Q9h4QpXC'9b8Q9QCA*PEQ0P#[a
-k!!3+F'jKE3VmH3!%#Q&XD@%+r(J!"!TdEb!J#[ah!!3+CQPXC32mGJ!'#rae!"3
-`!!KdC@e`F'&dD!!)G'9YF&"KG'J+r(3!"!TLG'jc#[ac!!3+CfPfG32mFJ!&#[a
-a!"JZFhPcEf4XEfGKFfYb!!!!!!!!!!"849K8%IbD#XRJ%JUYi1%TDJ`!!LrM*N9
-4e%r&jLa&edrSaHBX4Nr%@qPF@eTVA&VU-NAE6m4Ek9aE@QYF@Z`bl5C&hNr,lbA
-Y*N9J!""2bf%!%59K!")Pl5C&B!!66mYK!"3Pl5C&B!!96mYK!"BPl5C&B!!A6m[
-Y*N9J!"K2amAQ,%C2&!!L+Q%!'9m!%#pK!"PK!"S[DJ`!'dmUB3!F,'S-!"eA!!K
-B!"i!(fK2+Q%!)'%!'@%!)5TK!"PI!"![B3!L$!!M6em!*%9J!#92A`!PDJ`!'dp
-K!#BUB3!F,'%!*ba'6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"R1,f%!+Q%!+bp
-K!#`-!#02A`!9B3!Y*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,Lp
-K!#TK!#m[B3!X$!!M6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3!
-`,f%!,!`!)dpI!"9K!$%P4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!
-Z,f%!+Q%!-LpK!#`-!#02A`!9B3!c*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!
-T+Q%!'9m!,LpK!#TK!$3[B3!X$!!M6em!&@%!059&B!!Z6bTK!#"K!#KK!#%UB3!
-CA`!6,f%!+5TK!"PI!#i[B3!UB3!f,f%!,!`!)dpI!"9K!$FP4@!!,NmUB3!JB3!
-SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!1#pK!#`-!#02A`!9B3!j*89J!#j
-2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!$S[B3!X$!!M6em!&@%
-!1b9&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3!m,f%!,!`
-!)dpI!"9K!$dP4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%
-!2LpK!#`-!#02A`!9B3!r*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m
-!,LpK!#TK!%![B3!X$!!M6em!&@%!359&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%
-!+5TK!"PI!#i[B3!UB3"#,f%!,!`!)dpI!"9K!%-P4@!!,NmUB3!JB3!SB3!K+Q%
-!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!4#pK!#`-!#02A`!9B3"&*89J!#j2+Q%!)'%
-!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!%B[B3!X$!!M6em!&@%!4b9&B!!
-Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"),f%!,!`!)dpI!"9
-K!%NP4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!5LpK!#`
--!#02A`!9B3",*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#T
-K!%`[B3!X$!!M6em!&@%!659&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"P
-I!#i[B3!UB3"1,f%!,!`!)dpI!"9K!%mP4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bp
-K!#NUB3!CA`!Z,f%!+Q%!8#pK!#`-!#02A`!9B3"4*89J!#j2+Q%!)'%!+'%!)5T
-K!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!&)[B3!X$!!M6em!&@%!8b9&B!!Z6bTK!#"
-K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"8,f%!,!`!)dpI!"9K!&8P4@!
-!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!9LpK!#`-!#02A`!
-9B3"A*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!&J[B3!
-X$!!M6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"C,f%!,!`!)dp
-I!"9K!&SP4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!@bp
-K!#`-!#02A`!9B3"F*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,Lp
-K!#TK!&d[B3!X$!!M6em!&@%!AL9&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5T
-K!"PI!#i[B3!UB3"I,f%!,!`!)dpI!"9K!'!P4@!!,NmUB3!JB3!SB3!K+Q%!'9m
-!%bpK!#NUB3!CA`!Z,f%!+Q%!B5pK!#`-!#02A`!9B3"L*89J!#j2+Q%!)'%!+'%
-!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!'-[B3!X$!!M6em!&@%!C#9&B!!Z6bT
-K!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"P,f%!,!`!)dpI!"9K!'B
-P4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!CbpK!#`-!#0
-2A`!9B3"S*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!'N
-[B3!X$!!M6em!&@%!DL9&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i
-[B3!UB3"V,f%!,!`!)dmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%
-!E#pK!#`-!#02A`!9B3"Y*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m
-!,LpK!#TK!'i[B3!X$!!M6em!&@%!Eb9&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%
-!+5TK!"PI!#i[B3!UB3"`,f%!,!`!)dpI!"9K!(%P4@!!,NmUB3!JB3!SB3!K+Q%
-!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!FLpK!#`-!#02+Q%!)'%!+'%!)5TK!"PI!"-
-[B3!T+Q%!'9m!,LpK!#TK!(-[B3!X$!!M6em!&@%!G#9&B!!Z6bTK!#"K!#KK!#%
-UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"e,f%!,!`!)dmUB3!JB3!SB3!K+Q%!'9m
-!%bpK!#NUB3!CA`!A,f%!+Q%!GLpK!#`-!#02+Q%!)'%!+'%!)5TK!"PI!"-[B3!
-T+Q%!'9m!&bpK!#TK!(F[B3!X$!!M6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"P
-I!"F[B3!UB3"i,f%!,!`!)dmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!A,f%
-!+Q%!H5pK!#`-!#02+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!&bpK!#TK!(S
-[B3!X$!!M6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!"8[B3!UB3"l,f%!,!`
-!)dmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!9,f%!+Q%!I#pK!#`-!#02+Q%
-!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!&5pK!#TK!(d[B3!X$!!M6bTK!#"K!#K
-K!#%UB3!CA`!6,f%!+5TK!"PI!"J[B3!UB3"q,f%!,!`!)dmUB3!JB3!SB3!K+Q%
-!'9m!%bpK!#NUB3!CA`!B,f%!+Q%!IbpK!#`-!#028&92B3#!B3#"B3##DhCK!)0
-K!)4K!#)-!)82$!5Y!&%!5deKBfPZG'pcD#")4$T%CA0VG'p`)%C[E'4PFMT*EQ0
-[E@PZCcT[F'9ZFh0X,90139!Y-6Nj16%b-6%k6@&M6e-kE@YXD@jVFbjKF`!#!!!
-1"+i!!J6mF!5p!ra`!!%1",d!!3!%[J`%[J!'!!!!!J!!$J5[!!)%r'm%[`2mE`!
-%$J5r!!3!"-!%`36#"---"-!!%J!-6@&MD@jdEh0S)%K%!!)!!!`%`3!8!!j%CA0
-VG'p`)%C[E'4PFJ!#!!!-"-)!$J!)5@jMEfeTEQF!!J!!$!6$!"X!&@p`C@jcFf`
-Y8dj"8#da16Nj-6)a-3!#!!!-",!!4J"!6@&MD@jdEh0S)%K%1N4PFfYdEh!J4Qp
-XC'9b1NPZBfpYD@jR1Qp`C@jcFf`Y8dj"8#da16Nj-6)a-6T0B@028`!#!!!-",%
-!5!"#6@&MD@jdEh0S)%K%1N4PFfYdEh!J4QpXC'9b1NPZBfpYD@jR1Qp`C@jcFf`
-Y8dj"8#da16Nj-6)a-6TTEQ0XG@4P!!)!!!`%XJ"3!%T0B@0TER4[FfJJ5%3k4'9
-cDh4[F#"'EfaNCA)k5@jMEfeTEQFkEh"PER0cE#e66N&3,6%j16Na-M%a1QPZBfa
-eC'8kEh"PER0cE!!#!!!-",-!4`""6@&MD@jdEh0S)%K%1N4PFfYdEh!J4QpXC'9
-b1NPZBfpYD@jR1Qp`C@jcFf`Y8dj"8#da16Nj-6)a-6TMFRP`G'm!!J!!$!5d!%3
-!2NeKBfPZG'pcD#")4$T%CA0VG'p`)%C[E'4PFMT*EQ0[E@PZCcT[F'9ZFh0X,90
-139!Y-6Nj16%b-6%kFh0X!!)!!!`%Y3"!!$T0B@0TER4[FfJJ5%3k4'9cDh4[F#"
-'EfaNCA)k5@jMEfeTEQFkEh"PER0cE#e66N&3,6%j16Na-M%a!!)!!!i%YJ!"&!6
-%$J6%!!-B"-AmEJ6'$J6&!!-B"-ImE36)$J6(!!-B"-RmE!6+$J6*!!-B!"rmD`6
-,#[aV!!3+BfC[E!`%b`!1!!K*EQ0[E@PZC`!#!!!+r'`!"!TMCQpX$!6+!"X!&@p
-`C@jcFf`Y8dj"8#da16Nj-6)a-3!#!!!+r'd!"!TMCQpX$!6)!!d!"fPZBfaeC'8
-!!J!!#[aZ!!3+BfC[E!`%aJ!9!!peER4TG'aPC#"QEfaNCA)!!J!!$!5h!%i!5%e
-KBfPZG'pcD#")4$T%CA0VG'p`)%C[E'4PFMT*EQ0[E@PZCcT[F'9ZFh0X,90139!
-Y-6Nj16%b-6%kBh*jF(4[1RJe-$Pf-`!#!!!"r,%!!!(mX!!!!Ib[!!!"r+i!!'&
-cBh)!!3!-qYlHV3!!!3!!!*G#!!#@3J!!!AB!!$-8-0J!!!!F!AB!$h0MFhS!!!#
-#6Np853!!!)jcBh"d!!!!QP4&@&3!!3#QFh4jE!!!!,j$6d4&!!%!bN*14%`!!!$
-LBA"XG!!!!1j'8N9'!!!!qNP$6L-!!!%'D@0X0!!!!4*TBh-M!!!"(QPMFc3!!!%
-UD'CNFJ!!!6C659T&!!!"3PG3Eh-!!!&1!!$rr`!!!!!!!!!!!)$rre!!!"i!!!!
-!!)$rr`!!"cJ#DH#m"'Mrr`!!!*S!!!!!%iRrr`!!"Pi!!!!!"'Mrr`!!!53!!!!
-!!!$rrb!!!9)!!!!!!!(rra3!!@i#DG`%!)$rr`!!!Pi#DH"X!!$rr`!!!Ri!!!!
-!!)$rr`!!!S-#DH"d!*Err`!!!Si!!!!!!*Err`!!!j)!!!!!!*Err`!!"CB#DH%
-i!*Err`!!"GS#DH%dkF$rr`!!"[`!!!!!rrrrr`!!"a)!!!!!!)$rr`!!"b!!!!!
-!*4S:
diff --git a/src/lib/libssl/src/MacOS/opensslconf.h b/src/lib/libssl/src/MacOS/opensslconf.h
deleted file mode 100644
index ad557cc06a..0000000000
--- a/src/lib/libssl/src/MacOS/opensslconf.h
+++ /dev/null
@@ -1,116 +0,0 @@
-/* MacOS/opensslconf.h */
-
-#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
-#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define OPENSSLDIR "/usr/local/ssl"
-#endif
-#endif
-
-#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
-#define IDEA_INT unsigned int
-#endif
-
-#if defined(HEADER_MD2_H) && !defined(MD2_INT)
-#define MD2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC2_H) && !defined(RC2_INT)
-/* I need to put in a mod for the alpha - eay */
-#define RC2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC4_H)
-#if !defined(RC4_INT)
-/* using int types make the structure larger but make the code faster
- * on most boxes I have tested - up to %20 faster. */
-/*
- * I don't know what does "most" mean, but declaring "int" is a must on:
- * - Intel P6 because partial register stalls are very expensive;
- * - elder Alpha because it lacks byte load/store instructions;
- */
-#define RC4_INT unsigned char
-#endif
-#if !defined(RC4_CHUNK)
-/*
- * This enables code handling data aligned at natural CPU word
- * boundary. See crypto/rc4/rc4_enc.c for further details.
- */
-#define RC4_CHUNK unsigned long
-#endif
-#endif
-
-#if defined(HEADER_DES_H) && !defined(DES_LONG)
-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
-#ifndef DES_LONG
-#define DES_LONG unsigned long
-#endif
-#endif
-
-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
-#define CONFIG_HEADER_BN_H
-#if __option(longlong)
-#  define BN_LLONG
-#else
-#  undef BN_LLONG
-#endif
-
-/* Should we define BN_DIV2W here? */
-
-/* Only one for the following should be defined */
-/* The prime number generation stuff may not work when
- * EIGHT_BIT but I don't care since I've only used this mode
- * for debuging the bignum libraries */
-#undef SIXTY_FOUR_BIT_LONG
-#undef SIXTY_FOUR_BIT
-#define THIRTY_TWO_BIT
-#undef SIXTEEN_BIT
-#undef EIGHT_BIT
-#endif
-
-#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
-#define CONFIG_HEADER_RC4_LOCL_H
-/* if this is defined data[i] is used instead of *data, this is a %20
- * speedup on x86 */
-#undef RC4_INDEX
-#endif
-
-#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
-#define CONFIG_HEADER_BF_LOCL_H
-#define BF_PTR
-#endif /* HEADER_BF_LOCL_H */
-
-#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
-#define CONFIG_HEADER_DES_LOCL_H
-/* the following is tweaked from a config script, that is why it is a
- * protected undef/define */
-#ifndef DES_PTR
-#define DES_PTR
-#endif
-
-/* This helps C compiler generate the correct code for multiple functional
- * units.  It reduces register dependancies at the expense of 2 more
- * registers */
-#ifndef DES_RISC1
-#define DES_RISC1
-#endif
-
-#ifndef DES_RISC2
-#undef DES_RISC2
-#endif
-
-#if defined(DES_RISC1) && defined(DES_RISC2)
-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
-#endif
-
-/* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
-#ifndef DES_UNROLL
-#define DES_UNROLL
-#endif
-
-#endif /* HEADER_DES_LOCL_H */
-
-#ifndef __POWERPC__
-#define MD32_XARRAY
-#endif
diff --git a/src/lib/libssl/src/Makefile b/src/lib/libssl/src/Makefile
index d5db11b417..4a40b701d9 100644
--- a/src/lib/libssl/src/Makefile
+++ b/src/lib/libssl/src/Makefile
@@ -4,7 +4,7 @@
 ## Makefile for OpenSSL
 ##
 
-VERSION=1.0.1c
+VERSION=1.0.1g
 MAJOR=1
 MINOR=0.1
 SHLIB_VERSION_NUMBER=1.0.0
@@ -71,7 +71,7 @@ RANLIB= /usr/bin/ranlib
 NM= nm
 PERL= /usr/bin/perl
 TAR= tar
-TARFLAGS= --no-recursion
+TARFLAGS= --no-recursion --record-size=10240
 MAKEDEPPROG=makedepend
 LIBDIR=lib
 
@@ -304,7 +304,8 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_premain_dso$(EXE_EXT)
                         FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \
                         export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \
                 fi; \
-                $(MAKE) -e SHLIBDIRS=crypto build-shared; \
+                $(MAKE) -e SHLIBDIRS=crypto  CC="$${CC:-$(CC)}" build-shared && \
+                (touch -c fips_premain_dso$(EXE_EXT) || :); \
         else \
                 echo "There's no support for shared libraries on this platform" >&2; \
                 exit 1; \
@@ -446,7 +447,7 @@ rehash.time: certs apps
                 [ -x "apps/openssl.exe" ] && OPENSSL="apps/openssl.exe" || :; \
                 OPENSSL_DEBUG_MEMORY=on; \
                 export OPENSSL OPENSSL_DEBUG_MEMORY; \
-                $(PERL) tools/c_rehash certs) && \
+                $(PERL) tools/c_rehash certs/demo) && \
                 touch rehash.time; \
         else :; fi
 
diff --git a/src/lib/libssl/src/Makefile.org b/src/lib/libssl/src/Makefile.org
index 55273ea364..c92806f920 100644
--- a/src/lib/libssl/src/Makefile.org
+++ b/src/lib/libssl/src/Makefile.org
@@ -69,7 +69,7 @@ RANLIB= ranlib
 NM= nm
 PERL= perl
 TAR= tar
-TARFLAGS= --no-recursion
+TARFLAGS= --no-recursion --record-size=10240
 MAKEDEPPROG=makedepend
 LIBDIR=lib
 
@@ -302,7 +302,8 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_premain_dso$(EXE_EXT)
                         FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \
                         export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \
                 fi; \
-                $(MAKE) -e SHLIBDIRS=crypto build-shared; \
+                $(MAKE) -e SHLIBDIRS=crypto  CC="$${CC:-$(CC)}" build-shared && \
+                (touch -c fips_premain_dso$(EXE_EXT) || :); \
         else \
                 echo "There's no support for shared libraries on this platform" >&2; \
                 exit 1; \
@@ -444,7 +445,7 @@ rehash.time: certs apps
                 [ -x "apps/openssl.exe" ] && OPENSSL="apps/openssl.exe" || :; \
                 OPENSSL_DEBUG_MEMORY=on; \
                 export OPENSSL OPENSSL_DEBUG_MEMORY; \
-                $(PERL) tools/c_rehash certs) && \
+                $(PERL) tools/c_rehash certs/demo) && \
                 touch rehash.time; \
         else :; fi
 
diff --git a/src/lib/libssl/src/NEWS b/src/lib/libssl/src/NEWS
index 4f069cbd14..ed486d146d 100644
--- a/src/lib/libssl/src/NEWS
+++ b/src/lib/libssl/src/NEWS
@@ -5,24 +5,49 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
-  Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c:
+  Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014]
+
+      o Fix for CVE-2014-0160
+      o Add TLS padding extension workaround for broken servers.
+      o Fix for CVE-2014-0076
+
+  Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014]
+
+      o Don't include gmt_unix_time in TLS server and client random values
+      o Fix for TLS record tampering bug CVE-2013-4353
+      o Fix for TLS version checking bug CVE-2013-6449
+      o Fix for DTLS retransmission bug CVE-2013-6450
+
+  Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e [11 Feb 2013]:
+
+      o Corrected fix for CVE-2013-0169
+
+  Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d [4 Feb 2013]:
+
+      o Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version.
+      o Include the fips configuration module.
+      o Fix OCSP bad key DoS attack CVE-2013-0166
+      o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
+      o Fix for TLS AESNI record handling flaw CVE-2012-2686
+
+  Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c [10 May 2012]:
 
       o Fix TLS/DTLS record length checking bug CVE-2012-2333
       o Don't attempt to use non-FIPS composite ciphers in FIPS mode.
 
-  Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b:
+  Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b [26 Apr 2012]:
 
       o Fix compilation error on non-x86 platforms.
       o Make FIPS capable OpenSSL ciphers work in non-FIPS mode.
       o Fix SSL_OP_NO_TLSv1_1 clash with SSL_OP_ALL in OpenSSL 1.0.0
 
-  Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a:
+  Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a [19 Apr 2012]:
 
       o Fix for ASN1 overflow bug CVE-2012-2110
       o Workarounds for some servers that hang on long client hellos.
       o Fix SEGV in AES code.
 
-  Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1:
+  Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1 [14 Mar 2012]:
 
       o TLS/DTLS heartbeat support.
       o SCTP support.
@@ -35,17 +60,30 @@
       o Preliminary FIPS capability for unvalidated 2.0 FIPS module.
       o SRP support.
 
-  Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h:
+  Major changes between OpenSSL 1.0.0j and OpenSSL 1.0.0k [5 Feb 2013]:
+
+      o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
+      o Fix OCSP bad key DoS attack CVE-2013-0166
+
+  Major changes between OpenSSL 1.0.0i and OpenSSL 1.0.0j [10 May 2012]:
+
+      o Fix DTLS record length checking bug CVE-2012-2333
+
+  Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.0i [19 Apr 2012]:
+
+      o Fix for ASN1 overflow bug CVE-2012-2110
+
+  Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012]:
 
       o Fix for CMS/PKCS#7 MMA CVE-2012-0884
       o Corrected fix for CVE-2011-4619
       o Various DTLS fixes.
 
-  Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g:
+  Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g [18 Jan 2012]:
 
       o Fix for DTLS DoS issue CVE-2012-0050
 
-  Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f:
+  Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f [4 Jan 2012]:
 
       o Fix for DTLS plaintext recovery attack CVE-2011-4108
       o Clear block padding bytes of SSL 3.0 records CVE-2011-4576
@@ -53,7 +91,7 @@
       o Check parameters are not NULL in GOST ENGINE CVE-2012-0027
       o Check for malformed RFC3779 data CVE-2011-4577
 
-  Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e:
+  Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e [6 Sep 2011]:
 
       o Fix for CRL vulnerability issue CVE-2011-3207
       o Fix for ECDH crashes CVE-2011-3210
@@ -61,11 +99,11 @@
       o Support ECDH ciphersuites for certificates using SHA2 algorithms.
       o Various DTLS fixes.
 
-  Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d:
+  Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d [8 Feb 2011]:
 
       o Fix for security issue CVE-2011-0014
 
-  Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c:
+  Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c [2 Dec 2010]:
 
       o Fix for security issue CVE-2010-4180
       o Fix for CVE-2010-4252
@@ -73,18 +111,18 @@
       o Fix various platform compilation issues.
       o Corrected fix for security issue CVE-2010-3864.
 
-  Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b:
+  Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b [16 Nov 2010]:
 
       o Fix for security issue CVE-2010-3864.
       o Fix for CVE-2010-2939
       o Fix WIN32 build system for GOST ENGINE.
 
-  Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a:
+  Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a [1 Jun 2010]:
 
       o Fix for security issue CVE-2010-1633.
       o GOST MAC and CFB fixes.
 
-  Major changes between OpenSSL 0.9.8n and OpenSSL 1.0.0:
+  Major changes between OpenSSL 0.9.8n and OpenSSL 1.0.0 [29 Mar 2010]:
 
       o RFC3280 path validation: sufficient to process PKITS tests.
       o Integrated support for PVK files and keyblobs.
@@ -107,20 +145,55 @@
       o Opaque PRF Input TLS extension support.
       o Updated time routines to avoid OS limitations.
 
-  Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r:
+  Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y [5 Feb 2013]:
+
+      o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
+      o Fix OCSP bad key DoS attack CVE-2013-0166
+
+  Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x [10 May 2012]:
+
+      o Fix DTLS record length checking bug CVE-2012-2333
+
+  Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w [23 Apr 2012]:
+
+      o Fix for CVE-2012-2131 (corrected fix for 0.9.8 and CVE-2012-2110)
+
+  Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v [19 Apr 2012]:
+
+      o Fix for ASN1 overflow bug CVE-2012-2110
+
+  Major changes between OpenSSL 0.9.8t and OpenSSL 0.9.8u [12 Mar 2012]:
+
+      o Fix for CMS/PKCS#7 MMA CVE-2012-0884
+      o Corrected fix for CVE-2011-4619
+      o Various DTLS fixes.
+
+  Major changes between OpenSSL 0.9.8s and OpenSSL 0.9.8t [18 Jan 2012]:
+
+      o Fix for DTLS DoS issue CVE-2012-0050
+
+  Major changes between OpenSSL 0.9.8r and OpenSSL 0.9.8s [4 Jan 2012]:
+
+      o Fix for DTLS plaintext recovery attack CVE-2011-4108
+      o Fix policy check double free error CVE-2011-4109
+      o Clear block padding bytes of SSL 3.0 records CVE-2011-4576
+      o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619
+      o Check for malformed RFC3779 data CVE-2011-4577
+
+  Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r [8 Feb 2011]:
 
       o Fix for security issue CVE-2011-0014
 
-  Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q:
+  Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q [2 Dec 2010]:
 
       o Fix for security issue CVE-2010-4180
       o Fix for CVE-2010-4252
 
-  Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p:
+  Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p [16 Nov 2010]:
 
       o Fix for security issue CVE-2010-3864.
 
-  Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o:
+  Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o [1 Jun 2010]:
 
       o Fix for security issue CVE-2010-0742.
       o Various DTLS fixes.
@@ -128,12 +201,12 @@
       o Fix for no-rc4 compilation.
       o Chil ENGINE unload workaround.
 
-  Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n:
+  Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010]:
 
       o CFB cipher definition fixes.
       o Fix security issues CVE-2010-0740 and CVE-2010-0433.
 
-  Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m:
+  Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m [25 Feb 2010]:
 
       o Cipher definition fixes.
       o Workaround for slow RAND_poll() on some WIN32 versions.
@@ -145,33 +218,33 @@
       o Ticket and SNI coexistence fixes.
       o Many fixes to DTLS handling. 
 
-  Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l:
+  Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l [5 Nov 2009]:
 
       o Temporary work around for CVE-2009-3555: disable renegotiation.
 
-  Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k:
+  Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k [25 Mar 2009]:
 
       o Fix various build issues.
       o Fix security issues (CVE-2009-0590, CVE-2009-0591, CVE-2009-0789)
 
-  Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j:
+  Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j [7 Jan 2009]:
 
       o Fix security issue (CVE-2008-5077)
       o Merge FIPS 140-2 branch code.
 
-  Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h:
+  Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h [28 May 2008]:
 
       o CryptoAPI ENGINE support.
       o Various precautionary measures.
       o Fix for bugs affecting certificate request creation.
       o Support for local machine keyset attribute in PKCS#12 files.
 
-  Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g:
+  Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g [19 Oct 2007]:
 
       o Backport of CMS functionality to 0.9.8.
       o Fixes for bugs introduced with 0.9.8f.
 
-  Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f:
+  Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f [11 Oct 2007]:
 
       o Add gcc 4.2 support.
       o Add support for AES and SSE2 assembly lanugauge optimization
@@ -182,23 +255,23 @@
       o RFC4507bis support.
       o TLS Extensions support.
 
-  Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e:
+  Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e [23 Feb 2007]:
 
       o Various ciphersuite selection fixes.
       o RFC3779 support.
 
-  Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d:
+  Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d [28 Sep 2006]:
 
       o Introduce limits to prevent malicious key DoS  (CVE-2006-2940)
       o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
       o Changes to ciphersuite selection algorithm
 
-  Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c:
+  Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c [5 Sep 2006]:
 
       o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
       o New cipher Camellia
 
-  Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b:
+  Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b [4 May 2006]:
 
       o Cipher string fixes.
       o Fixes for VC++ 2005.
@@ -208,12 +281,12 @@
       o Built in dynamic engine compilation support on Win32.
       o Fixes auto dynamic engine loading in Win32.
 
-  Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a:
+  Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a [11 Oct 2005]:
 
       o Fix potential SSL 2.0 rollback, CVE-2005-2969
       o Extended Windows CE support
 
-  Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8:
+  Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8 [5 Jul 2005]:
 
       o Major work on the BIGNUM library for higher efficiency and to
         make operations more streamlined and less contradictory.  This
@@ -287,36 +360,36 @@
       o Added initial support for Win64.
       o Added alternate pkg-config files.
 
-  Major changes between OpenSSL 0.9.7l and OpenSSL 0.9.7m:
+  Major changes between OpenSSL 0.9.7l and OpenSSL 0.9.7m [23 Feb 2007]:
 
       o FIPS 1.1.1 module linking.
       o Various ciphersuite selection fixes.
 
-  Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l:
+  Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l [28 Sep 2006]:
 
       o Introduce limits to prevent malicious key DoS  (CVE-2006-2940)
       o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
 
-  Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k:
+  Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k [5 Sep 2006]:
 
       o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
 
-  Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j:
+  Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j [4 May 2006]:
 
       o Visual C++ 2005 fixes.
       o Update Windows build system for FIPS.
 
-  Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i:
+  Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i [14 Oct 2005]:
 
       o Give EVP_MAX_MD_SIZE it's old value, except for a FIPS build.
 
-  Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h:
+  Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h [11 Oct 2005]:
 
       o Fix SSL 2.0 Rollback, CVE-2005-2969
       o Allow use of fixed-length exponent on DSA signing
       o Default fixed-window RSA, DSA, DH private-key operations
 
-  Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g:
+  Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g [11 Apr 2005]:
 
       o More compilation issues fixed.
       o Adaptation to more modern Kerberos API.
@@ -325,7 +398,7 @@
       o More constification.
       o Added processing of proxy certificates (RFC 3820).
 
-  Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f:
+  Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f [22 Mar 2005]:
 
       o Several compilation issues fixed.
       o Many memory allocation failure checks added.
@@ -333,12 +406,12 @@
       o Mandatory basic checks on certificates.
       o Performance improvements.
 
-  Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e:
+  Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e [25 Oct 2004]:
 
       o Fix race condition in CRL checking code.
       o Fixes to PKCS#7 (S/MIME) code.
 
-  Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d:
+  Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d [17 Mar 2004]:
 
       o Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug
       o Security: Fix null-pointer assignment in do_change_cipher_spec()
@@ -346,14 +419,14 @@
       o Multiple X509 verification fixes
       o Speed up HMAC and other operations
 
-  Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c:
+  Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c [30 Sep 2003]:
 
       o Security: fix various ASN1 parsing bugs.
       o New -ignore_err option to OCSP utility.
       o Various interop and bug fixes in S/MIME code.
       o SSL/TLS protocol fix for unrequested client certificates.
 
-  Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b:
+  Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b [10 Apr 2003]:
 
       o Security: counter the Klima-Pokorny-Rosa extension of
         Bleichbacher's attack 
@@ -364,7 +437,7 @@
       o ASN.1: treat domainComponent correctly.
       o Documentation: fixes and additions.
 
-  Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a:
+  Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a [19 Feb 2003]:
 
       o Security: Important security related bugfixes.
       o Enhanced compatibility with MIT Kerberos.
@@ -375,7 +448,7 @@
       o SSL/TLS: now handles manual certificate chain building.
       o SSL/TLS: certain session ID malfunctions corrected.
 
-  Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7:
+  Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7 [30 Dec 2002]:
 
       o New library section OCSP.
       o Complete rewrite of ASN1 code.
@@ -421,23 +494,23 @@
       o SSL/TLS: add callback to retrieve SSL/TLS messages.
       o SSL/TLS: support AES cipher suites (RFC3268).
 
-  Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k:
+  Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k [30 Sep 2003]:
 
       o Security: fix various ASN1 parsing bugs.
       o SSL/TLS protocol fix for unrequested client certificates.
 
-  Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j:
+  Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j [10 Apr 2003]:
 
       o Security: counter the Klima-Pokorny-Rosa extension of
         Bleichbacher's attack 
       o Security: make RSA blinding default.
       o Build: shared library support fixes.
 
-  Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i:
+  Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i [19 Feb 2003]:
 
       o Important security related bugfixes.
 
-  Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h:
+  Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h [5 Dec 2002]:
 
       o New configuration targets for Tandem OSS and A/UX.
       o New OIDs for Microsoft attributes.
@@ -451,25 +524,25 @@
       o Fixes for smaller building problems.
       o Updates of manuals, FAQ and other instructive documents.
 
-  Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g:
+  Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g [9 Aug 2002]:
 
       o Important building fixes on Unix.
 
-  Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f:
+  Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f [8 Aug 2002]:
 
       o Various important bugfixes.
 
-  Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e:
+  Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e [30 Jul 2002]:
 
       o Important security related bugfixes.
       o Various SSL/TLS library bugfixes.
 
-  Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d:
+  Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d [9 May 2002]:
 
       o Various SSL/TLS library bugfixes.
       o Fix DH parameter generation for 'non-standard' generators.
 
-  Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c:
+  Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c [21 Dec 2001]:
 
       o Various SSL/TLS library bugfixes.
       o BIGNUM library fixes.
@@ -482,7 +555,7 @@
         Broadcom and Cryptographic Appliance's keyserver
         [in 0.9.6c-engine release].
 
-  Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b:
+  Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b [9 Jul 2001]:
 
       o Security fix: PRNG improvements.
       o Security fix: RSA OAEP check.
@@ -499,7 +572,7 @@
       o Increase default size for BIO buffering filter.
       o Compatibility fixes in some scripts.
 
-  Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a:
+  Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a [5 Apr 2001]:
 
       o Security fix: change behavior of OpenSSL to avoid using
         environment variables when running as root.
@@ -524,7 +597,7 @@
       o New function BN_rand_range().
       o Add "-rand" option to openssl s_client and s_server.
 
-  Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6:
+  Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6 [10 Oct 2000]:
 
       o Some documentation for BIO and SSL libraries.
       o Enhanced chain verification using key identifiers.
@@ -539,7 +612,7 @@
     [1] The support for external crypto devices is currently a separate
         distribution.  See the file README.ENGINE.
 
-  Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a:
+  Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a [1 Apr 2000]:
 
       o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8 
       o Shared library support for HPUX and Solaris-gcc
@@ -548,7 +621,7 @@
       o New 'rand' application
       o New way to check for existence of algorithms from scripts
 
-  Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5:
+  Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5 [25 May 2000]:
 
       o S/MIME support in new 'smime' command
       o Documentation for the OpenSSL command line application
@@ -584,7 +657,7 @@
       o Enhanced support for Alpha Linux
       o Experimental MacOS support
 
-  Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4:
+  Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4 [9 Aug 1999]:
 
       o Transparent support for PKCS#8 format private keys: these are used
         by several software packages and are more secure than the standard
@@ -595,7 +668,7 @@
       o New pipe-like BIO that allows using the SSL library when actual I/O
         must be handled by the application (BIO pair)
 
-  Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3:
+  Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3 [24 May 1999]:
       o Lots of enhancements and cleanups to the Configuration mechanism
       o RSA OEAP related fixes
       o Added `openssl ca -revoke' option for revoking a certificate
@@ -609,7 +682,7 @@
       o Sparc assembler bignum implementation, optimized hash functions
       o Option to disable selected ciphers
 
-  Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b:
+  Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b [22 Mar 1999]:
       o Fixed a security hole related to session resumption
       o Fixed RSA encryption routines for the p < q case
       o "ALL" in cipher lists now means "everything except NULL ciphers"
@@ -631,7 +704,7 @@
       o Lots of memory leak fixes.
       o Lots of bug fixes.
 
-  Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c:
+  Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c [23 Dec 1998]:
       o Integration of the popular NO_RSA/NO_DSA patches
       o Initial support for compression inside the SSL record layer
       o Added BIO proxy and filtering functionality
diff --git a/src/lib/libssl/src/Netware/build.bat b/src/lib/libssl/src/Netware/build.bat
deleted file mode 100644
index 3125c2a487..0000000000
--- a/src/lib/libssl/src/Netware/build.bat
+++ /dev/null
@@ -1,235 +0,0 @@
-@echo off
-
-rem ========================================================================
-rem   Batch file to automate building OpenSSL for NetWare.
-rem
-rem   usage:
-rem      build [target] [debug opts] [assembly opts] [configure opts]
-rem
-rem      target        - "netware-clib" - CLib NetWare build (WinSock Sockets)
-rem                    - "netware-clib-bsdsock" - CLib NetWare build (BSD Sockets)
-rem                    - "netware-libc" - LibC NetWare build (WinSock Sockets)
-rem                    - "netware-libc-bsdsock" - LibC NetWare build (BSD Sockets)
-rem 
-rem      debug opts    - "debug"  - build debug
-rem
-rem      assembly opts - "nw-mwasm" - use Metrowerks assembler
-rem                    - "nw-nasm"  - use NASM assembler
-rem                    - "no-asm"   - don't use assembly
-rem
-rem      configure opts- all unrecognized arguments are passed to the
-rem                       perl configure script
-rem
-rem   If no arguments are specified the default is to build non-debug with
-rem   no assembly.  NOTE: there is no default BLD_TARGET.
-rem
-
-
-
-rem   No assembly is the default - Uncomment section below to change
-rem   the assembler default
-set ASM_MODE=
-set ASSEMBLER=
-set NO_ASM=no-asm
-
-rem   Uncomment to default to the Metrowerks assembler
-rem set ASM_MODE=nw-mwasm
-rem set ASSEMBLER=Metrowerks
-rem set NO_ASM=
-
-rem   Uncomment to default to the NASM assembler
-rem set ASM_MODE=nw-nasm
-rem set ASSEMBLER=NASM
-rem set NO_ASM=
-
-rem   No default Bld target
-set BLD_TARGET=no_target
-rem set BLD_TARGET=netware-clib
-rem set BLD_TARGET=netware-libc
-
-
-rem   Default to build non-debug
-set DEBUG=
-                                    
-rem   Uncomment to default to debug build
-rem set DEBUG=debug
-
-
-set CONFIG_OPTS=
-set ARG_PROCESSED=NO
-
-
-rem   Process command line args
-:opts
-if "a%1" == "a" goto endopt
-if "%1" == "no-asm"   set NO_ASM=no-asm
-if "%1" == "no-asm"   set ARG_PROCESSED=YES
-if "%1" == "debug"    set DEBUG=debug
-if "%1" == "debug"    set ARG_PROCESSED=YES
-if "%1" == "nw-nasm"  set ASM_MODE=nw-nasm
-if "%1" == "nw-nasm"  set ASSEMBLER=NASM
-if "%1" == "nw-nasm"  set NO_ASM=
-if "%1" == "nw-nasm"  set ARG_PROCESSED=YES
-if "%1" == "nw-mwasm" set ASM_MODE=nw-mwasm
-if "%1" == "nw-mwasm" set ASSEMBLER=Metrowerks
-if "%1" == "nw-mwasm" set NO_ASM=
-if "%1" == "nw-mwasm" set ARG_PROCESSED=YES
-if "%1" == "netware-clib" set BLD_TARGET=netware-clib
-if "%1" == "netware-clib" set ARG_PROCESSED=YES
-if "%1" == "netware-clib-bsdsock" set BLD_TARGET=netware-clib-bsdsock
-if "%1" == "netware-clib-bsdsock" set ARG_PROCESSED=YES
-if "%1" == "netware-libc" set BLD_TARGET=netware-libc
-if "%1" == "netware-libc" set ARG_PROCESSED=YES
-if "%1" == "netware-libc-bsdsock" set BLD_TARGET=netware-libc-bsdsock
-if "%1" == "netware-libc-bsdsock" set ARG_PROCESSED=YES
-
-rem   If we didn't recognize the argument, consider it an option for config
-if "%ARG_PROCESSED%" == "NO" set CONFIG_OPTS=%CONFIG_OPTS% %1
-if "%ARG_PROCESSED%" == "YES" set ARG_PROCESSED=NO
-
-shift
-goto opts
-:endopt
-
-rem make sure a valid BLD_TARGET was specified
-if "%BLD_TARGET%" == "no_target" goto no_target
-
-rem build the nlm make file name which includes target and debug info
-set NLM_MAKE=
-if "%BLD_TARGET%" == "netware-clib" set NLM_MAKE=netware\nlm_clib
-if "%BLD_TARGET%" == "netware-clib-bsdsock" set NLM_MAKE=netware\nlm_clib_bsdsock
-if "%BLD_TARGET%" == "netware-libc" set NLM_MAKE=netware\nlm_libc
-if "%BLD_TARGET%" == "netware-libc-bsdsock" set NLM_MAKE=netware\nlm_libc_bsdsock
-if "%DEBUG%" == "" set NLM_MAKE=%NLM_MAKE%.mak
-if "%DEBUG%" == "debug" set NLM_MAKE=%NLM_MAKE%_dbg.mak
-
-if "%NO_ASM%" == "no-asm" set ASM_MODE=
-if "%NO_ASM%" == "no-asm" set ASSEMBLER=
-if "%NO_ASM%" == "no-asm" set CONFIG_OPTS=%CONFIG_OPTS% no-asm
-if "%NO_ASM%" == "no-asm" goto do_config
-
-
-rem ==================================================
-echo Generating x86 for %ASSEMBLER% assembler
-
-echo Bignum
-cd crypto\bn\asm
-rem perl x86.pl %ASM_MODE% > bn-nw.asm
-perl bn-586.pl %ASM_MODE% > bn-nw.asm
-perl co-586.pl %ASM_MODE% > co-nw.asm
-cd ..\..\..
-
-echo AES
-cd crypto\aes\asm
-perl aes-586.pl %ASM_MODE% > a-nw.asm
-cd ..\..\..
-
-echo DES
-cd crypto\des\asm
-perl des-586.pl %ASM_MODE% > d-nw.asm
-cd ..\..\..
-
-echo "crypt(3)"
-
-cd crypto\des\asm
-perl crypt586.pl %ASM_MODE% > y-nw.asm
-cd ..\..\..
-
-echo Blowfish
-
-cd crypto\bf\asm
-perl bf-586.pl %ASM_MODE% > b-nw.asm
-cd ..\..\..
-
-echo CAST5
-cd crypto\cast\asm
-perl cast-586.pl %ASM_MODE% > c-nw.asm
-cd ..\..\..
-
-echo RC4
-cd crypto\rc4\asm
-perl rc4-586.pl %ASM_MODE% > r4-nw.asm
-cd ..\..\..
-
-echo MD5
-cd crypto\md5\asm
-perl md5-586.pl %ASM_MODE% > m5-nw.asm
-cd ..\..\..
-
-echo SHA1
-cd crypto\sha\asm
-perl sha1-586.pl %ASM_MODE% > s1-nw.asm
-perl sha256-586.pl %ASM_MODE% > sha256-nw.asm
-perl sha512-586.pl %ASM_MODE% > sha512-nw.asm
-cd ..\..\..
-
-echo RIPEMD160
-cd crypto\ripemd\asm
-perl rmd-586.pl %ASM_MODE% > rm-nw.asm
-cd ..\..\..
-
-echo RC5\32
-cd crypto\rc5\asm
-perl rc5-586.pl %ASM_MODE% > r5-nw.asm
-cd ..\..\..
-
-echo WHIRLPOOL
-cd crypto\whrlpool\asm
-perl wp-mmx.pl %ASM_MODE% > wp-nw.asm
-cd ..\..\..
-
-echo CPUID
-cd crypto
-perl x86cpuid.pl %ASM_MODE% > x86cpuid-nw.asm
-cd ..\
-
-rem ===============================================================
-rem
-:do_config
-
-echo .
-echo configure options: %CONFIG_OPTS% %BLD_TARGET%
-echo .
-perl configure %CONFIG_OPTS% %BLD_TARGET%
-
-perl util\mkfiles.pl >MINFO
-
-echo .
-echo mk1mf.pl options: %DEBUG% %ASM_MODE% %CONFIG_OPTS% %BLD_TARGET%
-echo .
-perl util\mk1mf.pl %DEBUG% %ASM_MODE% %CONFIG_OPTS% %BLD_TARGET% >%NLM_MAKE%
-
-make -f %NLM_MAKE% vclean
-echo .
-echo The makefile "%NLM_MAKE%" has been created use your maketool to
-echo build (ex: make -f %NLM_MAKE%)
-goto end
-
-rem ===============================================================
-rem
-:no_target
-echo .
-echo .  No build target specified!!!
-echo .
-echo .  usage: build [target] [debug opts] [assembly opts] [configure opts]
-echo .
-echo .     target        - "netware-clib" - CLib NetWare build (WinSock Sockets)
-echo .                   - "netware-clib-bsdsock" - CLib NetWare build (BSD Sockets)
-echo .                   - "netware-libc" - LibC NetWare build (WinSock Sockets)
-echo .                   - "netware-libc-bsdsock" - LibC NetWare build (BSD Sockets)
-echo .
-echo .     debug opts    - "debug"  - build debug
-echo .
-echo .     assembly opts - "nw-mwasm" - use Metrowerks assembler
-echo .                     "nw-nasm"  - use NASM assembler
-echo .                     "no-asm"   - don't use assembly
-echo .
-echo .     configure opts- all unrecognized arguments are passed to the
-echo .                      perl configure script
-echo .
-echo .  If no debug or assembly opts are specified the default is to build
-echo .  non-debug without assembly
-echo .
-
-        
-:end        
diff --git a/src/lib/libssl/src/Netware/cpy_tests.bat b/src/lib/libssl/src/Netware/cpy_tests.bat
deleted file mode 100644
index 1583f28067..0000000000
--- a/src/lib/libssl/src/Netware/cpy_tests.bat
+++ /dev/null
@@ -1,113 +0,0 @@
-@echo off
-
-rem   Batch file to copy OpenSSL stuff to a NetWare server for testing
-
-rem   This batch file will create an "opensssl" directory at the root of the
-rem   specified NetWare drive and copy the required files to run the tests.
-rem   It should be run from inside the "openssl\netware" subdirectory.
-
-rem   Usage:
-rem      cpy_tests.bat <test subdirectory> <NetWare drive>
-rem          <test subdirectory> - out_nw.dbg | out_nw
-rem          <NetWare drive> - any mapped drive letter
-rem
-rem      example ( copy from debug build to m: dirve ):
-rem              cpy_tests.bat out_nw.dbg m:
-rem
-rem      CAUTION:  If a directory named OpenSSL exists on the target drive
-rem                it will be deleted first.
-
-
-if "%1" == "" goto usage
-if "%2" == "" goto usage
-
-rem   Assume running in \openssl directory unless cpy_tests.bat exists then
-rem   it must be the \openssl\netware directory
-set loc=.
-if exist cpy_tests.bat set loc=..
-
-rem   make sure the local build subdirectory specified is valid
-if not exist %loc%\%1\NUL goto invalid_dir
-
-rem   make sure target drive is valid
-if not exist %2\NUL goto invalid_drive
-
-rem   If an OpenSSL directory exists on the target drive, remove it
-if exist %2\openssl\NUL goto remove_openssl
-goto do_copy
-
-:remove_openssl
-echo .
-echo OpenSSL directory exists on %2 - it will be removed!
-pause
-rmdir %2\openssl /s /q
-
-:do_copy
-rem   make an "openssl" directory and others at the root of the NetWare drive
-mkdir %2\openssl
-mkdir %2\openssl\test_out
-mkdir %2\openssl\apps
-mkdir %2\openssl\certs
-mkdir %2\openssl\test
-
-
-rem   copy the test nlms
-copy %loc%\%1\*.nlm %2\openssl\
-
-rem   copy the test perl script
-copy %loc%\netware\do_tests.pl %2\openssl\
-
-rem   copy the certs directory stuff
-xcopy %loc%\certs\*.*         %2\openssl\certs\ /s
-
-rem   copy the test directory stuff
-copy %loc%\test\CAss.cnf      %2\openssl\test\
-copy %loc%\test\Uss.cnf       %2\openssl\test\
-copy %loc%\test\pkcs7.pem     %2\openssl\test\
-copy %loc%\test\pkcs7-1.pem   %2\openssl\test\
-copy %loc%\test\testcrl.pem   %2\openssl\test\
-copy %loc%\test\testp7.pem    %2\openssl\test\
-copy %loc%\test\testreq2.pem  %2\openssl\test\
-copy %loc%\test\testrsa.pem   %2\openssl\test\
-copy %loc%\test\testsid.pem   %2\openssl\test\
-copy %loc%\test\testx509.pem  %2\openssl\test\
-copy %loc%\test\v3-cert1.pem  %2\openssl\test\
-copy %loc%\test\v3-cert2.pem  %2\openssl\test\
-copy %loc%\crypto\evp\evptests.txt %2\openssl\test\
-
-rem   copy the apps directory stuff
-copy %loc%\apps\client.pem    %2\openssl\apps\
-copy %loc%\apps\server.pem    %2\openssl\apps\
-copy %loc%\apps\openssl.cnf   %2\openssl\apps\
-
-echo .
-echo Tests copied
-echo Run the test script at the console by typing:
-echo     "Perl \openssl\do_tests.pl"
-echo .
-echo Make sure the Search path includes the OpenSSL subdirectory
-
-goto end
-
-:invalid_dir
-echo.
-echo Invalid build directory specified: %1
-echo.
-goto usage
-
-:invalid_drive
-echo.
-echo Invalid drive: %2
-echo.
-goto usage
-
-:usage
-echo.
-echo usage: cpy_tests.bat [test subdirectory] [NetWare drive]
-echo     [test subdirectory] - out_nw_clib.dbg, out_nw_libc.dbg, etc. 
-echo     [NetWare drive]     - any mapped drive letter
-echo.
-echo example: cpy_test out_nw_clib.dbg M:
-echo  (copy from clib debug build area to M: drive)
-
-:end
diff --git a/src/lib/libssl/src/Netware/do_tests.pl b/src/lib/libssl/src/Netware/do_tests.pl
deleted file mode 100644
index ac482dbe2b..0000000000
--- a/src/lib/libssl/src/Netware/do_tests.pl
+++ /dev/null
@@ -1,624 +0,0 @@
-# perl script to run OpenSSL tests
-
-
-my $base_path      = "\\openssl";
-
-my $output_path    = "$base_path\\test_out";
-my $cert_path      = "$base_path\\certs";
-my $test_path      = "$base_path\\test";
-my $app_path       = "$base_path\\apps";
-
-my $tmp_cert       = "$output_path\\cert.tmp";
-my $OpenSSL_config = "$app_path\\openssl.cnf";
-my $log_file       = "$output_path\\tests.log";
-
-my $pause = 0;
-
-
-#  process the command line args to see if they wanted us to pause
-#  between executing each command
-foreach $i (@ARGV)
-{
-   if ($i =~ /^-p$/)
-   { $pause=1; }
-}
-
-
-
-main();
-
-
-############################################################################
-sub main()
-{
-   # delete all the output files in the output directory
-   unlink <$output_path\\*.*>;
-
-   # open the main log file
-   open(OUT, ">$log_file") || die "unable to open $log_file\n";
-
-   print( OUT "========================================================\n");
-   my $outFile = "$output_path\\version.out";
-   system("openssl2 version (CLIB_OPT)/>$outFile");
-   log_output("CHECKING FOR OPENSSL VERSION:", $outFile);
-
-   algorithm_tests();
-   encryption_tests();
-   evp_tests();
-   pem_tests();
-   verify_tests();
-   ca_tests();
-   ssl_tests();
-
-   close(OUT);
-
-   print("\nCompleted running tests.\n\n");
-   print("Check log file for errors: $log_file\n");
-}
-
-############################################################################
-sub algorithm_tests
-{
-   my $i;
-   my $outFile;
-   my @tests = ( rsa_test, destest, ideatest, bftest, bntest, shatest, sha1test,
-                 sha256t, sha512t, dsatest, md2test, md4test, md5test, mdc2test,
-                 rc2test, rc4test, rc5test, randtest, rmdtest, dhtest, ecdhtest,
-                 ecdsatest, ectest, exptest, casttest, hmactest );
-
-   print( "\nRUNNING CRYPTO ALGORITHM TESTS:\n\n");
-
-   print( OUT "\n========================================================\n");
-   print( OUT "CRYPTO ALGORITHM TESTS:\n\n");
-
-   foreach $i (@tests)
-   {
-      if (-e "$base_path\\$i.nlm")
-      {
-         $outFile = "$output_path\\$i.out";
-         system("$i (CLIB_OPT)/>$outFile");
-         log_desc("Test: $i\.nlm:");
-         log_output("", $outFile );
-      }
-      else
-      {
-         log_desc("Test: $i\.nlm: file not found");
-      }
-   }
-}
-
-############################################################################
-sub encryption_tests
-{
-   my $i;
-   my $outFile;
-   my @enc_tests = ( "enc", "rc4", "des-cfb", "des-ede-cfb", "des-ede3-cfb",
-                     "des-ofb", "des-ede-ofb", "des-ede3-ofb",
-                     "des-ecb", "des-ede", "des-ede3", "des-cbc",
-                     "des-ede-cbc", "des-ede3-cbc", "idea-ecb", "idea-cfb",
-                     "idea-ofb", "idea-cbc", "rc2-ecb", "rc2-cfb",
-                     "rc2-ofb", "rc2-cbc", "bf-ecb", "bf-cfb",
-                     "bf-ofb", "bf-cbc" );
-
-   my $input = "$base_path\\do_tests.pl";
-   my $cipher = "$output_path\\cipher.out";
-   my $clear = "$output_path\\clear.out";
-
-   print( "\nRUNNING ENCRYPTION & DECRYPTION TESTS:\n\n");
-
-   print( OUT "\n========================================================\n");
-   print( OUT "FILE ENCRYPTION & DECRYPTION TESTS:\n\n");
-
-   foreach $i (@enc_tests)
-   {
-      log_desc("Testing: $i");
-
-      # do encryption
-      $outFile = "$output_path\\enc.out";
-      system("openssl2 $i -e -bufsize 113 -k test -in $input -out $cipher (CLIB_OPT)/>$outFile" );
-      log_output("Encrypting: $input --> $cipher", $outFile);
-
-      # do decryption
-      $outFile = "$output_path\\dec.out";
-      system("openssl2 $i -d -bufsize 157 -k test -in $cipher -out $clear (CLIB_OPT)/>$outFile");
-      log_output("Decrypting: $cipher --> $clear", $outFile);
-
-      # compare files
-      $x = compare_files( $input, $clear, 1);
-      if ( $x == 0 )
-      {
-         print( "\rSUCCESS - files match: $input, $clear\n");
-         print( OUT "SUCCESS - files match: $input, $clear\n");
-      }
-      else
-      {
-         print( "\rERROR: files don't match\n");
-         print( OUT "ERROR: files don't match\n");
-      }
-
-      do_wait();
-
-      # Now do the same encryption but use Base64
-
-      # do encryption B64
-      $outFile = "$output_path\\B64enc.out";
-      system("openssl2 $i -a -e -bufsize 113 -k test -in $input -out $cipher (CLIB_OPT)/>$outFile");
-      log_output("Encrypting(B64): $cipher --> $clear", $outFile);
-
-      # do decryption B64
-      $outFile = "$output_path\\B64dec.out";
-      system("openssl2 $i -a -d -bufsize 157 -k test -in $cipher -out $clear (CLIB_OPT)/>$outFile");
-      log_output("Decrypting(B64): $cipher --> $clear", $outFile);
-
-      # compare files
-      $x = compare_files( $input, $clear, 1);
-      if ( $x == 0 )
-      {
-         print( "\rSUCCESS - files match: $input, $clear\n");
-         print( OUT "SUCCESS - files match: $input, $clear\n");
-      }
-      else
-      {
-         print( "\rERROR: files don't match\n");
-         print( OUT "ERROR: files don't match\n");
-      }
-
-      do_wait();
-
-   } # end foreach
-
-   # delete the temporary files
-   unlink($cipher);
-   unlink($clear);
-}
-
-
-############################################################################
-sub pem_tests
-{
-   my $i;
-   my $tmp_out;
-   my $outFile = "$output_path\\pem.out";
-
-   my %pem_tests = (
-         "crl"      => "testcrl.pem",
-          "pkcs7"   => "testp7.pem",
-          "req"     => "testreq2.pem",
-          "rsa"     => "testrsa.pem",
-          "x509"    => "testx509.pem",
-          "x509"    => "v3-cert1.pem",
-          "sess_id" => "testsid.pem"  );
-
-
-   print( "\nRUNNING PEM TESTS:\n\n");
-
-   print( OUT "\n========================================================\n");
-   print( OUT "PEM TESTS:\n\n");
-
-   foreach $i (keys(%pem_tests))
-   {
-      log_desc( "Testing: $i");
-
-      my $input = "$test_path\\$pem_tests{$i}";
-
-      $tmp_out = "$output_path\\$pem_tests{$i}";
-
-      if ($i ne "req" )
-      {
-         system("openssl2 $i -in $input -out $tmp_out (CLIB_OPT)/>$outFile");
-         log_output( "openssl2 $i -in $input -out $tmp_out", $outFile);
-      }
-      else
-      {
-         system("openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config (CLIB_OPT)/>$outFile");
-         log_output( "openssl2 $i -in $input -out $tmp_out -config $OpenSSL_config", $outFile );
-      }
-
-      $x = compare_files( $input, $tmp_out);
-      if ( $x == 0 )
-      {
-         print( "\rSUCCESS - files match: $input, $tmp_out\n");
-         print( OUT "SUCCESS - files match: $input, $tmp_out\n");
-      }
-      else
-      {
-         print( "\rERROR: files don't match\n");
-         print( OUT "ERROR: files don't match\n");
-      }
-      do_wait();
-
-   } # end foreach
-}
-
-
-############################################################################
-sub verify_tests
-{
-   my $i;
-   my $outFile = "$output_path\\verify.out";
-
-   $cert_path =~ s/\\/\//g;
-   my @cert_files = <$cert_path/*.pem>;
-
-   print( "\nRUNNING VERIFY TESTS:\n\n");
-
-   print( OUT "\n========================================================\n");
-   print( OUT "VERIFY TESTS:\n\n");
-
-   make_tmp_cert_file();
-
-   foreach $i (@cert_files)
-   {
-      system("openssl2 verify -CAfile $tmp_cert $i (CLIB_OPT)/>$outFile");
-      log_desc("Verifying cert: $i");
-      log_output("openssl2 verify -CAfile $tmp_cert $i", $outFile);
-   }
-}
-
-
-############################################################################
-sub ssl_tests
-{
-   my $outFile = "$output_path\\ssl_tst.out";
-   my($CAcert) = "$output_path\\certCA.ss";
-   my($Ukey)   = "$output_path\\keyU.ss";
-   my($Ucert)  = "$output_path\\certU.ss";
-   my($ssltest)= "ssltest -key $Ukey -cert $Ucert -c_key $Ukey -c_cert $Ucert -CAfile $CAcert";
-
-   print( "\nRUNNING SSL TESTS:\n\n");
-
-   print( OUT "\n========================================================\n");
-   print( OUT "SSL TESTS:\n\n");
-
-   system("ssltest -ssl2 (CLIB_OPT)/>$outFile");
-   log_desc("Testing sslv2:");
-   log_output("ssltest -ssl2", $outFile);
-
-   system("$ssltest -ssl2 -server_auth (CLIB_OPT)/>$outFile");
-   log_desc("Testing sslv2 with server authentication:");
-   log_output("$ssltest -ssl2 -server_auth", $outFile);
-
-   system("$ssltest -ssl2 -client_auth (CLIB_OPT)/>$outFile");
-   log_desc("Testing sslv2 with client authentication:");
-   log_output("$ssltest -ssl2 -client_auth", $outFile);
-
-   system("$ssltest -ssl2 -server_auth -client_auth (CLIB_OPT)/>$outFile");
-   log_desc("Testing sslv2 with both client and server authentication:");
-   log_output("$ssltest -ssl2 -server_auth -client_auth", $outFile);
-
-   system("ssltest -ssl3 (CLIB_OPT)/>$outFile");
-   log_desc("Testing sslv3:");
-   log_output("ssltest -ssl3", $outFile);
-
-   system("$ssltest -ssl3 -server_auth (CLIB_OPT)/>$outFile");
-   log_desc("Testing sslv3 with server authentication:");
-   log_output("$ssltest -ssl3 -server_auth", $outFile);
-
-   system("$ssltest -ssl3 -client_auth (CLIB_OPT)/>$outFile");
-   log_desc("Testing sslv3 with client authentication:");
-   log_output("$ssltest -ssl3 -client_auth", $outFile);
-
-   system("$ssltest -ssl3 -server_auth -client_auth (CLIB_OPT)/>$outFile");
-   log_desc("Testing sslv3 with both client and server authentication:");
-   log_output("$ssltest -ssl3 -server_auth -client_auth", $outFile);
-
-   system("ssltest (CLIB_OPT)/>$outFile");
-   log_desc("Testing sslv2/sslv3:");
-   log_output("ssltest", $outFile);
-
-   system("$ssltest -server_auth (CLIB_OPT)/>$outFile");
-   log_desc("Testing sslv2/sslv3 with server authentication:");
-   log_output("$ssltest -server_auth", $outFile);
-
-   system("$ssltest -client_auth (CLIB_OPT)/>$outFile");
-   log_desc("Testing sslv2/sslv3 with client authentication:");
-   log_output("$ssltest -client_auth ", $outFile);
-
-   system("$ssltest -server_auth -client_auth (CLIB_OPT)/>$outFile");
-   log_desc("Testing sslv2/sslv3 with both client and server authentication:");
-   log_output("$ssltest -server_auth -client_auth", $outFile);
-
-   system("ssltest -bio_pair -ssl2 (CLIB_OPT)/>$outFile");
-   log_desc("Testing sslv2 via BIO pair:");
-   log_output("ssltest -bio_pair -ssl2", $outFile);
-
-   system("ssltest -bio_pair -dhe1024dsa -v (CLIB_OPT)/>$outFile");
-   log_desc("Testing sslv2/sslv3 with 1024 bit DHE via BIO pair:");
-   log_output("ssltest -bio_pair -dhe1024dsa -v", $outFile);
-
-   system("$ssltest -bio_pair -ssl2 -server_auth (CLIB_OPT)/>$outFile");
-   log_desc("Testing sslv2 with server authentication via BIO pair:");
-   log_output("$ssltest -bio_pair -ssl2 -server_auth", $outFile);
-
-   system("$ssltest -bio_pair -ssl2 -client_auth (CLIB_OPT)/>$outFile");
-   log_desc("Testing sslv2 with client authentication via BIO pair:");
-   log_output("$ssltest -bio_pair -ssl2 -client_auth", $outFile);
-
-   system("$ssltest -bio_pair -ssl2 -server_auth -client_auth (CLIB_OPT)/>$outFile");
-   log_desc("Testing sslv2 with both client and server authentication via BIO pair:");
-   log_output("$ssltest -bio_pair -ssl2 -server_auth -client_auth", $outFile);
-
-   system("ssltest -bio_pair -ssl3 (CLIB_OPT)/>$outFile");
-   log_desc("Testing sslv3 via BIO pair:");
-   log_output("ssltest -bio_pair -ssl3", $outFile);
-
-   system("$ssltest -bio_pair -ssl3 -server_auth (CLIB_OPT)/>$outFile");
-   log_desc("Testing sslv3 with server authentication via BIO pair:");
-   log_output("$ssltest -bio_pair -ssl3 -server_auth", $outFile);
-
-   system("$ssltest -bio_pair -ssl3 -client_auth (CLIB_OPT)/>$outFile");
-   log_desc("Testing sslv3 with client authentication  via BIO pair:");
-   log_output("$ssltest -bio_pair -ssl3 -client_auth", $outFile);
-
-   system("$ssltest -bio_pair -ssl3 -server_auth -client_auth (CLIB_OPT)/>$outFile");
-   log_desc("Testing sslv3 with both client and server authentication via BIO pair:");
-   log_output("$ssltest -bio_pair -ssl3 -server_auth -client_auth", $outFile);
-
-   system("ssltest -bio_pair (CLIB_OPT)/>$outFile");
-   log_desc("Testing sslv2/sslv3 via BIO pair:");
-   log_output("ssltest -bio_pair", $outFile);
-
-   system("$ssltest -bio_pair -server_auth (CLIB_OPT)/>$outFile");
-   log_desc("Testing sslv2/sslv3 with server authentication via BIO pair:");
-   log_output("$ssltest -bio_pair -server_auth", $outFile);
-
-   system("$ssltest -bio_pair -client_auth (CLIB_OPT)/>$outFile");
-   log_desc("Testing sslv2/sslv3 with client authentication via BIO pair:");
-   log_output("$ssltest -bio_pair -client_auth", $outFile);
-
-   system("$ssltest -bio_pair -server_auth -client_auth (CLIB_OPT)/>$outFile");
-   log_desc("Testing sslv2/sslv3 with both client and server authentication via BIO pair:");
-   log_output("$ssltest -bio_pair -server_auth -client_auth", $outFile);
-}
-
-
-############################################################################
-sub ca_tests
-{
-   my $outFile = "$output_path\\ca_tst.out";
-
-   my($CAkey)     = "$output_path\\keyCA.ss";
-   my($CAcert)    = "$output_path\\certCA.ss";
-   my($CAserial)  = "$output_path\\certCA.srl";
-   my($CAreq)     = "$output_path\\reqCA.ss";
-   my($CAreq2)    = "$output_path\\req2CA.ss";
-
-   my($CAconf)    = "$test_path\\CAss.cnf";
-
-   my($Uconf)     = "$test_path\\Uss.cnf";
-
-   my($Ukey)      = "$output_path\\keyU.ss";
-   my($Ureq)      = "$output_path\\reqU.ss";
-   my($Ucert)     = "$output_path\\certU.ss";
-
-   print( "\nRUNNING CA TESTS:\n\n");
-
-   print( OUT "\n========================================================\n");
-   print( OUT "CA TESTS:\n");
-
-   system("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new (CLIB_OPT)/>$outFile");
-   log_desc("Make a certificate request using req:");
-   log_output("openssl2 req -config $CAconf -out $CAreq -keyout $CAkey -new", $outFile);
-
-   system("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey (CLIB_OPT)/>$outFile");
-   log_desc("Convert the certificate request into a self signed certificate using x509:");
-   log_output("openssl2 x509 -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey", $outFile);
-
-   system("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 (CLIB_OPT)/>$outFile");
-   log_desc("Convert a certificate into a certificate request using 'x509':");
-   log_output("openssl2 x509 -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2", $outFile);
-
-   system("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout (CLIB_OPT)/>$outFile");
-   log_output("openssl2 req -config $OpenSSL_config -verify -in $CAreq -noout", $outFile);
-
-   system("openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout (CLIB_OPT)/>$outFile");
-   log_output( "openssl2 req -config $OpenSSL_config -verify -in $CAreq2 -noout", $outFile);
-
-   system("openssl2 verify -CAfile $CAcert $CAcert (CLIB_OPT)/>$outFile");
-   log_output("openssl2 verify -CAfile $CAcert $CAcert", $outFile);
-
-   system("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new (CLIB_OPT)/>$outFile");
-   log_desc("Make another certificate request using req:");
-   log_output("openssl2 req -config $Uconf -out $Ureq -keyout $Ukey -new", $outFile);
-
-   system("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial (CLIB_OPT)/>$outFile");
-   log_desc("Sign certificate request with the just created CA via x509:");
-   log_output("openssl2 x509 -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial", $outFile);
-
-   system("openssl2 verify -CAfile $CAcert $Ucert (CLIB_OPT)/>$outFile");
-   log_output("openssl2 verify -CAfile $CAcert $Ucert", $outFile);
-
-   system("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert (CLIB_OPT)/>$outFile");
-   log_desc("Certificate details");
-   log_output("openssl2 x509 -subject -issuer -startdate -enddate -noout -in $Ucert", $outFile);
-
-   print(OUT "--\n");
-   print(OUT "The generated CA certificate is $CAcert\n");
-   print(OUT "The generated CA private key is $CAkey\n");
-   print(OUT "The current CA signing serial number is in $CAserial\n");
-
-   print(OUT "The generated user certificate is $Ucert\n");
-   print(OUT "The generated user private key is $Ukey\n");
-   print(OUT "--\n");
-}
-
-############################################################################
-sub evp_tests
-{
-   my $i = 'evp_test';
-
-   print( "\nRUNNING EVP TESTS:\n\n");
-
-   print( OUT "\n========================================================\n");
-   print( OUT "EVP TESTS:\n\n");
-
-   if (-e "$base_path\\$i.nlm")
-   {
-       my $outFile = "$output_path\\$i.out";
-       system("$i $test_path\\evptests.txt (CLIB_OPT)/>$outFile");
-       log_desc("Test: $i\.nlm:");
-       log_output("", $outFile );
-   }
-   else
-   {
-       log_desc("Test: $i\.nlm: file not found");
-   }
-}
-
-############################################################################
-sub log_output( $ $ )
-{
-   my( $desc, $file ) = @_;
-   my($error) = 0;
-   my($key);
-   my($msg);
-
-   if ($desc)
-   {
-      print("\r$desc\n");
-      print(OUT "$desc\n");
-   }
-
-      # loop waiting for test program to complete
-   while ( stat($file) == 0)
-      { print(". "); sleep(1); }
-
-
-      # copy test output to log file
-   open(IN, "<$file");
-   while (<IN>)
-   {
-      print(OUT $_);
-      if ( $_ =~ /ERROR/ )
-      {
-         $error = 1;
-      }
-   }
-      # close and delete the temporary test output file
-   close(IN);
-   unlink($file);
-
-   if ( $error == 0 )
-   {
-      $msg = "Test Succeeded";
-   }
-   else
-   {
-      $msg = "Test Failed";
-   }
-
-   print(OUT "$msg\n");
-
-   if ($pause)
-   {
-      print("$msg - press ENTER to continue...");
-      $key = getc;
-      print("\n");
-   }
-
-      # Several of the testing scripts run a loop loading the
-      # same NLM with different options.
-      # On slow NetWare machines there appears to be some delay in the
-      # OS actually unloading the test nlms and the OS complains about.
-      # the NLM already being loaded.  This additional pause is to
-      # to help provide a little more time for unloading before trying to
-      # load again.
-   sleep(1);
-}
-
-
-############################################################################
-sub log_desc( $ )
-{
-   my( $desc ) = @_;
-
-   print("\n");
-   print("$desc\n");
-
-   print(OUT "\n");
-   print(OUT "$desc\n");
-   print(OUT "======================================\n");
-}
-
-############################################################################
-sub compare_files( $ $ $ )
-{
-   my( $file1, $file2, $binary ) = @_;
-   my( $n1, $n2, $b1, $b2 );
-   my($ret) = 1;
-
-   open(IN0, $file1) || die "\nunable to open $file1\n";
-   open(IN1, $file2) || die "\nunable to open $file2\n";
-
-  if ($binary)
-  {
-      binmode IN0;
-      binmode IN1;
-  }
-
-   for (;;)
-   {
-      $n1 = read(IN0, $b1, 512);
-      $n2 = read(IN1, $b2, 512);
-
-      if ($n1 != $n2) {last;}
-      if ($b1 != $b2) {last;}
-
-      if ($n1 == 0)
-      {
-         $ret = 0;
-         last;
-      }
-   }
-   close(IN0);
-   close(IN1);
-   return($ret);
-}
-
-############################################################################
-sub do_wait()
-{
-   my($key);
-
-   if ($pause)
-   {
-      print("Press ENTER to continue...");
-      $key = getc;
-      print("\n");
-   }
-}
-
-
-############################################################################
-sub make_tmp_cert_file()
-{
-   my @cert_files = <$cert_path/*.pem>;
-
-      # delete the file if it already exists
-   unlink($tmp_cert);
-
-   open( TMP_CERT, ">$tmp_cert") || die "\nunable to open $tmp_cert\n";
-
-   print("building temporary cert file\n");
-
-   # create a temporary cert file that contains all the certs
-   foreach $i (@cert_files)
-   {
-      open( IN_CERT, $i ) || die "\nunable to open $i\n";
-
-      for(;;)
-      {
-         $n = sysread(IN_CERT, $data, 1024);
-
-         if ($n == 0)
-         {
-            close(IN_CERT);
-            last;
-         };
-
-         syswrite(TMP_CERT, $data, $n);
-      }
-   }
-
-   close( TMP_CERT );
-}
diff --git a/src/lib/libssl/src/Netware/globals.txt b/src/lib/libssl/src/Netware/globals.txt
deleted file mode 100644
index fe05d390cf..0000000000
--- a/src/lib/libssl/src/Netware/globals.txt
+++ /dev/null
@@ -1,254 +0,0 @@
-An initial review of the OpenSSL code was done to determine how many 
-global variables where present.  The idea was to determine the amount of 
-work required to pull the globals into an instance data structure in 
-order to build a Library NLM for NetWare.  This file contains the results 
-of the review.  Each file is listed along with the globals in the file.  
-The initial review was done very quickly so this list is probably
-not a comprehensive list.
-
-
-cryptlib.c
-===========================================
-
-static STACK *app_locks=NULL;
-
-static STACK_OF(CRYPTO_dynlock) *dyn_locks=NULL;
-
-static void (MS_FAR *locking_callback)(int mode,int type,
-   const char *file,int line)=NULL;
-static int (MS_FAR *add_lock_callback)(int *pointer,int amount,
-   int type,const char *file,int line)=NULL;
-static unsigned long (MS_FAR *id_callback)(void)=NULL;
-static struct CRYPTO_dynlock_value *(MS_FAR *dynlock_create_callback)
-   (const char *file,int line)=NULL;
-static void (MS_FAR *dynlock_lock_callback)(int mode,
-   struct CRYPTO_dynlock_value *l, const char *file,int line)=NULL;
-static void (MS_FAR *dynlock_destroy_callback)(struct CRYPTO_dynlock_value *l,
-   const char *file,int line)=NULL;
-
-
-mem.c
-===========================================
-static int allow_customize = 1;      /* we provide flexible functions for */
-static int allow_customize_debug = 1;/* exchanging memory-related functions at
-
-/* may be changed as long as `allow_customize' is set */
-static void *(*malloc_locked_func)(size_t)  = malloc;
-static void (*free_locked_func)(void *)     = free;
-static void *(*malloc_func)(size_t)         = malloc;
-static void *(*realloc_func)(void *, size_t)= realloc;
-static void (*free_func)(void *)            = free;
-
-/* use default functions from mem_dbg.c */
-static void (*malloc_debug_func)(void *,int,const char *,int,int)
-   = CRYPTO_dbg_malloc;
-static void (*realloc_debug_func)(void *,void *,int,const char *,int,int)
-   = CRYPTO_dbg_realloc;
-static void (*free_debug_func)(void *,int) = CRYPTO_dbg_free;
-static void (*set_debug_options_func)(long) = CRYPTO_dbg_set_options;
-static long (*get_debug_options_func)(void) = CRYPTO_dbg_get_options;
-
-
-mem_dbg.c
-===========================================
-static int mh_mode=CRYPTO_MEM_CHECK_OFF;
-static unsigned long order = 0; /* number of memory requests */
-static LHASH *mh=NULL; /* hash-table of memory requests (address as key) */
-
-static LHASH *amih=NULL; /* hash-table with those app_mem_info_st's */
-static long options =             /* extra information to be recorded */
-static unsigned long disabling_thread = 0;
-
-
-err.c
-===========================================
-static LHASH *error_hash=NULL;
-static LHASH *thread_hash=NULL;
-
-several files have routines with static "init" to track if error strings
-   have been loaded ( may not want seperate error strings for each process )
-   The "init" variable can't be left "global" because the error has is a ptr
-   that is malloc'ed.  The malloc'ed error has is dependant on the "init"
-   vars.
-
-   files:
-      pem_err.c
-      cpt_err.c
-      pk12err.c
-      asn1_err.c
-      bio_err.c
-      bn_err.c
-      buf_err.c
-      comp_err.c
-      conf_err.c
-      cpt_err.c
-      dh_err.c
-      dsa_err.c
-      dso_err.c
-      evp_err.c
-      obj_err.c
-      pkcs7err.c
-      rand_err.c
-      rsa_err.c
-      rsar_err.c
-      ssl_err.c
-      x509_err.c
-      v3err.c
-                err.c
-
-These file have similar "init" globals but they are for other stuff not
-error strings:
-
-                bn_lib.c
-                ecc_enc.c
-                s23_clnt.c
-                s23_meth.c
-                s23_srvr.c
-                s2_clnt.c
-                s2_lib.c
-                s2_meth.c
-                s2_srvr.c
-                s3_clnt.c
-                s3_lib.c
-                s3_srvr.c
-                t1_clnt.c
-                t1_meth.c
-                t1_srvr.c
-
-rand_lib.c
-===========================================
-static RAND_METHOD *rand_meth= &rand_ssleay_meth;
-
-md_rand.c
-===========================================
-static int state_num=0,state_index=0;
-static unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH];
-static unsigned char md[MD_DIGEST_LENGTH];
-static long md_count[2]={0,0};
-static double entropy=0;
-static int initialized=0;
-
-/* This should be set to 1 only when ssleay_rand_add() is called inside
-   an already locked state, so it doesn't try to lock and thereby cause
-   a hang.  And it should always be reset back to 0 before unlocking. */
-static int add_do_not_lock=0;
-
-obj_dat.c
-============================================
-static int new_nid=NUM_NID;
-static LHASH *added=NULL;
-
-b_sock.c
-===========================================
-static unsigned long BIO_ghbn_hits=0L;
-static unsigned long BIO_ghbn_miss=0L;
-static struct ghbn_cache_st
-   {
-   char name[129];
-   struct hostent *ent;
-   unsigned long order;
-   } ghbn_cache[GHBN_NUM];
-
-static int wsa_init_done=0;
-
-
-bio_lib.c
-===========================================
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *bio_meth=NULL;
-static int bio_meth_num=0;
-
-
-bn_lib.c
-========================================
-static int bn_limit_bits=0;
-static int bn_limit_num=8;        /* (1<<bn_limit_bits) */
-static int bn_limit_bits_low=0;
-static int bn_limit_num_low=8;    /* (1<<bn_limit_bits_low) */
-static int bn_limit_bits_high=0;
-static int bn_limit_num_high=8;   /* (1<<bn_limit_bits_high) */
-static int bn_limit_bits_mont=0;
-static int bn_limit_num_mont=8;   /* (1<<bn_limit_bits_mont) */
-
-conf_lib.c
-========================================
-static CONF_METHOD *default_CONF_method=NULL;
-
-dh_lib.c
-========================================
-static DH_METHOD *default_DH_method;
-static int dh_meth_num = 0;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dh_meth = NULL;
-
-dsa_lib.c
-========================================
-static DSA_METHOD *default_DSA_method;
-static int dsa_meth_num = 0;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dsa_meth = NULL;
-
-dso_lib.c
-========================================
-static DSO_METHOD *default_DSO_meth = NULL;
-
-rsa_lib.c
-========================================
-static RSA_METHOD *default_RSA_meth=NULL;
-static int rsa_meth_num=0;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *rsa_meth=NULL;
-
-x509_trs.c
-=======================================
-static int (*default_trust)(int id, X509 *x, int flags) = obj_trust;
-static STACK_OF(X509_TRUST) *trtable = NULL;
-
-x509_req.c
-=======================================
-static int *ext_nids = ext_nid_list;
-
-o_names.c
-======================================
-static LHASH *names_lh=NULL;
-static STACK_OF(NAME_FUNCS) *name_funcs_stack;
-static int free_type;
-static int names_type_num=OBJ_NAME_TYPE_NUM;
-
-
-th-lock.c - NEED to add support for locking for NetWare
-==============================================
-static long *lock_count;
-(other platform specific globals)
-
-x_x509.c
-==============================================
-static int x509_meth_num = 0;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_meth = NULL;
-
-
-evp_pbe.c
-============================================
-static STACK *pbe_algs;
-
-evp_key.c
-============================================
-static char prompt_string[80];
-
-ssl_ciph.c
-============================================
-static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
-
-ssl_lib.c
-=============================================
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_meth=NULL;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_ctx_meth=NULL;
-static int ssl_meth_num=0;
-static int ssl_ctx_meth_num=0;
-
-ssl_sess.c
-=============================================
-static int ssl_session_num=0;
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *ssl_session_meth=NULL;
-
-x509_vfy.c
-============================================
-static STACK_OF(CRYPTO_EX_DATA_FUNCS) *x509_store_ctx_method=NULL;
-static int x509_store_ctx_num=0;
-
diff --git a/src/lib/libssl/src/Netware/readme.txt b/src/lib/libssl/src/Netware/readme.txt
deleted file mode 100644
index a5b5faae33..0000000000
--- a/src/lib/libssl/src/Netware/readme.txt
+++ /dev/null
@@ -1,19 +0,0 @@
-
-Contents of the openssl\netware directory
-==========================================
-
-Regular files:
-
-readme.txt     - this file
-do_tests.pl    - perl script used to run the OpenSSL tests on NetWare
-cpy_tests.bat  - batch to to copy test stuff to NetWare server
-build.bat      - batch file to help with builds
-set_env.bat    - batch file to help setup build environments
-globals.txt    - results of initial code review to identify OpenSSL global variables
-
-
-The following files are generated by the various scripts.  They are
-recreated each time and it is okay to delete them.
-
-*.def - command files used by Metrowerks linker
-*.mak - make files generated by mk1mf.pl
diff --git a/src/lib/libssl/src/Netware/set_env.bat b/src/lib/libssl/src/Netware/set_env.bat
deleted file mode 100644
index ace024e529..0000000000
--- a/src/lib/libssl/src/Netware/set_env.bat
+++ /dev/null
@@ -1,112 +0,0 @@
-@echo off
-
-rem ========================================================================
-rem   Batch file to assist in setting up the necessary enviroment for
-rem   building OpenSSL for NetWare.
-rem
-rem   usage:
-rem      set_env [target]
-rem
-rem      target      - "netware-clib" - Clib build
-rem                  - "netware-libc" - LibC build
-rem
-rem
-
-if "a%1" == "a" goto usage
-               
-set LIBC_BUILD=
-set CLIB_BUILD=
-set GNUC=
-
-if "%1" == "netware-clib" set CLIB_BUILD=Y
-if "%1" == "netware-clib" set LIBC_BUILD=
-
-if "%1" == "netware-libc" set LIBC_BUILD=Y
-if "%1" == "netware-libc" set CLIB_BUILD=
-
-if "%2" == "gnuc" set GNUC=Y
-if "%2" == "codewarrior" set GNUC=
-
-rem   Location of tools (compiler, linker, etc)
-if "%NDKBASE%" == "" set NDKBASE=c:\Novell
-
-rem   If Perl for Win32 is not already in your path, add it here
-set PERL_PATH=
-
-rem   Define path to the Metrowerks command line tools
-rem   or GNU Crosscompiler gcc / nlmconv
-rem   ( compiler, assembler, linker)
-if "%GNUC%" == "Y" set COMPILER_PATH=c:\usr\i586-netware\bin;c:\usr\bin
-if "%GNUC%" == "" set COMPILER_PATH=c:\prg\cwcmdl40
-
-rem   If using gnu make define path to utility
-rem set GNU_MAKE_PATH=%NDKBASE%\gnu
-set GNU_MAKE_PATH=c:\prg\tools
-
-rem   If using ms nmake define path to nmake
-rem set MS_NMAKE_PATH=%NDKBASE%\msvc\600\bin
-
-rem   If using NASM assembler define path
-rem set NASM_PATH=%NDKBASE%\nasm
-set NASM_PATH=c:\prg\tools
-
-rem   Update path to include tool paths
-set path=%path%;%COMPILER_PATH%
-if not "%GNU_MAKE_PATH%" == "" set path=%path%;%GNU_MAKE_PATH%
-if not "%MS_NMAKE_PATH%" == "" set path=%path%;%MS_NMAKE_PATH%
-if not "%NASM_PATH%"     == "" set path=%path%;%NASM_PATH%
-if not "%PERL_PATH%"     == "" set path=%path%;%PERL_PATH%
-
-rem   Set INCLUDES to location of Novell NDK includes
-if "%LIBC_BUILD%" == "Y" set INCLUDE=%NDKBASE%\ndk\libc\include;%NDKBASE%\ndk\libc\include\winsock
-if "%CLIB_BUILD%" == "Y" set INCLUDE=%NDKBASE%\ndk\nwsdk\include\nlm;%NDKBASE%\ws295sdk\include
-
-rem   Set Imports to location of Novell NDK import files
-if "%LIBC_BUILD%" == "Y" set IMPORTS=%NDKBASE%\ndk\libc\imports
-if "%CLIB_BUILD%" == "Y" set IMPORTS=%NDKBASE%\ndk\nwsdk\imports
-
-rem   Set PRELUDE to the absolute path of the prelude object to link with in
-rem   the Metrowerks NetWare PDK - NOTE: for Clib builds "clibpre.o" is 
-rem   recommended, for LibC NKS builds libcpre.o must be used
-if "%GNUC%" == "Y" goto gnuc
-if "%LIBC_BUILD%" == "Y" set PRELUDE=%IMPORTS%\libcpre.o
-rem if "%CLIB_BUILD%" == "Y" set PRELUDE=%IMPORTS%\clibpre.o
-if "%CLIB_BUILD%" == "Y" set PRELUDE=%IMPORTS%\prelude.o
-echo using MetroWerks CodeWarrior 
-goto info
-
-:gnuc
-if "%LIBC_BUILD%" == "Y" set PRELUDE=%IMPORTS%\libcpre.gcc.o
-rem if "%CLIB_BUILD%" == "Y" set PRELUDE=%IMPORTS%\clibpre.gcc.o
-if "%CLIB_BUILD%" == "Y" set PRELUDE=%IMPORTS%\prelude.gcc.o
-echo using GNU GCC Compiler 
-
-:info
-echo.
-
-if "%LIBC_BUILD%" == "Y" echo Enviroment configured for LibC build
-if "%LIBC_BUILD%" == "Y" echo use "netware\build.bat netware-libc ..." 
-
-if "%CLIB_BUILD%" == "Y" echo Enviroment configured for CLib build
-if "%CLIB_BUILD%" == "Y" echo use "netware\build.bat netware-clib ..." 
-
-goto end
-
-:usage
-rem ===============================================================
-echo.
-echo No target build specified!
-echo.
-echo usage: set_env [target] [compiler]
-echo.
-echo target      - "netware-clib" - Clib build
-echo             - "netware-libc" - LibC build
-echo.
-echo compiler    - "gnuc"         - GNU GCC Compiler
-echo             - "codewarrior"  - MetroWerks CodeWarrior (default)
-echo.
-
-:end
-echo.
-
-
diff --git a/src/lib/libssl/src/PROBLEMS b/src/lib/libssl/src/PROBLEMS
index d247470f06..3eaab01f2c 100644
--- a/src/lib/libssl/src/PROBLEMS
+++ b/src/lib/libssl/src/PROBLEMS
@@ -197,3 +197,17 @@ reconfigure with additional no-sse2 [or 386] option passed to ./config.
 We don't have framework to associate -ldl with no-dso, therefore the only
 way is to edit Makefile right after ./config no-dso and remove -ldl from
 EX_LIBS line.
+
+* hpux-parisc2-cc no-asm build fails with SEGV in ECDSA/DH.
+
+Compiler bug, presumably at particular patch level. Remaining
+hpux*-parisc*-cc configurations can be affected too. Drop optimization
+level to +O2 when compiling bn_nist.o.
+
+* solaris64-sparcv9-cc link failure
+
+Solaris 8 ar can fail to maintain symbol table in .a, which results in
+link failures. Apply 109147-09 or later or modify Makefile generated
+by ./Configure solaris64-sparcv9-cc and replace RANLIB assignment with
+
+        RANLIB= /usr/ccs/bin/ar rs
diff --git a/src/lib/libssl/src/README b/src/lib/libssl/src/README
index de51583a6f..10b74d19d2 100644
--- a/src/lib/libssl/src/README
+++ b/src/lib/libssl/src/README
@@ -1,5 +1,5 @@
 
- OpenSSL 1.0.1c 10 May 2012
+ OpenSSL 1.0.1g 7 Apr 2014
 
  Copyright (c) 1998-2011 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
@@ -190,7 +190,7 @@
  reason as to why that feature isn't implemented.
 
  Patches should be as up to date as possible, preferably relative to the
- current CVS or the last snapshot. They should follow the coding style of
+ current Git or the last snapshot. They should follow the coding style of
  OpenSSL and compile without warnings. Some of the core team developer targets
  can be used for testing purposes, (debug-steve64, debug-geoff etc). OpenSSL
  compiles on many varied platforms: try to ensure you only use portable
diff --git a/src/lib/libssl/src/VMS/TODO b/src/lib/libssl/src/VMS/TODO
deleted file mode 100644
index 359e069191..0000000000
--- a/src/lib/libssl/src/VMS/TODO
+++ /dev/null
@@ -1,18 +0,0 @@
-TODO:
-=====
-
-There are a few things that need to be worked out in the VMS version of
-OpenSSL, still:
-
-- Description files. ("Makefile's" :-))
-- Script code to link an already compiled build tree.
-- A VMSINSTALlable version (way in the future, unless someone else hacks).
-- shareable images (DLL for you Windows folks).
-
-There may be other things that I have missed and that may be desirable.
-Please send mail to <openssl-users@openssl.org> or to me directly if you
-have any ideas.
-
---
-Richard Levitte <richard@levitte.org>
-1999-05-24
diff --git a/src/lib/libssl/src/VMS/VMSify-conf.pl b/src/lib/libssl/src/VMS/VMSify-conf.pl
deleted file mode 100644
index d3be6a29e7..0000000000
--- a/src/lib/libssl/src/VMS/VMSify-conf.pl
+++ /dev/null
@@ -1,34 +0,0 @@
-#! /usr/bin/perl
-
-use strict;
-use warnings;
-
-my @directory_vars = ( "dir", "certs", "crl_dir", "new_certs_dir" );
-my @file_vars = ( "database", "certificate", "serial", "crlnumber",
-                  "crl", "private_key", "RANDFILE" );
-while(<STDIN>) {
-    chomp;
-    foreach my $d (@directory_vars) {
-        if (/^(\s*\#?\s*${d}\s*=\s*)\.\/([^\s\#]*)([\s\#].*)$/) {
-            $_ = "$1sys\\\$disk:\[.$2$3";
-        } elsif (/^(\s*\#?\s*${d}\s*=\s*)(\w[^\s\#]*)([\s\#].*)$/) {
-            $_ = "$1sys\\\$disk:\[.$2$3";
-        }
-        s/^(\s*\#?\s*${d}\s*=\s*\$\w+)\/([^\s\#]*)([\s\#].*)$/$1.$2\]$3/;
-        while(/^(\s*\#?\s*${d}\s*=\s*(\$\w+\.|sys\\\$disk:\[\.)[\w\.]+)\/([^\]]*)\](.*)$/) {
-            $_ = "$1.$3]$4";
-        }
-    }
-    foreach my $f (@file_vars) {
-        s/^(\s*\#?\s*${f}\s*=\s*)\.\/(.*)$/$1sys\\\$disk:\[\/$2/;
-        while(/^(\s*\#?\s*${f}\s*=\s*(\$\w+|sys\\\$disk:\[)[^\/]*)\/(\w+\/[^\s\#]*)([\s\#].*)$/) {
-            $_ = "$1.$3$4";
-        }
-        if (/^(\s*\#?\s*${f}\s*=\s*(\$\w+|sys\\\$disk:\[)[^\/]*)\/(\w+)([\s\#].*)$/) {
-            $_ = "$1]$3.$4";
-        } elsif  (/^(\s*\#?\s*${f}\s*=\s*(\$\w+|sys\\\$disk:\[)[^\/]*)\/([^\s\#]*)([\s\#].*)$/) {
-            $_ = "$1]$3$4";
-        }
-   }
-    print $_,"\n";
-}
diff --git a/src/lib/libssl/src/VMS/WISHLIST.TXT b/src/lib/libssl/src/VMS/WISHLIST.TXT
deleted file mode 100644
index c151fc8ea7..0000000000
--- a/src/lib/libssl/src/VMS/WISHLIST.TXT
+++ /dev/null
@@ -1,4 +0,0 @@
-* Have the building procedure contain a LINK-only possibility.
-  Wished by Mark Daniel <mark.daniel@dsto.defence.gov.au>
-
-  One way to enable that is also to go over to DESCRIP.MMS files.
diff --git a/src/lib/libssl/src/VMS/install-vms.com b/src/lib/libssl/src/VMS/install-vms.com
deleted file mode 100755
index 7da8b2153b..0000000000
--- a/src/lib/libssl/src/VMS/install-vms.com
+++ /dev/null
@@ -1,67 +0,0 @@
-$! install-vms.com -- Installs the files in a given directory tree
-$!
-$! Author: Richard Levitte <richard@levitte.org>
-$! Time of creation: 23-MAY-1998 19:22
-$!
-$! P1   root of the directory tree
-$!
-$!
-$! Announce/identify.
-$!
-$ proc = f$environment( "procedure")
-$ write sys$output "@@@ "+ -
-   f$parse( proc, , , "name")+ f$parse( proc, , , "type")
-$!
-$ on error then goto tidy
-$ on control_c then goto tidy
-$!
-$ if p1 .eqs. ""
-$ then
-$   write sys$output "First argument missing."
-$   write sys$output -
-     "Should be the directory where you want things installed."
-$   exit
-$ endif
-$
-$ if (f$getsyi( "cpu") .lt. 128)
-$ then
-$   arch = "VAX"
-$ else
-$   arch = f$edit( f$getsyi( "arch_name"), "upcase")
-$   if (arch .eqs. "") then arch = "UNK"
-$ endif
-$
-$ root = f$parse( P1, "[]A.;0", , , "SYNTAX_ONLY, NO_CONCEAL")- "A.;0"
-$ root_dev = f$parse( root, , , "device", "syntax_only")
-$ root_dir = f$parse( root, , , "directory", "syntax_only") - -
-   "[000000." - "][" - "[" - "]"
-$ root = root_dev + "[" + root_dir
-$
-$ define /nolog wrk_sslroot 'root'.] /translation_attributes = concealed
-$ define /nolog wrk_sslinclude wrk_sslroot:[include]
-$
-$ if f$parse( "wrk_sslroot:[000000]") .eqs. "" then -
-   create /directory /log wrk_sslroot:[000000]
-$ if f$parse( "wrk_sslinclude:") .eqs. "" then -
-   create /directory /log wrk_sslinclude:
-$ if f$parse( "wrk_sslroot:[vms]") .eqs. "" then -
-   create /directory /log wrk_sslroot:[vms]
-$!
-$ copy /log /protection = world:re openssl_startup.com wrk_sslroot:[vms]
-$ copy /log /protection = world:re openssl_undo.com wrk_sslroot:[vms]
-$ copy /log /protection = world:re openssl_utils.com wrk_sslroot:[vms]
-$!
-$ tidy:
-$!
-$ call deass wrk_sslroot
-$ call deass wrk_sslinclude
-$!
-$ exit
-$!
-$ deass: subroutine
-$ if (f$trnlnm( p1, "LNM$PROCESS") .nes. "")
-$ then
-$   deassign /process 'p1'
-$ endif
-$ endsubroutine
-$!
diff --git a/src/lib/libssl/src/VMS/install.com b/src/lib/libssl/src/VMS/install.com
deleted file mode 100644
index 9c9c0e1e27..0000000000
--- a/src/lib/libssl/src/VMS/install.com
+++ /dev/null
@@ -1,79 +0,0 @@
-$! INSTALL.COM -- Installs the files in a given directory tree
-$!
-$! Author: Richard Levitte <richard@levitte.org>
-$! Time of creation: 23-MAY-1998 19:22
-$!
-$! P1   root of the directory tree
-$!
-$       IF P1 .EQS. ""
-$       THEN
-$           WRITE SYS$OUTPUT "First argument missing."
-$           WRITE SYS$OUTPUT "Should be the directory where you want things installed."
-$           EXIT
-$       ENDIF
-$
-$       IF (F$GETSYI("CPU").LT.128)
-$       THEN
-$           ARCH := VAX
-$       ELSE
-$           ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
-$           IF (ARCH .EQS. "") THEN ARCH = "UNK"
-$       ENDIF
-$
-$       ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
-$       ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
-$       ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
-                   - "[000000." - "][" - "[" - "]"
-$       ROOT = ROOT_DEV + "[" + ROOT_DIR
-$
-$       DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
-$       DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE]
-$
-$       IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
-           CREATE/DIR/LOG WRK_SSLROOT:[000000]
-$       IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN -
-           CREATE/DIR/LOG WRK_SSLINCLUDE:
-$       IF F$PARSE("WRK_SSLROOT:[VMS]") .EQS. "" THEN -
-           CREATE/DIR/LOG WRK_SSLROOT:[VMS]
-$
-$       IF F$SEARCH("WRK_SSLINCLUDE:vms_idhacks.h") .NES. "" THEN -
-           DELETE WRK_SSLINCLUDE:vms_idhacks.h;*
-$
-$       OPEN/WRITE SF WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM
-$       WRITE SYS$OUTPUT "%OPEN-I-CREATED,  ",F$SEARCH("WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM")," created."
-$       WRITE SF "$! Startup file for Openssl"
-$       WRITE SF "$!"
-$       WRITE SF "$! Do not edit this file, as it will be regenerated during next installation."
-$       WRITE SF "$! Instead, add or change SSLROOT:[VMS]OPENSSL_SYSTARTUP.COM"
-$       WRITE SF "$!"
-$       WRITE SF "$! P1 a qualifier to DEFINE.  For example ""/SYSTEM"" to get the logical names"
-$       WRITE SF "$!    defined in the system logical name table."
-$       WRITE SF "$!"
-$       WRITE SF "$     IF (F$GETSYI(""CPU"").LT.128)"
-$       WRITE SF "$     THEN"
-$       WRITE SF "$         ARCH := VAX"
-$       WRITE SF "$     ELSE"
-$       WRITE SF "$         ARCH = F$EDIT( F$GETSYI( ""ARCH_NAME""), ""UPCASE"")"
-$       WRITE SF "$         IF (ARCH .EQS. """") THEN ARCH = ""UNK"""
-$       WRITE SF "$     ENDIF"
-$       WRITE SF "$     DEFINE/NOLOG'P1 SSLROOT         ",ROOT,".] /TRANS=CONC"
-$       WRITE SF "$     DEFINE/NOLOG'P1 SSLLIB          SSLROOT:['ARCH'_LIB]"
-$       WRITE SF "$     DEFINE/NOLOG'P1 SSLINCLUDE      SSLROOT:[INCLUDE]"
-$       WRITE SF "$     DEFINE/NOLOG'P1 SSLEXE          SSLROOT:['ARCH'_EXE]"
-$       WRITE SF "$     DEFINE/NOLOG'P1 SSLCERTS        SSLROOT:[CERTS]"
-$       WRITE SF "$     DEFINE/NOLOG'P1 SSLPRIVATE      SSLROOT:[PRIVATE]"
-$       WRITE SF "$"
-$       WRITE SF "$!    This is program can include <openssl/{foo}.h>"
-$       WRITE SF "$     DEFINE/NOLOG'P1 OPENSSL         SSLINCLUDE:"
-$       WRITE SF "$"
-$       WRITE SF "$     IF F$SEARCH(""SSLROOT:[VMS]OPENSSL_SYSTARTUP.COM"") .NES."""" THEN -"
-$       WRITE SF "         @SSLROOT:[VMS]OPENSSL_SYSTARTUP.COM"
-$       WRITE SF "$"
-$       WRITE SF "$     EXIT"
-$       CLOSE SF
-$       SET FILE/PROT=WORLD:RE WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM
-$
-$       COPY OPENSSL_UTILS.COM WRK_SSLROOT:[VMS]/LOG
-$       SET FILE/PROT=WORLD:RE WRK_SSLROOT:[VMS]OPENSSL_UTILS.COM
-$
-$       EXIT
diff --git a/src/lib/libssl/src/VMS/mkshared.com b/src/lib/libssl/src/VMS/mkshared.com
deleted file mode 100644
index b0d1fdaac3..0000000000
--- a/src/lib/libssl/src/VMS/mkshared.com
+++ /dev/null
@@ -1,476 +0,0 @@
-$! MKSHARED.COM -- Create shareable images.
-$!
-$! P1: "64" for 64-bit pointers.
-$!
-$! P2: Zlib object library path (optional).
-$!
-$! Input:       [.UTIL]LIBEAY.NUM,[.xxx.EXE.CRYPTO]SSL_LIBCRYPTO[32].OLB
-$!              [.UTIL]SSLEAY.NUM,[.xxx.EXE.SSL]SSL_LIBSSL[32].OLB
-$!              [.CRYPTO.xxx]OPENSSLCONF.H
-$! Output:      [.xxx.EXE.CRYPTO]SSL_LIBCRYPTO_SHR[32].OPT,.MAP,.EXE
-$!              [.xxx.EXE.SSL]SSL_LIBSSL_SRH[32].OPT,.MAP,.EXE
-$!
-$! So far, tests have only been made on VMS for Alpha.  VAX will come in time.
-$! ===========================================================================
-$!
-$! Announce/identify.
-$!
-$ proc = f$environment( "procedure")
-$ write sys$output "@@@ "+ -
-   f$parse( proc, , , "name")+ f$parse( proc, , , "type")
-$!
-$! Save the original default device:[directory].
-$!
-$ def_orig = f$environment( "default")
-$ on error then goto tidy
-$ on control_c then goto tidy
-$!
-$! SET DEFAULT to the main kit directory.
-$!
-$ proc = f$environment("procedure")
-$ proc = f$parse( "A.;", proc)- "A.;"
-$ set default 'proc'
-$ set default [-]
-$!
-$! ----- Prepare info for processing: version number and file info
-$ gosub read_version_info
-$ if libver .eqs. ""
-$ then
-$   write sys$error "ERROR: Couldn't find any library version info..."
-$   go to tidy:
-$ endif
-$
-$ if (f$getsyi("cpu") .lt. 128)
-$ then
-$   arch_vax = 1
-$   arch = "VAX"
-$ else
-$   arch_vax = 0
-$   arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$   if (arch .eqs. "") then arch = "UNK"
-$ endif
-$!
-$ archd = arch
-$ lib32 = "32"
-$ shr = "SHR32"
-$!
-$ if (p1 .nes. "")
-$ then
-$   if (p1 .eqs. "64")
-$   then
-$     archd = arch+ "_64"
-$     lib32 = ""
-$     shr = "SHR"
-$   else
-$     if (p1 .nes. "32")
-$     then
-$       write sys$output "Second argument invalid."
-$       write sys$output "It should be "32", "64", or nothing."
-$       exit
-$     endif
-$   endif
-$ endif
-$!
-$! ----- Prepare info for processing: disabled algorithms info
-$ gosub read_disabled_algorithms_info
-$!
-$ ZLIB = p2
-$ zlib_lib = ""
-$ if (ZLIB .nes. "")
-$ then
-$   file2 = f$parse( ZLIB, "libz.olb", , , "syntax_only")
-$   if (f$search( file2) .eqs. "")
-$   then
-$     write sys$output ""
-$     write sys$output "The Option ", ZLIB, " Is Invalid."
-$     write sys$output "    Can't find library: ''file2'"
-$     write sys$output ""
-$     goto tidy
-$   endif
-$   zlib_lib = ", ''file2' /library"
-$ endif
-$!
-$ if (arch_vax)
-$ then
-$   libtit = "CRYPTO_TRANSFER_VECTOR"
-$   libid  = "Crypto"
-$   libnum = "[.UTIL]LIBEAY.NUM"
-$   libdir = "[.''ARCHD'.EXE.CRYPTO]"
-$   libmar = "''libdir'SSL_LIBCRYPTO_''shr'.MAR"
-$   libolb = "''libdir'SSL_LIBCRYPTO''lib32'.OLB"
-$   libopt = "''libdir'SSL_LIBCRYPTO_''shr'.OPT"
-$   libobj = "''libdir'SSL_LIBCRYPTO_''shr'.OBJ"
-$   libmap = "''libdir'SSL_LIBCRYPTO_''shr'.MAP"
-$   libgoal= "''libdir'SSL_LIBCRYPTO_''shr'.EXE"
-$   libref = ""
-$   libvec = "LIBCRYPTO"
-$   if f$search( libolb) .nes. "" then gosub create_vax_shr
-$   libtit = "SSL_TRANSFER_VECTOR"
-$   libid  = "SSL"
-$   libnum = "[.UTIL]SSLEAY.NUM"
-$   libdir = "[.''ARCHD'.EXE.SSL]"
-$   libmar = "''libdir'SSL_LIBSSL_''shr'.MAR"
-$   libolb = "''libdir'SSL_LIBSSL''lib32'.OLB"
-$   libopt = "''libdir'SSL_LIBSSL_''shr'.OPT"
-$   libobj = "''libdir'SSL_LIBSSL_''shr'.OBJ"
-$   libmap = "''libdir'SSL_LIBSSL_''shr'.MAP"
-$   libgoal= "''libdir'SSL_LIBSSL_''shr'.EXE"
-$   libref = "[.''ARCHD'.EXE.CRYPTO]SSL_LIBCRYPTO_''shr'.EXE"
-$   libvec = "LIBSSL"
-$   if f$search( libolb) .nes. "" then gosub create_vax_shr
-$ else
-$   libid  = "Crypto"
-$   libnum = "[.UTIL]LIBEAY.NUM"
-$   libdir = "[.''ARCHD'.EXE.CRYPTO]"
-$   libolb = "''libdir'SSL_LIBCRYPTO''lib32'.OLB"
-$   libopt = "''libdir'SSL_LIBCRYPTO_''shr'.OPT"
-$   libmap = "''libdir'SSL_LIBCRYPTO_''shr'.MAP"
-$   libgoal= "''libdir'SSL_LIBCRYPTO_''shr'.EXE"
-$   libref = ""
-$   if f$search( libolb) .nes. "" then gosub create_nonvax_shr
-$   libid  = "SSL"
-$   libnum = "[.UTIL]SSLEAY.NUM"
-$   libdir = "[.''ARCHD'.EXE.SSL]"
-$   libolb = "''libdir'SSL_LIBSSL''lib32'.OLB"
-$   libopt = "''libdir'SSL_LIBSSL_''shr'.OPT"
-$   libmap = "''libdir'SSL_LIBSSL_''shr'.MAP"
-$   libgoal= "''libdir'SSL_LIBSSL_''shr'.EXE"
-$   libref = "[.''ARCHD'.EXE.CRYPTO]SSL_LIBCRYPTO_''shr'.EXE"
-$   if f$search( libolb) .nes. "" then gosub create_nonvax_shr
-$ endif
-$!
-$ tidy:
-$!
-$! Close any open files.
-$!
-$ if (f$trnlnm( "libnum", "LNM$PROCESS", 0, "SUPERVISOR") .nes. "") then -
-   close libnum
-$!
-$ if (f$trnlnm( "mar", "LNM$PROCESS", 0, "SUPERVISOR") .nes. "") then -
-   close mar
-$!
-$ if (f$trnlnm( "opt", "LNM$PROCESS", 0, "SUPERVISOR") .nes. "") then -
-   close opt
-$!
-$ if (f$trnlnm( "vf", "LNM$PROCESS", 0, "SUPERVISOR") .nes. "") then -
-   close vf
-$!
-$! Restore the original default device:[directory].
-$!
-$ set default 'def_orig'
-$ exit
-$
-$! ----- Subroutines to build the shareable libraries
-$! For each supported architecture, there's a main shareable library
-$! creator, which is called from the main code above.
-$! The creator will define a number of variables to tell the next levels of
-$! subroutines what routines to use to write to the option files, call the
-$! main processor, read_func_num, and when that is done, it will write version
-$! data at the end of the .opt file, close it, and link the library.
-$!
-$! read_func_num reads through a .num file and calls the writer routine for
-$! each line.  It's also responsible for checking that order is properly kept
-$! in the .num file, check that each line applies to VMS and the architecture,
-$! and to fill in "holes" with dummy entries.
-$!
-$! The creator routines depend on the following variables:
-$! libnum       The name of the .num file to use as input
-$! libolb       The name of the object library to build from
-$! libid        The identification string of the shareable library
-$! libopt       The name of the .opt file to write
-$! libtit       The title of the assembler transfer vector file (VAX only)
-$! libmar       The name of the assembler transfer vector file (VAX only)
-$! libmap       The name of the map file to write
-$! libgoal      The name of the shareable library to write
-$! libref       The name of a shareable library to link in
-$!
-$! read_func_num depends on the following variables from the creator:
-$! libwriter    The name of the writer routine to call for each .num file line
-$! -----
-$
-$! ----- Subroutines for non-VAX
-$! -----
-$! The creator routine
-$ create_nonvax_shr:
-$   open /write opt 'libopt'
-$   write opt "identification=""",libid," ",libverstr,""""
-$   write opt libolb, " /library"
-$   if libref .nes. "" then write opt libref,"/SHARE"
-$   write opt "SYMBOL_VECTOR=(-"
-$   libfirstentry := true
-$   libwrch   := opt
-$   libwriter := write_nonvax_transfer_entry
-$   textcount = 0
-$   gosub read_func_num
-$   write opt ")"
-$   write opt "GSMATCH=",libvmatch,",",libver
-$   close opt
-$   link /map = 'libmap' /full /share = 'libgoal' 'libopt' /options -
-     'zlib_lib'
-$   return
-$
-$! The record writer routine
-$ write_nonvax_transfer_entry:
-$   if libentry .eqs. ".dummy" then return
-$   if info_kind .eqs. "VARIABLE"
-$   then
-$     pr:=DATA
-$   else
-$     pr:=PROCEDURE
-$   endif
-$   textcount_this = f$length(pr) + f$length(libentry) + 5
-$   if textcount + textcount_this .gt. 1024
-$   then
-$     write opt ")"
-$     write opt "SYMBOL_VECTOR=(-"
-$     textcount = 16
-$     libfirstentry := true
-$   endif
-$   if libfirstentry
-$   then
-$     write 'libwrch' "    ",libentry,"=",pr," -"
-$   else
-$     write 'libwrch' "    ,",libentry,"=",pr," -"
-$   endif
-$   libfirstentry := false
-$   textcount = textcount + textcount_this
-$   return
-$
-$! ----- Subroutines for VAX
-$! -----
-$! The creator routine
-$ create_vax_shr:
-$   open /write mar 'libmar'
-$   type sys$input:/out=mar:
-;
-; Transfer vector for VAX shareable image
-;
-$   write mar " .TITLE ",libtit
-$   write mar " .IDENT /",libid,"/"
-$   type sys$input:/out=mar:
-;
-; Define macro to assist in building transfer vector entries.  Each entry
-; should take no more than 8 bytes.
-;
-        .MACRO FTRANSFER_ENTRY routine
-        .ALIGN QUAD
-        .TRANSFER routine
-        .MASK   routine
-        JMP     routine+2
-        .ENDM FTRANSFER_ENTRY
-;
-; Place entries in own program section.
-;
-$   write mar " .PSECT $$",libvec,",QUAD,PIC,USR,CON,REL,LCL,SHR,EXE,RD,NOWRT"
-$   write mar libvec,"_xfer:"
-$   libwrch   := mar
-$   libwriter := write_vax_ftransfer_entry
-$   gosub read_func_num
-$   type sys$input:/out=mar:
-;
-; Allocate extra storage at end of vector to allow for expansion.
-;
-$   write mar " .BLKB 32768-<.-",libvec,"_xfer> ; 64 pages total."
-$!   libwriter := write_vax_vtransfer_entry
-$!   gosub read_func_num
-$   write mar " .END"
-$   close mar
-$   open /write opt 'libopt'
-$   write opt "identification=""",libid," ",libverstr,""""
-$   write opt libobj
-$   write opt libolb, " /library"
-$   if libref .nes. "" then write opt libref,"/SHARE"
-$   type sys$input:/out=opt:
-!
-! Ensure transfer vector is at beginning of image
-!
-CLUSTER=FIRST
-$   write opt "COLLECT=FIRST,$$",libvec
-$   write opt "GSMATCH=",libvmatch,",",libver
-$   type sys$input:/out=opt:
-!
-! make psects nonshareable so image can be installed.
-!
-PSECT_ATTR=$CHAR_STRING_CONSTANTS,NOWRT
-$   libwrch   := opt
-$   libwriter := write_vax_psect_attr
-$   gosub read_func_num
-$   close opt
-$   macro/obj='libobj' 'libmar'
-$   link /map = 'libmap' /full /share = 'libgoal' 'libopt' /options -
-     'zlib_lib'
-$   return
-$
-$! The record writer routine for VAX functions
-$ write_vax_ftransfer_entry:
-$   if info_kind .nes. "FUNCTION" then return
-$   if libentry .eqs ".dummy"
-$   then
-$     write 'libwrch' " .BLKB 8" ! Dummy is zeroes...
-$   else
-$     write 'libwrch' " FTRANSFER_ENTRY ",libentry
-$   endif
-$   return
-$! The record writer routine for VAX variables (should never happen!)
-$ write_vax_psect_attr:
-$   if info_kind .nes. "VARIABLE" then return
-$   if libentry .eqs ".dummy" then return
-$   write 'libwrch' "PSECT_ATTR=",libentry,",NOSHR"
-$   return
-$
-$! ----- Common subroutines
-$! -----
-$! The .num file reader.  This one has great responsibility.
-$ read_func_num:
-$   open /read libnum 'libnum'
-$   goto read_nums
-$
-$ read_nums:
-$   libentrynum=0
-$   liblastentry:=false
-$   entrycount=0
-$   loop:
-$     read /end=loop_end /err=loop_end libnum line
-$     lin = f$edit( line, "COMPRESS,TRIM")
-$!    Skip a "#" comment line.
-$     if (f$extract( 0, 1, lin) .eqs. "#") then goto loop
-$     entrynum = f$int(f$element( 1, " ", lin))
-$     entryinfo = f$element( 2, " ", lin)
-$     curentry = f$element( 0, " ", lin)
-$     info_exist = f$element( 0, ":", entryinfo)
-$     info_platforms = ","+ f$element(1, ":", entryinfo)+ ","
-$     info_kind = f$element( 2, ":", entryinfo)
-$     info_algorithms = ","+ f$element( 3, ":", entryinfo)+ ","
-$     if info_exist .eqs. "NOEXIST" then goto loop
-$     truesum = 0
-$     falsesum = 0
-$     negatives = 1
-$     plat_i = 0
-$     loop1:
-$       plat_entry = f$element( plat_i, ",", info_platforms)
-$       plat_i = plat_i + 1
-$       if plat_entry .eqs. "" then goto loop1
-$       if plat_entry .nes. ","
-$       then
-$         if f$extract(0,1,plat_entry) .nes. "!" then negatives = 0
-$         if (arch_vax)
-$         then
-$           if plat_entry .eqs. "EXPORT_VAR_AS_FUNCTION" then -
-$             truesum = truesum + 1
-$           if plat_entry .eqs. "!EXPORT_VAR_AS_FUNCTION" then -
-$             falsesum = falsesum + 1
-$         endif
-$!
-$         if ((plat_entry .eqs. "VMS") .or. -
-            ((plat_entry .eqs. "ZLIB") .and. (ZLIB .nes. "")) .or. -
-            (arch_vax .and. (plat_entry .eqs. "VMSVAX"))) then -
-            truesum = truesum + 1
-$!
-$         if ((plat_entry .eqs. "!VMS") .or. -
-            (arch_vax .and. (plat_entry .eqs. "!VMSVAX"))) then -
-            falsesum = falsesum + 1
-$!
-$         goto loop1
-$       endif
-$     endloop1:
-$!DEBUG!$     if info_platforms - "EXPORT_VAR_AS_FUNCTION" .nes. info_platforms
-$!DEBUG!$     then
-$!DEBUG!$       write sys$output line
-$!DEBUG!$       write sys$output "        truesum = ",truesum,-
-$!DEBUG!                ", negatives = ",negatives,", falsesum = ",falsesum
-$!DEBUG!$     endif
-$     if falsesum .ne. 0 then goto loop
-$     if truesum+negatives .eq. 0 then goto loop
-$     alg_i = 0
-$     loop2:
-$       alg_entry = f$element(alg_i,",",info_algorithms)
-$       alg_i = alg_i + 1
-$       if alg_entry .eqs. "" then goto loop2
-$       if alg_entry .nes. ","
-$       then
-$         if disabled_algorithms - ("," + alg_entry + ",") .nes disabled_algorithms then goto loop
-$         if f$trnlnm("OPENSSL_NO_"+alg_entry) .nes. "" then goto loop
-$         goto loop2
-$       endif
-$     endloop2:
-$     if info_platforms - "EXPORT_VAR_AS_FUNCTION" .nes. info_platforms
-$     then
-$!DEBUG!$     write sys$output curentry," ; ",entrynum," ; ",entryinfo
-$     endif
-$   redo:
-$     next:=loop
-$     tolibentry=curentry
-$     if libentrynum .ne. entrynum
-$     then
-$       entrycount=entrycount+1
-$       if entrycount .lt. entrynum
-$       then
-$!DEBUG!$         write sys$output "Info: entrycount: ''entrycount', entrynum: ''entrynum' => 0"
-$         tolibentry=".dummy"
-$         next:=redo
-$       endif
-$       if entrycount .gt. entrynum
-$       then
-$         write sys$error "Decreasing library entry numbers!  Can't continue"
-$         write sys$error """",line,""""
-$         close libnum
-$         return
-$       endif
-$       libentry=tolibentry
-$!DEBUG!$       write sys$output entrycount," ",libentry," ",entryinfo
-$       if libentry .nes. "" .and. libwriter .nes. "" then gosub 'libwriter'
-$     else
-$       write sys$error "Info: ""''curentry'"" is an alias for ""''libentry'"".  Overriding..."
-$     endif
-$     libentrynum=entrycount
-$     goto 'next'
-$   loop_end:
-$   close libnum
-$   return
-$
-$! The version number reader
-$ read_version_info:
-$   libver = ""
-$   open /read vf [.CRYPTO]OPENSSLV.H
-$   loop_rvi:
-$     read/err=endloop_rvi/end=endloop_rvi vf rvi_line
-$     if rvi_line - "SHLIB_VERSION_NUMBER """ .eqs. rvi_line then -
-        goto loop_rvi
-$     libverstr = f$element(1,"""",rvi_line)
-$     libvmajor = f$element(0,".",libverstr)
-$     libvminor = f$element(1,".",libverstr)
-$     libvedit = f$element(2,".",libverstr)
-$     libvpatch = f$cvui(0,8,f$extract(1,1,libvedit)+"@")-f$cvui(0,8,"@")
-$     libvedit = f$extract(0,1,libvedit)
-$     libver = f$string(f$int(libvmajor)*100)+","+-
-        f$string(f$int(libvminor)*100+f$int(libvedit)*10+f$int(libvpatch))
-$     if libvmajor .eqs. "0"
-$     then
-$       libvmatch = "EQUAL"
-$     else
-$       ! Starting with the 1.0 release, backward compatibility should be
-$       ! kept, so switch over to the following
-$       libvmatch = "LEQUAL"
-$     endif
-$   endloop_rvi:
-$   close vf
-$   return
-$
-$! The disabled algorithms reader
-$ read_disabled_algorithms_info:
-$   disabled_algorithms = ","
-$   open /read cf [.CRYPTO.'ARCH']OPENSSLCONF.H
-$   loop_rci:
-$     read/err=endloop_rci/end=endloop_rci cf rci_line
-$     rci_line = f$edit(rci_line,"TRIM,COMPRESS")
-$     rci_ei = 0
-$     if f$extract(0,9,rci_line) .eqs. "# define " then rci_ei = 2
-$     if f$extract(0,8,rci_line) .eqs. "#define " then rci_ei = 1
-$     if rci_ei .eq. 0 then goto loop_rci
-$     rci_e = f$element(rci_ei," ",rci_line)
-$     if f$extract(0,11,rci_e) .nes. "OPENSSL_NO_" then goto loop_rci
-$     disabled_algorithms = disabled_algorithms + f$extract(11,999,rci_e) + ","
-$     goto loop_rci
-$   endloop_rci:
-$   close cf
-$   return
diff --git a/src/lib/libssl/src/VMS/multinet_shr.opt b/src/lib/libssl/src/VMS/multinet_shr.opt
deleted file mode 100644
index 610f42dddb..0000000000
--- a/src/lib/libssl/src/VMS/multinet_shr.opt
+++ /dev/null
@@ -1 +0,0 @@
-multinet:multinet_socket_library.exe/share
diff --git a/src/lib/libssl/src/VMS/openssl_startup.com b/src/lib/libssl/src/VMS/openssl_startup.com
deleted file mode 100755
index 04bbbde886..0000000000
--- a/src/lib/libssl/src/VMS/openssl_startup.com
+++ /dev/null
@@ -1,108 +0,0 @@
-$!
-$! Startup file for OpenSSL 1.x.
-$!
-$! 2011-03-05 SMS.
-$!
-$! This procedure must reside in the OpenSSL installation directory.
-$! It will fail if it is copied to a different location.
-$!
-$! P1  qualifier(s) for DEFINE.  For example, "/SYSTEM" to get the
-$!     logical names defined in the system logical name table.
-$!
-$! P2  "64", to use executables which were built with 64-bit pointers.
-$!
-$! Good (default) and bad status values.
-$!
-$ status =    %x00010001 ! RMS$_NORMAL, normal successful completion.
-$ rms_e_fnf = %x00018292 ! RMS$_FNF, file not found.
-$!
-$! Prepare for problems.
-$!
-$ orig_dev_dir = f$environment( "DEFAULT")
-$ on control_y then goto clean_up
-$ on error then goto clean_up
-$!
-$! Determine hardware architecture.
-$!
-$ if (f$getsyi( "cpu") .lt. 128)
-$ then
-$   arch_name = "VAX"
-$ else
-$   arch_name = f$edit( f$getsyi( "arch_name"), "upcase")
-$   if (arch_name .eqs. "") then arch_name = "UNK"
-$ endif
-$!
-$ if (p2 .eqs. "64")
-$ then
-$   arch_name_exe = arch_name+ "_64"
-$ else
-$   arch_name_exe = arch_name
-$ endif
-$!
-$! Derive the OpenSSL installation device:[directory] from the location
-$! of this command procedure.
-$!
-$ proc = f$environment( "procedure")
-$ proc_dev_dir = f$parse( "A.;", proc, , , "no_conceal") - "A.;"
-$ proc_dev = f$parse( proc_dev_dir, , , "device", "syntax_only")
-$ proc_dir = f$parse( proc_dev_dir, , , "directory", "syntax_only") - -
-   ".][000000"- "[000000."- "]["- "["- "]"
-$ proc_dev_dir = proc_dev+ "["+ proc_dir+ "]"
-$ set default 'proc_dev_dir'
-$ set default [-]
-$ ossl_dev_dir = f$environment( "default")
-$!
-$! Check existence of expected directories (to see if this procedure has
-$! been moved away from its proper place).
-$!
-$ if ((f$search( "certs.dir;1") .eqs. "") .or. -
-   (f$search( "include.dir;1") .eqs. "") .or. -
-   (f$search( "private.dir;1") .eqs. "") .or. -
-   (f$search( "vms.dir;1") .eqs. ""))
-$ then
-$    write sys$output -
-      "   Can't find expected common OpenSSL directories in:"
-$    write sys$output "   ''ossl_dev_dir'"
-$    status = rms_e_fnf
-$    goto clean_up
-$ endif
-$!
-$ if ((f$search( "''arch_name_exe'_exe.dir;1") .eqs. "") .or. -
-   (f$search( "''arch_name'_lib.dir;1") .eqs. ""))
-$ then
-$    write sys$output -
-      "   Can't find expected architecture-specific OpenSSL directories in:"
-$    write sys$output "   ''ossl_dev_dir'"
-$    status = rms_e_fnf
-$    goto clean_up
-$ endif
-$!
-$! All seems well (enough).  Define the OpenSSL logical names.
-$!
-$ ossl_root = ossl_dev_dir- "]"+ ".]"
-$ define /translation_attributes = concealed /nolog'p1 SSLROOT 'ossl_root'
-$ define /nolog 'p1' SSLCERTS     sslroot:[certs]
-$ define /nolog 'p1' SSLINCLUDE   sslroot:[include]
-$ define /nolog 'p1' SSLPRIVATE   sslroot:[private]
-$ define /nolog 'p1' SSLEXE       sslroot:['arch_name_exe'_exe]
-$ define /nolog 'p1' SSLLIB       sslroot:['arch_name'_lib]
-$!
-$! Defining OPENSSL lets a C program use "#include <openssl/{foo}.h>":
-$ define /nolog 'p1' OPENSSL      SSLINCLUDE:
-$!
-$! Run a site-specific procedure, if it exists.
-$!
-$ if f$search( "sslroot:[vms]openssl_systartup.com") .nes."" then -
-   @ sslroot:[vms]openssl_systartup.com
-$!
-$! Restore the original default dev:[dir] (if known).
-$!
-$ clean_up:
-$!
-$ if (f$type( orig_dev_dir) .nes. "")
-$ then
-$    set default 'orig_dev_dir'
-$ endif
-$!
-$ EXIT 'status'
-$!
diff --git a/src/lib/libssl/src/VMS/openssl_undo.com b/src/lib/libssl/src/VMS/openssl_undo.com
deleted file mode 100755
index d1623a3160..0000000000
--- a/src/lib/libssl/src/VMS/openssl_undo.com
+++ /dev/null
@@ -1,20 +0,0 @@
-$!
-$! Deassign OpenSSL logical names.
-$!
-$ call deass "OPENSSL" "''p1'"
-$ call deass "SSLCERTS" "''p1'"
-$ call deass "SSLEXE" "''p1'"
-$ call deass "SSLINCLUDE" "''p1'"
-$ call deass "SSLLIB" "''p1'"
-$ call deass "SSLPRIVATE" "''p1'"
-$ call deass "SSLROOT" "''p1'"
-$!
-$ exit
-$!
-$deass: subroutine
-$ if (f$trnlnm( p1) .nes. "")
-$ then
-$    deassign 'p2' 'p1'
-$ endif
-$ endsubroutine
-$!
diff --git a/src/lib/libssl/src/VMS/openssl_utils.com b/src/lib/libssl/src/VMS/openssl_utils.com
deleted file mode 100644
index 64f4915104..0000000000
--- a/src/lib/libssl/src/VMS/openssl_utils.com
+++ /dev/null
@@ -1,46 +0,0 @@
-$!
-$!  APPS.COM
-$!  Written By:  Robert Byer
-$!               Vice-President
-$!               A-Com Computing, Inc.
-$!               byer@mail.all-net.net
-$!
-$!
-$! Slightly modified by Richard Levitte <richard@levitte.org>
-$!
-$!
-$! Always define OPENSSL.  Others are optional (non-null P1).
-$!
-$ OPENSSL  :== $SSLEXE:OPENSSL
-$
-$ IF (P1 .NES. "")
-$ THEN
-$     VERIFY   :== $SSLEXE:OPENSSL VERIFY
-$     ASN1PARSE:== $SSLEXE:OPENSSL ASN1PARS
-$! REQ could conflict with REQUEST.
-$     OREQ     :== $SSLEXE:OPENSSL REQ
-$     DGST     :== $SSLEXE:OPENSSL DGST
-$     DH       :== $SSLEXE:OPENSSL DH
-$     ENC      :== $SSLEXE:OPENSSL ENC
-$     GENDH    :== $SSLEXE:OPENSSL GENDH
-$     ERRSTR   :== $SSLEXE:OPENSSL ERRSTR
-$     CA       :== $SSLEXE:OPENSSL CA
-$     CRL      :== $SSLEXE:OPENSSL CRL
-$     RSA      :== $SSLEXE:OPENSSL RSA
-$     DSA      :== $SSLEXE:OPENSSL DSA
-$     DSAPARAM :== $SSLEXE:OPENSSL DSAPARAM
-$     X509     :== $SSLEXE:OPENSSL X509
-$     GENRSA   :== $SSLEXE:OPENSSL GENRSA
-$     GENDSA   :== $SSLEXE:OPENSSL GENDSA
-$     S_SERVER :== $SSLEXE:OPENSSL S_SERVER
-$     S_CLIENT :== $SSLEXE:OPENSSL S_CLIENT
-$     SPEED    :== $SSLEXE:OPENSSL SPEED
-$     S_TIME   :== $SSLEXE:OPENSSL S_TIME
-$     VERSION  :== $SSLEXE:OPENSSL VERSION
-$     PKCS7    :== $SSLEXE:OPENSSL PKCS7
-$     CRL2PKCS7:== $SSLEXE:OPENSSL CRL2P7
-$     SESS_ID  :== $SSLEXE:OPENSSL SESS_ID
-$     CIPHERS  :== $SSLEXE:OPENSSL CIPHERS
-$     NSEQ     :== $SSLEXE:OPENSSL NSEQ
-$     PKCS12   :== $SSLEXE:OPENSSL PKCS12
-$ ENDIF
diff --git a/src/lib/libssl/src/VMS/socketshr_shr.opt b/src/lib/libssl/src/VMS/socketshr_shr.opt
deleted file mode 100644
index f6e3131626..0000000000
--- a/src/lib/libssl/src/VMS/socketshr_shr.opt
+++ /dev/null
@@ -1 +0,0 @@
-socketshr/share
diff --git a/src/lib/libssl/src/VMS/tcpip_shr_decc.opt b/src/lib/libssl/src/VMS/tcpip_shr_decc.opt
deleted file mode 100644
index 33b159e5f5..0000000000
--- a/src/lib/libssl/src/VMS/tcpip_shr_decc.opt
+++ /dev/null
@@ -1 +0,0 @@
-sys$share:tcpip$ipc_shr.exe/share
diff --git a/src/lib/libssl/src/VMS/test-includes.com b/src/lib/libssl/src/VMS/test-includes.com
deleted file mode 100644
index c1d7ccd0ee..0000000000
--- a/src/lib/libssl/src/VMS/test-includes.com
+++ /dev/null
@@ -1,28 +0,0 @@
-$! Quick script to check how well including individual header files works
-$! on VMS, even when the VMS macro isn't defined.
-$
-$       sav_def = f$env("DEFAULT")
-$       here = f$parse("A.;0",f$ENV("PROCEDURE")) - "A.;0"
-$       set default 'here'
-$       set default [-.include.openssl]
-$       define openssl 'f$env("DEFAULT")'
-$       set default [--]
-$
-$ loop:
-$       f = f$search("openssl:*.h")
-$       if f .eqs. "" then goto loop_end
-$       write sys$output "Checking ",f
-$       open/write foo foo.c
-$       write foo "#undef VMS"
-$       write foo "#include <stdio.h>"
-$       write foo "#include <openssl/",f$parse(f,,,"NAME"),".h>"
-$       write foo "main()"
-$       write foo "{printf(""foo\n"");}"
-$       close foo
-$       cc/STANDARD=ANSI89/NOLIST/PREFIX=ALL foo.c
-$       delete foo.c;
-$       goto loop
-$ loop_end:
-$       set default 'save_def'
-$       exit
-
diff --git a/src/lib/libssl/src/VMS/ucx_shr_decc.opt b/src/lib/libssl/src/VMS/ucx_shr_decc.opt
deleted file mode 100644
index 28d84f4af6..0000000000
--- a/src/lib/libssl/src/VMS/ucx_shr_decc.opt
+++ /dev/null
@@ -1 +0,0 @@
-sys$share:ucx$ipc_shr.exe/share
diff --git a/src/lib/libssl/src/VMS/ucx_shr_decc_log.opt b/src/lib/libssl/src/VMS/ucx_shr_decc_log.opt
deleted file mode 100644
index c9d9a96d09..0000000000
--- a/src/lib/libssl/src/VMS/ucx_shr_decc_log.opt
+++ /dev/null
@@ -1 +0,0 @@
-ucx$ipc_shr/share
diff --git a/src/lib/libssl/src/VMS/ucx_shr_vaxc.opt b/src/lib/libssl/src/VMS/ucx_shr_vaxc.opt
deleted file mode 100644
index 86bfaf0d07..0000000000
--- a/src/lib/libssl/src/VMS/ucx_shr_vaxc.opt
+++ /dev/null
@@ -1 +0,0 @@
-sys$library:ucx$ipc.olb/library
diff --git a/src/lib/libssl/src/apps/CA.com b/src/lib/libssl/src/apps/CA.com
deleted file mode 100644
index 2c0d465274..0000000000
--- a/src/lib/libssl/src/apps/CA.com
+++ /dev/null
@@ -1,236 +0,0 @@
-$! CA - wrapper around ca to make it easier to use ... basically ca requires
-$!      some setup stuff to be done before you can use it and this makes
-$!      things easier between now and when Eric is convinced to fix it :-)
-$!
-$! CA -newca ... will setup the right stuff
-$! CA -newreq ... will generate a certificate request 
-$! CA -sign ... will sign the generated request and output 
-$!
-$! At the end of that grab newreq.pem and newcert.pem (one has the key 
-$! and the other the certificate) and cat them together and that is what
-$! you want/need ... I'll make even this a little cleaner later.
-$!
-$!
-$! 12-Jan-96 tjh    Added more things ... including CA -signcert which
-$!                  converts a certificate to a request and then signs it.
-$! 10-Jan-96 eay    Fixed a few more bugs and added the SSLEAY_CONFIG
-$!                 environment variable so this can be driven from
-$!                 a script.
-$! 25-Jul-96 eay    Cleaned up filenames some more.
-$! 11-Jun-96 eay    Fixed a few filename missmatches.
-$! 03-May-96 eay    Modified to use 'openssl cmd' instead of 'cmd'.
-$! 18-Apr-96 tjh    Original hacking
-$!
-$! Tim Hudson
-$! tjh@cryptsoft.com
-$!
-$!
-$! default ssleay.cnf file has setup as per the following
-$! demoCA ... where everything is stored
-$
-$ IF F$TYPE(SSLEAY_CONFIG) .EQS. "" THEN SSLEAY_CONFIG := SSLLIB:SSLEAY.CNF
-$
-$ DAYS   = "-days 365"
-$ REQ    = openssl + " req " + SSLEAY_CONFIG
-$ CA     = openssl + " ca " + SSLEAY_CONFIG
-$ VERIFY = openssl + " verify"
-$ X509   = openssl + " x509"
-$ PKCS12 = openssl + " pkcs12"
-$ echo   = "write sys$Output"
-$ RET = 1
-$!
-$! 2010-12-20 SMS.
-$! Use a concealed logical name to reduce command line lengths, to
-$! avoid DCL errors on VAX:
-$!     %DCL-W-TKNOVF, command element is too long - shorten
-$! (Path segments like "openssl-1_0_1-stable-SNAP-20101217" accumulate
-$! quickly.)
-$!
-$ CATOP = F$PARSE( F$ENVIRONMENT( "DEFAULT"), "[]")- "].;"+ ".demoCA.]"
-$ define /translation_attributes = concealed CATOP 'CATOP'
-$!
-$ on error then goto clean_up
-$ on control_y then goto clean_up
-$!
-$ CAKEY  = "CATOP:[private]cakey.pem"
-$ CACERT = "CATOP:[000000]cacert.pem"
-$
-$ __INPUT := SYS$COMMAND
-$!
-$ i = 1
-$opt_loop:
-$ if i .gt. 8 then goto opt_loop_end
-$
-$ prog_opt = F$EDIT(P'i',"lowercase")
-$
-$ IF (prog_opt .EQS. "?" .OR. prog_opt .EQS. "-h" .OR. prog_opt .EQS. "-help") 
-$ THEN
-$   echo "usage: CA -newcert|-newreq|-newca|-sign|-verify" 
-$   goto clean_up
-$ ENDIF
-$!
-$ IF (prog_opt .EQS. "-input")
-$ THEN
-$   ! Get input from somewhere other than SYS$COMMAND
-$   i = i + 1
-$   __INPUT = P'i'
-$   GOTO opt_loop_continue
-$ ENDIF
-$!
-$ IF (prog_opt .EQS. "-newcert")
-$ THEN
-$   ! Create a certificate.
-$   DEFINE /USER_MODE SYS$INPUT '__INPUT'
-$   REQ -new -x509 -keyout newreq.pem -out newreq.pem 'DAYS'
-$   RET=$STATUS
-$   echo "Certificate (and private key) is in newreq.pem"
-$   GOTO opt_loop_continue
-$ ENDIF
-$!
-$ IF (prog_opt .EQS. "-newreq")
-$ THEN
-$   ! Create a certificate request
-$   DEFINE /USER_MODE SYS$INPUT '__INPUT'
-$   REQ -new -keyout newreq.pem -out newreq.pem 'DAYS'
-$   RET=$STATUS
-$   echo "Request (and private key) is in newreq.pem"
-$   GOTO opt_loop_continue
-$ ENDIF
-$!
-$ IF (prog_opt .EQS. "-newca")
-$ THEN
-$   ! If explicitly asked for or it doesn't exist then setup the directory
-$   ! structure that Eric likes to manage things.
-$   IF F$SEARCH( "CATOP:[000000]serial.") .EQS. ""
-$   THEN
-$     CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[000000]
-$     CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[certs]
-$     CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[crl]
-$     CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[newcerts]
-$     CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[private]
-$
-$     OPEN /WRITE ser_file CATOP:[000000]serial. 
-$     WRITE ser_file "01"
-$     CLOSE ser_file
-$     APPEND /NEW_VERSION NL: CATOP:[000000]index.txt
-$
-$     ! The following is to make sure access() doesn't get confused.  It
-$     ! really needs one file in the directory to give correct answers...
-$     COPY NLA0: CATOP:[certs].;
-$     COPY NLA0: CATOP:[crl].;
-$     COPY NLA0: CATOP:[newcerts].;
-$     COPY NLA0: CATOP:[private].;
-$   ENDIF
-$!
-$   IF F$SEARCH( CAKEY) .EQS. ""
-$   THEN
-$     READ '__INPUT' FILE -
-       /PROMPT="CA certificate filename (or enter to create): "
-$     IF (FILE .NES. "") .AND. (F$SEARCH(FILE) .NES. "")
-$     THEN
-$       COPY 'FILE' 'CAKEY'
-$       RET=$STATUS
-$     ELSE
-$       echo "Making CA certificate ..."
-$       DEFINE /USER_MODE SYS$INPUT '__INPUT'
-$       REQ -new -x509 -keyout 'CAKEY' -out 'CACERT' 'DAYS'
-$       RET=$STATUS
-$     ENDIF
-$   ENDIF
-$   GOTO opt_loop_continue
-$ ENDIF
-$!
-$ IF (prog_opt .EQS. "-pkcs12")
-$ THEN
-$   i = i + 1
-$   cname = P'i'
-$   IF cname .EQS. "" THEN cname = "My certificate"
-$   PKCS12 -in newcert.pem -inkey newreq.pem -certfile 'CACERT' -
-     -out newcert.p12 -export -name "''cname'"
-$   RET=$STATUS
-$   goto clean_up
-$ ENDIF
-$!
-$ IF (prog_opt .EQS. "-xsign")
-$ THEN
-$!
-$   DEFINE /USER_MODE SYS$INPUT '__INPUT'
-$   CA -policy policy_anything -infiles newreq.pem
-$   RET=$STATUS
-$   GOTO opt_loop_continue
-$ ENDIF
-$!
-$ IF ((prog_opt .EQS. "-sign") .OR. (prog_opt .EQS. "-signreq"))
-$ THEN
-$!   
-$   DEFINE /USER_MODE SYS$INPUT '__INPUT'
-$   CA -policy policy_anything -out newcert.pem -infiles newreq.pem
-$   RET=$STATUS
-$   type newcert.pem
-$   echo "Signed certificate is in newcert.pem"
-$   GOTO opt_loop_continue
-$ ENDIF
-$!
-$ IF (prog_opt .EQS. "-signcert")
-$  THEN
-$!   
-$   echo "Cert passphrase will be requested twice - bug?"
-$   DEFINE /USER_MODE SYS$INPUT '__INPUT'
-$   X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem
-$   DEFINE /USER_MODE SYS$INPUT '__INPUT'
-$   CA -policy policy_anything -out newcert.pem -infiles tmp.pem
-y
-y
-$   type newcert.pem
-$   echo "Signed certificate is in newcert.pem"
-$   GOTO opt_loop_continue
-$ ENDIF
-$!
-$ IF (prog_opt .EQS. "-verify")
-$ THEN
-$!   
-$   i = i + 1
-$   IF (p'i' .EQS. "")
-$   THEN
-$     DEFINE /USER_MODE SYS$INPUT '__INPUT'
-$     VERIFY "-CAfile" 'CACERT' newcert.pem
-$   ELSE
-$     j = i
-$    verify_opt_loop:
-$     IF j .GT. 8 THEN GOTO verify_opt_loop_end
-$     IF p'j' .NES. ""
-$     THEN 
-$       DEFINE /USER_MODE SYS$INPUT '__INPUT'
-$       __tmp = p'j'
-$       VERIFY "-CAfile" 'CACERT' '__tmp'
-$       tmp=$STATUS
-$       IF tmp .NE. 0 THEN RET=tmp
-$     ENDIF
-$     j = j + 1
-$     GOTO verify_opt_loop
-$    verify_opt_loop_end:
-$   ENDIF
-$   
-$   GOTO opt_loop_end
-$ ENDIF
-$!
-$ IF (prog_opt .NES. "")
-$ THEN
-$!   
-$   echo "Unknown argument ''prog_opt'"
-$   RET = 3
-$   goto clean_up
-$ ENDIF
-$
-$opt_loop_continue:
-$ i = i + 1
-$ GOTO opt_loop
-$
-$opt_loop_end:
-$!
-$clean_up:
-$!
-$ if f$trnlnm( "CATOP", "LNM$PROCESS") .nes. "" then -
-   deassign /process CATOP
-$!
-$ EXIT 'RET'
diff --git a/src/lib/libssl/src/apps/Makefile b/src/lib/libssl/src/apps/Makefile
index 95f499e330..72657ea658 100644
--- a/src/lib/libssl/src/apps/Makefile
+++ b/src/lib/libssl/src/apps/Makefile
@@ -577,14 +577,15 @@ openssl.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
 openssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 openssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-openssl.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
-openssl.o: ../include/openssl/sha.h ../include/openssl/srtp.h
-openssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-openssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-openssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-openssl.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
-openssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-openssl.o: ../include/openssl/x509v3.h apps.h openssl.c progs.h s_apps.h
+openssl.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
+openssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+openssl.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+openssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+openssl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+openssl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+openssl.o: openssl.c progs.h s_apps.h
 passwd.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 passwd.o: ../include/openssl/buffer.h ../include/openssl/conf.h
 passwd.o: ../include/openssl/crypto.h ../include/openssl/des.h
diff --git a/src/lib/libssl/src/apps/apps.c b/src/lib/libssl/src/apps/apps.c
index 4e11915b02..b76db10a5e 100644
--- a/src/lib/libssl/src/apps/apps.c
+++ b/src/lib/libssl/src/apps/apps.c
@@ -586,12 +586,12 @@ int password_callback(char *buf, int bufsiz, int verify,
 
                 if (ok >= 0)
                         ok = UI_add_input_string(ui,prompt,ui_flags,buf,
-                                PW_MIN_LENGTH,BUFSIZ-1);
+                                PW_MIN_LENGTH,bufsiz-1);
                 if (ok >= 0 && verify)
                         {
                         buff = (char *)OPENSSL_malloc(bufsiz);
                         ok = UI_add_verify_string(ui,prompt,ui_flags,buff,
-                                PW_MIN_LENGTH,BUFSIZ-1, buf);
+                                PW_MIN_LENGTH,bufsiz-1, buf);
                         }
                 if (ok >= 0)
                         do
@@ -2132,7 +2132,7 @@ X509_NAME *parse_name(char *subject, long chtype, int multirdn)
         X509_NAME *n = NULL;
         int nid;
 
-        if (!buf || !ne_types || !ne_values)
+        if (!buf || !ne_types || !ne_values || !mval)
                 {
                 BIO_printf(bio_err, "malloc error\n");
                 goto error;
@@ -2236,6 +2236,7 @@ X509_NAME *parse_name(char *subject, long chtype, int multirdn)
         OPENSSL_free(ne_values);
         OPENSSL_free(ne_types);
         OPENSSL_free(buf);
+        OPENSSL_free(mval);
         return n;
 
 error:
@@ -2244,6 +2245,8 @@ error:
                 OPENSSL_free(ne_values);
         if (ne_types)
                 OPENSSL_free(ne_types);
+        if (mval)
+                OPENSSL_free(mval);
         if (buf)
                 OPENSSL_free(buf);
         return NULL;
@@ -2838,7 +2841,7 @@ double app_tminterval(int stop,int usertime)
 
         if (proc==NULL)
                 {
-                if (GetVersion() < 0x80000000)
+                if (check_winnt())
                         proc = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,
                                                 GetCurrentProcessId());
                 if (proc==NULL) proc = (HANDLE)-1;
diff --git a/src/lib/libssl/src/apps/apps.h b/src/lib/libssl/src/apps/apps.h
index c1ca99da12..3aeb46c4e2 100644
--- a/src/lib/libssl/src/apps/apps.h
+++ b/src/lib/libssl/src/apps/apps.h
@@ -188,6 +188,7 @@ extern BIO *bio_err;
                         do { CONF_modules_unload(1); destroy_ui_method(); \
                         OBJ_cleanup(); EVP_cleanup(); ENGINE_cleanup(); \
                         CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); \
+                        RAND_cleanup(); \
                         ERR_free_strings(); zlib_cleanup();} while(0)
 #  else
 #    define apps_startup() \
@@ -198,6 +199,7 @@ extern BIO *bio_err;
                         do { CONF_modules_unload(1); destroy_ui_method(); \
                         OBJ_cleanup(); EVP_cleanup(); \
                         CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); \
+                        RAND_cleanup(); \
                         ERR_free_strings(); zlib_cleanup(); } while(0)
 #  endif
 #endif
diff --git a/src/lib/libssl/src/apps/ca.c b/src/lib/libssl/src/apps/ca.c
index a548f4eeb0..55dea95ac1 100644
--- a/src/lib/libssl/src/apps/ca.c
+++ b/src/lib/libssl/src/apps/ca.c
@@ -1408,6 +1408,7 @@ bad:
                         if (!NCONF_get_number(conf,section,
                                 ENV_DEFAULT_CRL_HOURS, &crlhours))
                                 crlhours = 0;
+                        ERR_clear_error();
                         }
                 if ((crldays == 0) && (crlhours == 0) && (crlsec == 0))
                         {
diff --git a/src/lib/libssl/src/apps/crl.c b/src/lib/libssl/src/apps/crl.c
index c395b2afd5..8797d300cf 100644
--- a/src/lib/libssl/src/apps/crl.c
+++ b/src/lib/libssl/src/apps/crl.c
@@ -81,6 +81,9 @@ static const char *crl_usage[]={
 " -in arg         - input file - default stdin\n",
 " -out arg        - output file - default stdout\n",
 " -hash           - print hash value\n",
+#ifndef OPENSSL_NO_MD5
+" -hash_old       - print old-style (MD5) hash value\n",
+#endif
 " -fingerprint    - print the crl fingerprint\n",
 " -issuer         - print issuer DN\n",
 " -lastupdate     - lastUpdate field\n",
@@ -108,6 +111,9 @@ int MAIN(int argc, char **argv)
         int informat,outformat;
         char *infile=NULL,*outfile=NULL;
         int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
+#ifndef OPENSSL_NO_MD5
+       int hash_old=0;
+#endif
         int fingerprint = 0, crlnumber = 0;
         const char **pp;
         X509_STORE *store = NULL;
@@ -192,6 +198,10 @@ int MAIN(int argc, char **argv)
                         text = 1;
                 else if (strcmp(*argv,"-hash") == 0)
                         hash= ++num;
+#ifndef OPENSSL_NO_MD5
+                else if (strcmp(*argv,"-hash_old") == 0)
+                        hash_old= ++num;
+#endif
                 else if (strcmp(*argv,"-nameopt") == 0)
                         {
                         if (--argc < 1) goto bad;
@@ -304,6 +314,14 @@ bad:
                                 BIO_printf(bio_out,"%08lx\n",
                                         X509_NAME_hash(X509_CRL_get_issuer(x)));
                                 }
+#ifndef OPENSSL_NO_MD5
+                        if (hash_old == i)
+                                {
+                                BIO_printf(bio_out,"%08lx\n",
+                                        X509_NAME_hash_old(
+                                                X509_CRL_get_issuer(x)));
+                                }
+#endif
                         if (lastupdate == i)
                                 {
                                 BIO_printf(bio_out,"lastUpdate=");
diff --git a/src/lib/libssl/src/apps/dgst.c b/src/lib/libssl/src/apps/dgst.c
index b08e9a7c78..f4aec779c1 100644
--- a/src/lib/libssl/src/apps/dgst.c
+++ b/src/lib/libssl/src/apps/dgst.c
@@ -216,10 +216,10 @@ int MAIN(int argc, char **argv)
                         out_bin = 1;
                 else if (strcmp(*argv,"-d") == 0)
                         debug=1;
-                else if (strcmp(*argv,"-non-fips-allow") == 0)
-                        non_fips_allow=1;
                 else if (!strcmp(*argv,"-fips-fingerprint"))
                         hmac_key = "etaonrishdlcupfm";
+                else if (strcmp(*argv,"-non-fips-allow") == 0)
+                        non_fips_allow=1;
                 else if (!strcmp(*argv,"-hmac"))
                         {
                         if (--argc < 1)
@@ -427,9 +427,9 @@ int MAIN(int argc, char **argv)
                         goto end;
                         }
                 if (do_verify)
-                        r = EVP_DigestVerifyInit(mctx, &pctx, md, e, sigkey);
+                        r = EVP_DigestVerifyInit(mctx, &pctx, md, NULL, sigkey);
                 else
-                        r = EVP_DigestSignInit(mctx, &pctx, md, e, sigkey);
+                        r = EVP_DigestSignInit(mctx, &pctx, md, NULL, sigkey);
                 if (!r)
                         {
                         BIO_printf(bio_err, "Error setting context\n");
diff --git a/src/lib/libssl/src/apps/dhparam.c b/src/lib/libssl/src/apps/dhparam.c
index b47097cbb2..1297d6fb5e 100644
--- a/src/lib/libssl/src/apps/dhparam.c
+++ b/src/lib/libssl/src/apps/dhparam.c
@@ -332,7 +332,6 @@ bad:
                         BIO_printf(bio_err,"This is going to take a long time\n");
                         if(!dh || !DH_generate_parameters_ex(dh, num, g, &cb))
                                 {
-                                if(dh) DH_free(dh);
                                 ERR_print_errors(bio_err);
                                 goto end;
                                 }
diff --git a/src/lib/libssl/src/apps/dsaparam.c b/src/lib/libssl/src/apps/dsaparam.c
index fe72c1d3df..683d51391b 100644
--- a/src/lib/libssl/src/apps/dsaparam.c
+++ b/src/lib/libssl/src/apps/dsaparam.c
@@ -326,6 +326,7 @@ bad:
                                 goto end;
                                 }
 #endif
+                        ERR_print_errors(bio_err);
                         BIO_printf(bio_err,"Error, DSA key generation failed\n");
                         goto end;
                         }
@@ -429,13 +430,19 @@ bad:
 
                 assert(need_rand);
                 if ((dsakey=DSAparams_dup(dsa)) == NULL) goto end;
-                if (!DSA_generate_key(dsakey)) goto end;
+                if (!DSA_generate_key(dsakey))
+                        {
+                        ERR_print_errors(bio_err);
+                        DSA_free(dsakey);
+                        goto end;
+                        }
                 if      (outformat == FORMAT_ASN1)
                         i=i2d_DSAPrivateKey_bio(out,dsakey);
                 else if (outformat == FORMAT_PEM)
                         i=PEM_write_bio_DSAPrivateKey(out,dsakey,NULL,NULL,0,NULL,NULL);
                 else    {
                         BIO_printf(bio_err,"bad output format specified for outfile\n");
+                        DSA_free(dsakey);
                         goto end;
                         }
                 DSA_free(dsakey);
diff --git a/src/lib/libssl/src/apps/genrsa.c b/src/lib/libssl/src/apps/genrsa.c
index 37e9310910..ece114c876 100644
--- a/src/lib/libssl/src/apps/genrsa.c
+++ b/src/lib/libssl/src/apps/genrsa.c
@@ -78,7 +78,7 @@
 #include <openssl/pem.h>
 #include <openssl/rand.h>
 
-#define DEFBITS 512
+#define DEFBITS 1024
 #undef PROG
 #define PROG genrsa_main
 
diff --git a/src/lib/libssl/src/apps/install-apps.com b/src/lib/libssl/src/apps/install-apps.com
deleted file mode 100755
index 7a553aa12e..0000000000
--- a/src/lib/libssl/src/apps/install-apps.com
+++ /dev/null
@@ -1,107 +0,0 @@
-$! INSTALL.COM -- Installs the files in a given directory tree
-$!
-$! Author: Richard Levitte <richard@levitte.org>
-$! Time of creation: 22-MAY-1998 10:13
-$!
-$! P1  root of the directory tree
-$! P2  "64" for 64-bit pointers.
-$!
-$!
-$! Announce/identify.
-$!
-$ proc = f$environment( "procedure")
-$ write sys$output "@@@ "+ -
-   f$parse( proc, , , "name")+ f$parse( proc, , , "type")
-$!
-$ on error then goto tidy
-$ on control_c then goto tidy
-$!
-$ if (p1 .eqs. "")
-$ then
-$   write sys$output "First argument missing."
-$   write sys$output -
-     "It should be the directory where you want things installed."
-$   exit
-$ endif
-$!
-$ if (f$getsyi("cpu") .lt. 128)
-$ then
-$   arch = "VAX"
-$ else
-$   arch = f$edit( f$getsyi( "arch_name"), "upcase")
-$   if (arch .eqs. "") then arch = "UNK"
-$ endif
-$!
-$ archd = arch
-$!
-$ if (p2 .nes. "")
-$ then
-$   if (p2 .eqs. "64")
-$   then
-$     archd = arch+ "_64"
-$   else
-$     if (p2 .nes. "32")
-$     then
-$       write sys$output "Second argument invalid."
-$       write sys$output "It should be "32", "64", or nothing."
-$       exit
-$     endif
-$   endif
-$ endif
-$!
-$ root = f$parse( p1, "[]A.;0", , , "syntax_only, no_conceal") - "A.;0"
-$ root_dev = f$parse(root,,,"device","syntax_only")
-$ root_dir = f$parse(root,,,"directory","syntax_only") - -
-   "[000000." - "][" - "[" - "]"
-$ root = root_dev + "[" + root_dir
-$!
-$ define /nolog wrk_sslroot 'root'.] /trans=conc
-$ define /nolog wrk_sslxexe wrk_sslroot:['archd'_exe]
-$!
-$ if f$parse("wrk_sslroot:[000000]") .eqs. "" then -
-   create /directory /log wrk_sslroot:[000000]
-$ if f$parse("wrk_sslxexe:") .eqs. "" then -
-   create /directory /log wrk_sslxexe:
-$!
-$ exe := openssl
-$!
-$ exe_dir := [-.'archd'.exe.apps]
-$!
-$! Executables.
-$!
-$ i = 0
-$ loop_exe:
-$   e = f$edit(f$element( i, ",", exe), "trim")
-$   i = i + 1
-$   if e .eqs. "," then goto loop_exe_end
-$   set noon
-$   file = exe_dir+ e+ ".exe"
-$   if f$search( file) .nes. ""
-$   then
-$     copy /protection = w:re 'file' wrk_sslxexe: /log
-$   endif
-$   set on
-$ goto loop_exe
-$ loop_exe_end:
-$!
-$! Miscellaneous.
-$!
-$ set noon
-$ copy /protection = w:re ca.com wrk_sslxexe:ca.com /log
-$ copy /protection = w:re openssl-vms.cnf wrk_sslroot:[000000]openssl.cnf /log
-$ set on
-$!
-$ tidy:
-$!
-$ call deass wrk_sslroot
-$ call deass wrk_sslxexe
-$!
-$ exit
-$!
-$ deass: subroutine
-$ if (f$trnlnm( p1, "LNM$PROCESS") .nes. "")
-$ then
-$   deassign /process 'p1'
-$ endif
-$ endsubroutine
-$!
diff --git a/src/lib/libssl/src/apps/install.com b/src/lib/libssl/src/apps/install.com
deleted file mode 100644
index c5821b40e3..0000000000
--- a/src/lib/libssl/src/apps/install.com
+++ /dev/null
@@ -1,65 +0,0 @@
-$! INSTALL.COM -- Installs the files in a given directory tree
-$!
-$! Author: Richard Levitte <richard@levitte.org>
-$! Time of creation: 22-MAY-1998 10:13
-$!
-$! P1   root of the directory tree
-$!
-$
-$       IF P1 .EQS. ""
-$       THEN
-$           WRITE SYS$OUTPUT "First argument missing."
-$           WRITE SYS$OUTPUT -
-                  "Should be the directory where you want things installed."
-$           EXIT
-$       ENDIF
-$
-$       IF (F$GETSYI("CPU").LT.128)
-$       THEN
-$           ARCH := VAX
-$       ELSE
-$           ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
-$           IF (ARCH .EQS. "") THEN ARCH = "UNK"
-$       ENDIF
-$
-$       ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
-$       ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
-$       ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
-                   - "[000000." - "][" - "[" - "]"
-$       ROOT = ROOT_DEV + "[" + ROOT_DIR
-$
-$       DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
-$       DEFINE/NOLOG WRK_SSLEXE WRK_SSLROOT:['ARCH'_EXE]
-$
-$       IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
-           CREATE/DIR/LOG WRK_SSLROOT:[000000]
-$       IF F$PARSE("WRK_SSLEXE:") .EQS. "" THEN -
-           CREATE/DIR/LOG WRK_SSLEXE:
-$
-$       EXE := openssl
-$
-$       EXE_DIR := [-.'ARCH'.EXE.APPS]
-$
-$       I = 0
-$ LOOP_EXE: 
-$       E = F$EDIT(F$ELEMENT(I, ",", EXE),"TRIM")
-$       I = I + 1
-$       IF E .EQS. "," THEN GOTO LOOP_EXE_END
-$       SET NOON
-$       IF F$SEARCH(EXE_DIR+E+".EXE") .NES. ""
-$       THEN
-$         COPY 'EXE_DIR''E'.EXE WRK_SSLEXE:'E'.EXE/log
-$         SET FILE/PROT=W:RE WRK_SSLEXE:'E'.EXE
-$       ENDIF
-$       SET ON
-$       GOTO LOOP_EXE
-$ LOOP_EXE_END:
-$
-$       SET NOON
-$       COPY CA.COM WRK_SSLEXE:CA.COM/LOG
-$       SET FILE/PROT=W:RE WRK_SSLEXE:CA.COM
-$       COPY OPENSSL-VMS.CNF WRK_SSLROOT:[000000]OPENSSL.CNF/LOG
-$       SET FILE/PROT=W:R WRK_SSLROOT:[000000]OPENSSL.CNF
-$       SET ON
-$
-$       EXIT
diff --git a/src/lib/libssl/src/apps/makeapps.com b/src/lib/libssl/src/apps/makeapps.com
deleted file mode 100644
index efc213c8ee..0000000000
--- a/src/lib/libssl/src/apps/makeapps.com
+++ /dev/null
@@ -1,1169 +0,0 @@
-$!
-$!  MAKEAPPS.COM
-$!  Written By:  Robert Byer
-$!               Vice-President
-$!               A-Com Computing, Inc.
-$!               byer@mail.all-net.net
-$!
-$!  Changes by Richard Levitte <richard@levitte.org>
-$!             Zoltan Arpadffy <zoli@polarhome.com>   
-$!
-$!  This command files compiles and creates all the various different
-$!  "application" programs for the different types of encryption for OpenSSL.
-$!  The EXE's are placed in the directory [.xxx.EXE.APPS] where "xxx" denotes
-$!  ALPHA, IA64 or VAX, depending on your machine architecture.
-$!
-$!  It was written so it would try to determine what "C" compiler to
-$!  use or you can specify which "C" compiler to use.
-$!
-$!  Specify DEBUG or NODEBUG as P1 to compile with or without debugger
-$!  information.
-$!
-$!  Specify which compiler at P2 to try to compile under.
-$!
-$!         VAXC  For VAX C.
-$!         DECC  For DEC C.
-$!         GNUC  For GNU C.
-$!
-$!  If you don't specify a compiler, it will try to determine which
-$!  "C" compiler to use.
-$!
-$!  P3, if defined, sets a TCP/IP library to use, through one of the following
-$!  keywords:
-$!
-$!      UCX             for UCX
-$!      SOCKETSHR       for SOCKETSHR+NETLIB
-$!      TCPIP           for TCPIP (post UCX)
-$!
-$!  P4, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
-$!
-$!  P5, if defined, sets a choice of programs to compile.
-$!
-$!  P6, if defined, specifies the C pointer size.  Ignored on VAX.
-$!      ("64=ARGV" gives more efficient code with HP C V7.3 or newer.)
-$!      Supported values are:
-$!
-$!      ""       Compile with default (/NOPOINTER_SIZE)
-$!      32       Compile with /POINTER_SIZE=32 (SHORT)
-$!      64       Compile with /POINTER_SIZE=64[=ARGV] (LONG[=ARGV])
-$!               (Automatically select ARGV if compiler supports it.)
-$!      64=      Compile with /POINTER_SIZE=64 (LONG).
-$!      64=ARGV  Compile with /POINTER_SIZE=64=ARGV (LONG=ARGV).
-$!
-$!  P7, if defined, specifies a directory where ZLIB files (zlib.h,
-$!  libz.olb) may be found.  Optionally, a non-default object library
-$!  name may be included ("dev:[dir]libz_64.olb", for example).
-$!
-$!
-$! Announce/identify.
-$!
-$ proc = f$environment( "procedure")
-$ write sys$output "@@@ "+ -
-   f$parse( proc, , , "name")+ f$parse( proc, , , "type")
-$!
-$ on control_c then goto exit
-$!
-$! Define A TCP/IP Library That We Will Need To Link To.
-$! (That Is, If We Need To Link To One.)
-$!
-$ TCPIP_LIB = ""
-$ ZLIB_LIB = ""
-$!
-$! Check What Architecture We Are Using.
-$!
-$ IF (F$GETSYI("CPU").LT.128)
-$ THEN
-$!
-$!  The Architecture Is VAX.
-$!
-$   ARCH = "VAX"
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$!  The Architecture Is Alpha, IA64 or whatever comes in the future.
-$!
-$   ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
-$   IF (ARCH .EQS. "") THEN ARCH = "UNK"
-$!
-$! End The Architecture Check.
-$!
-$ ENDIF
-$!
-$ ARCHD = ARCH
-$ LIB32 = "32"
-$ OPT_FILE = ""
-$ POINTER_SIZE = ""
-$!
-$! Define what programs should be compiled
-$!
-$ PROGRAMS := OPENSSL
-$!
-$! Check To Make Sure We Have Valid Command Line Parameters.
-$!
-$ GOSUB CHECK_OPTIONS
-$!
-$! Define The CRYPTO Library.
-$!
-$ CRYPTO_LIB := SYS$DISK:[-.'ARCHD'.EXE.CRYPTO]SSL_LIBCRYPTO'LIB32'.OLB
-$!
-$! Define The SSL Library.
-$!
-$ SSL_LIB := SYS$DISK:[-.'ARCHD'.EXE.SSL]SSL_LIBSSL'LIB32'.OLB
-$!
-$! Define The OBJ and EXE Directories.
-$!
-$ OBJ_DIR := SYS$DISK:[-.'ARCHD'.OBJ.APPS]
-$ EXE_DIR := SYS$DISK:[-.'ARCHD'.EXE.APPS]
-$!
-$! Specify the destination directory in any /MAP option.
-$!
-$ if (LINKMAP .eqs. "MAP")
-$ then
-$   LINKMAP = LINKMAP+ "=''EXE_DIR'"
-$ endif
-$!
-$! Add the location prefix to the linker options file name.
-$!
-$ if (OPT_FILE .nes. "")
-$ then
-$   OPT_FILE = EXE_DIR+ OPT_FILE
-$ endif
-$!
-$! Initialise logical names and such
-$!
-$ GOSUB INITIALISE
-$!
-$! Tell The User What Kind of Machine We Run On.
-$!
-$ WRITE SYS$OUTPUT "Host system architecture: ''ARCHD'"
-$!
-$! Check To See If The OBJ Directory Exists.
-$!
-$ IF (F$PARSE(OBJ_DIR).EQS."")
-$ THEN
-$!
-$!  It Dosen't Exist, So Create It.
-$!
-$   CREATE/DIRECTORY 'OBJ_DIR'
-$!
-$! End The OBJ Directory Check.
-$!
-$ ENDIF
-$!
-$! Check To See If The EXE Directory Exists.
-$!
-$ IF (F$PARSE(EXE_DIR).EQS."")
-$ THEN
-$!
-$!  It Dosen't Exist, So Create It.
-$!
-$   CREATE/DIRECTORY 'EXE_DIR'
-$!
-$! End The EXE Directory Check.
-$!
-$ ENDIF
-$!
-$! Check To See If We Have The Proper Libraries.
-$!
-$ GOSUB LIB_CHECK
-$!
-$! Check To See If We Have A Linker Option File.
-$!
-$ GOSUB CHECK_OPT_FILE
-$!
-$! Define The Application Files.
-$! NOTE: Some might think this list ugly.  However, it's made this way to
-$! reflect the E_OBJ variable in Makefile as closely as possible, thereby
-$! making it fairly easy to verify that the lists are the same.
-$!
-$ LIB_OPENSSL = "VERIFY,ASN1PARS,REQ,DGST,DH,DHPARAM,ENC,PASSWD,GENDH,ERRSTR,"+-
-                "CA,PKCS7,CRL2P7,CRL,"+-
-                "RSA,RSAUTL,DSA,DSAPARAM,EC,ECPARAM,"+-
-                "X509,GENRSA,GENDSA,GENPKEY,S_SERVER,S_CLIENT,SPEED,"+-
-                "S_TIME,APPS,S_CB,S_SOCKET,APP_RAND,VERSION,SESS_ID,"+-
-                "CIPHERS,NSEQ,PKCS12,PKCS8,PKEY,PKEYPARAM,PKEYUTL,"+ -
-                "SPKAC,SMIME,CMS,RAND,ENGINE,OCSP,PRIME,TS,SRP"
-$!
-$ LIB_OPENSSL = LIB_OPENSSL+ ",VMS_DECC_INIT"
-$!
-$ TCPIP_PROGRAMS = ",,"
-$ IF COMPILER .EQS. "VAXC" THEN -
-     TCPIP_PROGRAMS = ",OPENSSL,"
-$!
-$! Setup exceptional compilations
-$!
-$ COMPILEWITH_CC2 = ",S_SOCKET,S_SERVER,S_CLIENT,"
-$!
-$ PHASE := LIB
-$!
-$ RESTART: 
-$!
-$!  Define An App Counter And Set It To "0".
-$!
-$ APP_COUNTER = 0
-$!
-$!  Top Of The App Loop.
-$!
-$ NEXT_APP:
-$!
-$!  Make The Application File Name
-$!
-$ CURRENT_APP = F$EDIT(F$ELEMENT(APP_COUNTER,",",PROGRAMS),"TRIM")
-$!
-$!  Create The Executable File Name.
-$!
-$   EXE_FILE = EXE_DIR + CURRENT_APP + ".EXE"
-$!
-$!  Check To See If We Are At The End Of The File List.
-$!
-$ IF (CURRENT_APP.EQS.",")
-$ THEN
-$   IF (PHASE.EQS."LIB")
-$   THEN
-$     PHASE := APP
-$     GOTO RESTART
-$   ELSE
-$     GOTO APP_DONE
-$   ENDIF
-$ ENDIF
-$!
-$!  Increment The Counter.
-$!
-$ APP_COUNTER = APP_COUNTER + 1
-$!
-$!  Decide if we're building the object files or not.
-$!
-$ IF (PHASE.EQS."LIB")
-$ THEN
-$!
-$!  Define A Library File Counter And Set It To "-1".
-$!  -1 Means The Application File Name Is To Be Used.
-$!
-$   LIB_COUNTER = -1
-$!
-$!  Create a .OPT file for the object files
-$!
-$   OPEN /WRITE OBJECTS 'EXE_DIR''CURRENT_APP'.OPT
-$!
-$!  Top Of The File Loop.
-$!
-$  NEXT_LIB:
-$!
-$!  O.K, Extract The File Name From The File List.
-$!
-$   IF LIB_COUNTER .GE. 0
-$   THEN
-$     FILE_NAME = F$EDIT(F$ELEMENT(LIB_COUNTER,",",LIB_'CURRENT_APP'),"TRIM")
-$   ELSE
-$     FILE_NAME = CURRENT_APP
-$   ENDIF
-$!
-$!  Check To See If We Are At The End Of The File List.
-$!
-$   IF (FILE_NAME.EQS.",")
-$   THEN
-$     CLOSE OBJECTS
-$     GOTO NEXT_APP
-$   ENDIF
-$!
-$!  Increment The Counter.
-$!
-$   LIB_COUNTER = LIB_COUNTER + 1
-$!
-$!  Create The Source File Name.
-$!
-$   SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME + ".C"
-$!
-$!  Create The Object File Name.
-$!
-$   OBJECT_FILE = OBJ_DIR + FILE_NAME + ".OBJ"
-$   ON WARNING THEN GOTO NEXT_LIB
-$!
-$!  Check To See If The File We Want To Compile Actually Exists.
-$!
-$   IF (F$SEARCH(SOURCE_FILE).EQS."")
-$   THEN
-$!
-$!    Tell The User That The File Dosen't Exist.
-$!
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Dosen't Exist."
-$     WRITE SYS$OUTPUT ""
-$!
-$!    Exit The Build.
-$!
-$     GOTO EXIT
-$!
-$!  End The File Exist Check.
-$!
-$   ENDIF
-$!
-$!  Tell The User What We Are Building.
-$!
-$   IF (PHASE.EQS."LIB")
-$   THEN
-$     WRITE SYS$OUTPUT "Compiling The ",FILE_NAME,".C File."
-$   ELSE
-$     WRITE SYS$OUTPUT "Building The ",FILE_NAME," Application Program."
-$   ENDIF
-$!
-$!  Compile The File.
-$!
-$   ON ERROR THEN GOTO NEXT_LIB
-$   IF COMPILEWITH_CC2 - FILE_NAME .NES. COMPILEWITH_CC2
-$   THEN
-$     CC2/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
-$   ELSE
-$     CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
-$   ENDIF
-$   WRITE OBJECTS OBJECT_FILE
-$!
-$   GOTO NEXT_LIB
-$ ENDIF
-$!
-$!  Check if this program works well without a TCPIP library
-$!
-$ IF TCPIP_LIB .EQS. "" .AND. TCPIP_PROGRAMS - CURRENT_APP .NES. TCPIP_PROGRAMS
-$ THEN
-$   WRITE SYS$OUTPUT CURRENT_APP," needs a TCP/IP library.  Can't link.  Skipping..."
-$   GOTO NEXT_APP
-$ ENDIF
-$!
-$! Link The Program.
-$!
-$ ON WARNING THEN GOTO NEXT_APP
-$!
-$! Don't Link With The RSAREF Routines And TCP/IP Library.
-$!
-$ LINK /'DEBUGGER' /'LINKMAP' /'TRACEBACK' /EXE='EXE_FILE' -
-  'EXE_DIR''CURRENT_APP'.OPT /OPTIONS, -
-  'SSL_LIB' /LIBRARY, -
-  'CRYPTO_LIB' /LIBRARY -
-  'TCPIP_LIB' -
-  'ZLIB_LIB' -
-  ,'OPT_FILE' /OPTIONS
-$!
-$! Go Back And Do It Again.
-$!
-$ GOTO NEXT_APP
-$!
-$! All Done With This File.
-$!
-$ APP_DONE:
-$ EXIT:
-$!
-$! All Done, Time To Clean Up And Exit.
-$!
-$ GOSUB CLEANUP
-$ EXIT
-$!
-$! Check For The Link Option FIle.
-$!
-$ CHECK_OPT_FILE:
-$!
-$! Check To See If We Need To Make A VAX C Option File.
-$!
-$ IF (COMPILER.EQS."VAXC")
-$ THEN
-$!
-$!  Check To See If We Already Have A VAX C Linker Option File.
-$!
-$   IF (F$SEARCH(OPT_FILE).EQS."")
-$   THEN
-$!
-$!    We Need A VAX C Linker Option File.
-$!
-$     CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File To Link Against 
-! The Sharable VAX C Runtime Library.
-!
-SYS$SHARE:VAXCRTL.EXE/SHARE
-$EOD
-$!
-$!  End The Option File Check.
-$!
-$   ENDIF
-$!
-$! End The VAXC Check.
-$!
-$ ENDIF
-$!
-$! Check To See If We Need A GNU C Option File.
-$!
-$ IF (COMPILER.EQS."GNUC")
-$ THEN
-$!
-$!  Check To See If We Already Have A GNU C Linker Option File.
-$!
-$   IF (F$SEARCH(OPT_FILE).EQS."")
-$   THEN
-$!
-$!    We Need A GNU C Linker Option File.
-$!
-$     CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File To Link Against 
-! The Sharable C Runtime Library.
-!
-GNU_CC:[000000]GCCLIB/LIBRARY
-SYS$SHARE:VAXCRTL/SHARE
-$EOD
-$!
-$!  End The Option File Check.
-$!
-$   ENDIF
-$!
-$! End The GNU C Check.
-$!
-$ ENDIF
-$!
-$! Check To See If We Need A DEC C Option File.
-$!
-$ IF (COMPILER.EQS."DECC")
-$ THEN
-$!
-$!  Check To See If We Already Have A DEC C Linker Option File.
-$!
-$   IF (F$SEARCH(OPT_FILE).EQS."")
-$   THEN
-$!
-$!    Figure Out If We Need An AXP Or A VAX Linker Option File.
-$!
-$     IF ARCH.EQS."VAX"
-$     THEN
-$!
-$!      We Need A DEC C Linker Option File For VAX.
-$!
-$       CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File To Link Against 
-! The Sharable DEC C Runtime Library.
-!
-SYS$SHARE:DECC$SHR.EXE/SHARE
-$EOD
-$!
-$!    Else...
-$!
-$     ELSE
-$!
-$!      Create The non-VAX Linker Option File.
-$!
-$       CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File For non-VAX To Link Against 
-! The Sharable C Runtime Library.
-!
-SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
-SYS$SHARE:CMA$OPEN_RTL/SHARE
-$EOD
-$!
-$!    End The DEC C Option File Check.
-$!
-$     ENDIF
-$!
-$!  End The Option File Search.
-$!
-$   ENDIF
-$!
-$! End The DEC C Check.
-$!
-$ ENDIF
-$!
-$!  Tell The User What Linker Option File We Are Using.
-$!
-$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"."     
-$!
-$! Time To RETURN.
-$!
-$ RETURN
-$!
-$! Check To See If We Have The Appropiate Libraries.
-$!
-$ LIB_CHECK:
-$!
-$! Look For The Library LIBCRYPTO.OLB.
-$!
-$ IF (F$SEARCH(CRYPTO_LIB).EQS."")
-$ THEN
-$!
-$!  Tell The User We Can't Find The LIBCRYPTO.OLB Library.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "Can't Find The Library ",CRYPTO_LIB,"."
-$   WRITE SYS$OUTPUT "We Can't Link Without It."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Since We Can't Link Without It, Exit.
-$!
-$   EXIT
-$!
-$! End The Crypto Library Check.
-$!
-$ ENDIF
-$!
-$! Look For The Library LIBSSL.OLB.
-$!
-$ IF (F$SEARCH(SSL_LIB).EQS."")
-$ THEN
-$!
-$!  Tell The User We Can't Find The LIBSSL.OLB Library.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "Can't Find The Library ",SSL_LIB,"."
-$   WRITE SYS$OUTPUT "Some Of The Test Programs Need To Link To It."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Since We Can't Link Without It, Exit.
-$!
-$   EXIT
-$!
-$! End The SSL Library Check.
-$!
-$ ENDIF
-$!
-$! Time To Return.
-$!
-$ RETURN
-$!
-$! Check The User's Options.
-$!
-$ CHECK_OPTIONS:
-$!
-$! Check To See If P1 Is Blank.
-$!
-$ IF (P1.EQS."NODEBUG")
-$ THEN
-$!
-$!  P1 Is NODEBUG, So Compile Without Debugger Information.
-$!
-$   DEBUGGER  = "NODEBUG"
-$   LINKMAP = "NOMAP"
-$   TRACEBACK = "NOTRACEBACK" 
-$   GCC_OPTIMIZE = "OPTIMIZE"
-$   CC_OPTIMIZE = "OPTIMIZE"
-$   WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
-$   WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$!  Check To See If We Are To Compile With Debugger Information.
-$!
-$   IF (P1.EQS."DEBUG")
-$   THEN
-$!
-$!    Compile With Debugger Information.
-$!
-$     DEBUGGER  = "DEBUG"
-$     LINKMAP = "MAP"
-$     TRACEBACK = "TRACEBACK"
-$     GCC_OPTIMIZE = "NOOPTIMIZE"
-$     CC_OPTIMIZE = "NOOPTIMIZE"
-$     WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile."
-$     WRITE SYS$OUTPUT "Compiling Without Compiler Optimization."
-$   ELSE
-$!
-$!    Tell The User Entered An Invalid Option.
-$!
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "The Option ",P1," Is Invalid.  The Valid Options Are:"
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "    DEBUG    :  Compile With The Debugger Information."
-$     WRITE SYS$OUTPUT "    NODEBUG  :  Compile Without The Debugger Information."
-$     WRITE SYS$OUTPUT ""
-$!
-$!    Time To EXIT.
-$!
-$     EXIT
-$!
-$!  End The Valid Argument Check.
-$!
-$   ENDIF
-$!
-$! End The P1 Check.
-$!
-$ ENDIF
-$!
-$! Check P6 (POINTER_SIZE).
-$!
-$ IF (P6 .NES. "") .AND. (ARCH .NES. "VAX")
-$ THEN
-$!
-$   IF (P6 .EQS. "32")
-$   THEN
-$     POINTER_SIZE = " /POINTER_SIZE=32"
-$   ELSE
-$     POINTER_SIZE = F$EDIT( P6, "COLLAPSE, UPCASE")
-$     IF ((POINTER_SIZE .EQS. "64") .OR. -
-       (POINTER_SIZE .EQS. "64=") .OR. -
-       (POINTER_SIZE .EQS. "64=ARGV"))
-$     THEN
-$       ARCHD = ARCH+ "_64"
-$       LIB32 = ""
-$       IF (F$EXTRACT( 2, 1, POINTER_SIZE) .EQS. "=")
-$       THEN
-$!        Explicit user choice: "64" or "64=ARGV".
-$         IF (POINTER_SIZE .EQS. "64=") THEN POINTER_SIZE = "64"
-$       ELSE
-$         SET NOON
-$         DEFINE /USER_MODE SYS$OUTPUT NL:
-$         DEFINE /USER_MODE SYS$ERROR NL:
-$         CC /NOLIST /NOOBJECT /POINTER_SIZE=64=ARGV NL:
-$         IF ($STATUS .AND. %X0FFF0000) .EQ. %X00030000
-$         THEN
-$           ! If we got here, it means DCL complained like this:
-$           ! %DCL-W-NOVALU, value not allowed - remove value specification
-$           !  \64=\
-$           !
-$           ! If the compiler was run, logicals defined in /USER would
-$           ! have been deassigned automatically.  However, when DCL
-$           ! complains, they aren't, so we do it here (it might be
-$           ! unnecessary, but just in case there will be another error
-$           ! message further on that we don't want to miss)
-$           DEASSIGN /USER_MODE SYS$ERROR
-$           DEASSIGN /USER_MODE SYS$OUTPUT
-$         ELSE
-$           POINTER_SIZE = POINTER_SIZE + "=ARGV"
-$         ENDIF
-$         SET ON
-$       ENDIF
-$       POINTER_SIZE = " /POINTER_SIZE=''POINTER_SIZE'"
-$!
-$     ELSE
-$!
-$!      Tell The User Entered An Invalid Option.
-$!
-$       WRITE SYS$OUTPUT ""
-$       WRITE SYS$OUTPUT "The Option ", P6, -
-         " Is Invalid.  The Valid Options Are:"
-$       WRITE SYS$OUTPUT ""
-$       WRITE SYS$OUTPUT -
-         "    """"  :  Compile with default (short) pointers."
-$       WRITE SYS$OUTPUT -
-         "    32  :  Compile with 32-bit (short) pointers."
-$       WRITE SYS$OUTPUT -
-         "    64       :  Compile with 64-bit (long) pointers (auto ARGV)."
-$       WRITE SYS$OUTPUT -
-         "    64=      :  Compile with 64-bit (long) pointers (no ARGV)."
-$       WRITE SYS$OUTPUT -
-         "    64=ARGV  :  Compile with 64-bit (long) pointers (ARGV)."
-$       WRITE SYS$OUTPUT ""
-$! 
-$!      Time To EXIT.
-$!
-$       EXIT
-$!
-$     ENDIF
-$!
-$   ENDIF
-$!
-$! End The P6 (POINTER_SIZE) Check.
-$!
-$ ENDIF
-$!
-$! Set basic C compiler /INCLUDE directories.
-$!
-$ CC_INCLUDES = "SYS$DISK:[-],SYS$DISK:[-.CRYPTO]"
-$!
-$! Check To See If P2 Is Blank.
-$!
-$ IF (P2.EQS."")
-$ THEN
-$!
-$!  O.K., The User Didn't Specify A Compiler, Let's Try To
-$!  Find Out Which One To Use.
-$!
-$!  Check To See If We Have GNU C.
-$!
-$   IF (F$TRNLNM("GNU_CC").NES."")
-$   THEN
-$!
-$!    Looks Like GNUC, Set To Use GNUC.
-$!
-$     P2 = "GNUC"
-$!
-$!  Else...
-$!
-$   ELSE
-$!
-$!  Check To See If We Have VAXC Or DECC.
-$!
-$     IF (ARCH.NES."VAX").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
-$     THEN 
-$!
-$!      Looks Like DECC, Set To Use DECC.
-$!
-$       P2 = "DECC"
-$!
-$!    Else...
-$!
-$     ELSE
-$!
-$!      Looks Like VAXC, Set To Use VAXC.
-$!
-$       P2 = "VAXC"
-$!
-$!    End The VAXC Compiler Check.
-$!
-$     ENDIF
-$!
-$!  End The DECC & VAXC Compiler Check.
-$!
-$   ENDIF
-$!
-$!  End The Compiler Check.
-$!
-$ ENDIF
-$!
-$! Check To See If We Have A Option For P3.
-$!
-$ IF (P3.EQS."")
-$ THEN
-$!
-$!  Find out what socket library we have available
-$!
-$   IF F$PARSE("SOCKETSHR:") .NES. ""
-$   THEN
-$!
-$!    We have SOCKETSHR, and it is my opinion that it's the best to use.
-$!
-$     P3 = "SOCKETSHR"
-$!
-$!    Tell the user
-$!
-$     WRITE SYS$OUTPUT "Using SOCKETSHR for TCP/IP"
-$!
-$!    Else, let's look for something else
-$!
-$   ELSE
-$!
-$!    Like UCX (the reason to do this before Multinet is that the UCX
-$!    emulation is easier to use...)
-$!
-$     IF F$TRNLNM("UCX$IPC_SHR") .NES. "" -
-         .OR. F$PARSE("SYS$SHARE:UCX$IPC_SHR.EXE") .NES. "" -
-         .OR. F$PARSE("SYS$LIBRARY:UCX$IPC.OLB") .NES. ""
-$     THEN
-$!
-$!      Last resort: a UCX or UCX-compatible library
-$!
-$       P3 = "UCX"
-$!
-$!      Tell the user
-$!
-$       WRITE SYS$OUTPUT "Using UCX or an emulation thereof for TCP/IP"
-$!
-$!      That was all...
-$!
-$     ENDIF
-$   ENDIF
-$ ENDIF
-$!
-$! Set Up Initial CC Definitions, Possibly With User Ones
-$!
-$ CCDEFS = "MONOLITH"
-$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
-$ CCEXTRAFLAGS = ""
-$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = "" !!! "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
-$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
-        CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
-$!
-$! Check To See If We Have A ZLIB Option.
-$!
-$ ZLIB = P7
-$ IF (ZLIB .NES. "")
-$ THEN
-$!
-$!  Check for expected ZLIB files.
-$!
-$   err = 0
-$   file1 = f$parse( "zlib.h", ZLIB, , , "SYNTAX_ONLY")
-$   if (f$search( file1) .eqs. "")
-$   then
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid."
-$     WRITE SYS$OUTPUT "    Can't find header: ''file1'"
-$     err = 1
-$   endif
-$   file1 = f$parse( "A.;", ZLIB)- "A.;"
-$!
-$   file2 = f$parse( ZLIB, "libz.olb", , , "SYNTAX_ONLY")
-$   if (f$search( file2) .eqs. "")
-$   then
-$     if (err .eq. 0)
-$     then
-$       WRITE SYS$OUTPUT ""
-$       WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid."
-$     endif
-$     WRITE SYS$OUTPUT "    Can't find library: ''file2'"
-$     WRITE SYS$OUTPUT ""
-$     err = err+ 2
-$   endif
-$   if (err .eq. 1)
-$   then
-$     WRITE SYS$OUTPUT ""
-$   endif
-$!
-$   if (err .ne. 0)
-$   then
-$     EXIT
-$   endif
-$!
-$   CCDEFS = """ZLIB=1"", "+ CCDEFS
-$   CC_INCLUDES = CC_INCLUDES+ ", "+ file1
-$   ZLIB_LIB = ", ''file2' /library"
-$!
-$!  Print info
-$!
-$   WRITE SYS$OUTPUT "ZLIB library spec: ", file2
-$!
-$! End The ZLIB Check.
-$!
-$ ENDIF
-$!
-$!  Check To See If The User Entered A Valid Parameter.
-$!
-$ IF (P2.EQS."VAXC").OR.(P2.EQS."DECC").OR.(P2.EQS."GNUC")
-$ THEN
-$!
-$!  Check To See If The User Wanted DECC.
-$!
-$   IF (P2.EQS."DECC")
-$   THEN
-$!
-$!    Looks Like DECC, Set To Use DECC.
-$!
-$     COMPILER = "DECC"
-$!
-$!    Tell The User We Are Using DECC.
-$!
-$     WRITE SYS$OUTPUT "Using DECC 'C' Compiler."
-$!
-$!    Use DECC...
-$!
-$     CC = "CC"
-$     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
-         THEN CC = "CC/DECC"
-$     CC = CC + " /''CC_OPTIMIZE' /''DEBUGGER' /STANDARD=RELAXED"+ -
-       "''POINTER_SIZE' /NOLIST /PREFIX=ALL" + -
-       " /INCLUDE=(''CC_INCLUDES') " + CCEXTRAFLAGS
-$!
-$!    Define The Linker Options File Name.
-$!
-$     OPT_FILE = "VAX_DECC_OPTIONS.OPT"
-$!
-$!  End DECC Check.
-$!
-$   ENDIF
-$!
-$!  Check To See If We Are To Use VAXC.
-$!
-$   IF (P2.EQS."VAXC")
-$   THEN
-$!
-$!    Looks Like VAXC, Set To Use VAXC.
-$!
-$     COMPILER = "VAXC"
-$!
-$!    Tell The User We Are Using VAX C.
-$     WRITE SYS$OUTPUT "Using VAXC 'C' Compiler."
-$!
-$!    Compile Using VAXC.
-$!
-$     CC = "CC"
-$     IF ARCH.NES."VAX"
-$     THEN
-$       WRITE SYS$OUTPUT "There is no VAX C on ''ARCH'!"
-$       EXIT
-$     ENDIF
-$     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
-$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-           "/INCLUDE=(''CC_INCLUDES')" + CCEXTRAFLAGS
-$     CCDEFS = CCDEFS + ",""VAXC"""
-$!
-$!    Define <sys> As SYS$COMMON:[SYSLIB]
-$!
-$     DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
-$!
-$!    Define The Linker Options File Name.
-$!
-$     OPT_FILE = "VAX_VAXC_OPTIONS.OPT"
-$!
-$!  End VAXC Check
-$!
-$   ENDIF
-$!
-$!  Check To See If We Are To Use GNU C.
-$!
-$   IF (P2.EQS."GNUC")
-$   THEN
-$!
-$!    Looks Like GNUC, Set To Use GNUC.
-$!
-$     COMPILER = "GNUC"
-$!
-$!    Tell The User We Are Using GNUC.
-$!
-$     WRITE SYS$OUTPUT "Using GNU 'C' Compiler."
-$!
-$!    Use GNU C...
-$!
-$     IF F$TYPE(GCC) .EQS. "" THEN GCC := GCC
-$     CC = GCC+"/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-           "/INCLUDE=(''CC_INCLUDES')" + CCEXTRAFLAGS
-$!
-$!    Define The Linker Options File Name.
-$!
-$     OPT_FILE = "VAX_GNUC_OPTIONS.OPT"
-$!
-$!  End The GNU C Check.
-$!
-$   ENDIF
-$!
-$!  Set up default defines
-$!
-$   CCDEFS = """FLAT_INC=1""," + CCDEFS
-$!
-$!  Else The User Entered An Invalid Argument.
-$!
-$ ELSE
-$!
-$!  Tell The User We Don't Know What They Want.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The Option ",P2," Is Invalid.  The Valid Options Are:"
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "    VAXC  :  To Compile With VAX C."
-$   WRITE SYS$OUTPUT "    DECC  :  To Compile With DEC C."
-$   WRITE SYS$OUTPUT "    GNUC  :  To Compile With GNU C."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Time To EXIT.
-$!
-$   EXIT
-$ ENDIF
-$!
-$! Time to check the contents, and to make sure we get the correct library.
-$!
-$ IF P3.EQS."SOCKETSHR" .OR. P3.EQS."MULTINET" .OR. P3.EQS."UCX" -
-     .OR. P3.EQS."TCPIP" .OR. P3.EQS."NONE"
-$ THEN
-$!
-$!  Check to see if SOCKETSHR was chosen
-$!
-$   IF P3.EQS."SOCKETSHR"
-$   THEN
-$!
-$!    Set the library to use SOCKETSHR
-$!
-$     TCPIP_LIB = ",SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT /OPTIONS"
-$!
-$!    Done with SOCKETSHR
-$!
-$   ENDIF
-$!
-$!  Check to see if MULTINET was chosen
-$!
-$   IF P3.EQS."MULTINET"
-$   THEN
-$!
-$!    Set the library to use UCX emulation.
-$!
-$     P3 = "UCX"
-$!
-$!    Done with MULTINET
-$!
-$   ENDIF
-$!
-$!  Check to see if UCX was chosen
-$!
-$   IF P3.EQS."UCX"
-$   THEN
-$!
-$!    Set the library to use UCX.
-$!
-$     TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT /OPTIONS"
-$     IF F$TRNLNM("UCX$IPC_SHR") .NES. ""
-$     THEN
-$       TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT /OPTIONS"
-$     ELSE
-$       IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN -
-          TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT /OPTIONS"
-$     ENDIF
-$!
-$!    Done with UCX
-$!
-$   ENDIF
-$!
-$!  Check to see if TCPIP (post UCX) was chosen
-$!
-$   IF P3.EQS."TCPIP"
-$   THEN
-$!
-$!    Set the library to use TCPIP.
-$!
-$     TCPIP_LIB = ",SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT /OPTIONS"
-$!
-$!    Done with TCPIP
-$!
-$   ENDIF
-$!
-$!  Check to see if NONE was chosen
-$!
-$   IF P3.EQS."NONE"
-$   THEN
-$!
-$!    Do not use TCPIP.
-$!
-$     TCPIP_LIB = ""
-$!
-$!    Done with TCPIP
-$!
-$   ENDIF
-$!
-$!  Add TCP/IP type to CC definitions.
-$!
-$   CCDEFS = CCDEFS + ",TCPIP_TYPE_''P3'"
-$!
-$!  Print info
-$!
-$   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB- ","
-$!
-$!  Else The User Entered An Invalid Argument.
-$!
-$ ELSE
-$!
-$!  Tell The User We Don't Know What They Want.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The Option ",P3," Is Invalid.  The Valid Options Are:"
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "    SOCKETSHR  :  To link with SOCKETSHR TCP/IP library."
-$   WRITE SYS$OUTPUT "    UCX        :  To link with UCX TCP/IP library."
-$   WRITE SYS$OUTPUT "    TCPIP      :  To link with TCPIP (post UCX) TCP/IP library."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Time To EXIT.
-$!
-$   EXIT
-$!
-$!  Done with TCP/IP libraries
-$!
-$ ENDIF
-$!
-$! Finish up the definition of CC.
-$!
-$ IF COMPILER .EQS. "DECC"
-$ THEN
-$   IF CCDISABLEWARNINGS .NES. ""
-$   THEN
-$     CCDISABLEWARNINGS = " /WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
-$   ENDIF
-$ ELSE
-$   CCDISABLEWARNINGS = ""
-$ ENDIF
-$ CC2 = CC + " /DEFINE=(" + CCDEFS + ",_POSIX_C_SOURCE)" + CCDISABLEWARNINGS
-$ CC = CC + " /DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
-$!
-$! Show user the result
-$!
-$ WRITE/SYMBOL SYS$OUTPUT "Main Compiling Command: ",CC
-$!
-$! Special Threads For OpenVMS v7.1 Or Later
-$!
-$! Written By:  Richard Levitte
-$!              richard@levitte.org
-$!
-$!
-$! Check To See If We Have A Option For P4.
-$!
-$ IF (P4.EQS."")
-$ THEN
-$!
-$!  Get The Version Of VMS We Are Using.
-$!
-$   ISSEVEN :=
-$   TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION")))
-$   TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP))
-$!
-$!  Check To See If The VMS Version Is v7.1 Or Later.
-$!
-$   IF (TMP.GE.71)
-$   THEN
-$!
-$!    We Have OpenVMS v7.1 Or Later, So Use The Special Threads.
-$!
-$     ISSEVEN := ,PTHREAD_USE_D4
-$!
-$!  End The VMS Version Check.
-$!
-$   ENDIF
-$!
-$! End The P4 Check.
-$!
-$ ENDIF
-$!
-$! Check if the user wanted to compile just a subset of all the programs.
-$!
-$ IF P5 .NES. ""
-$ THEN
-$   PROGRAMS = P5
-$ ENDIF
-$!
-$!  Time To RETURN...
-$!
-$ RETURN
-$!
-$ INITIALISE:
-$!
-$! Save old value of the logical name OPENSSL
-$!
-$ __SAVE_OPENSSL = F$TRNLNM("OPENSSL","LNM$PROCESS_TABLE")
-$!
-$! Save directory information
-$!
-$ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A.;"
-$ __HERE = F$EDIT(__HERE,"UPCASE")
-$ __TOP = __HERE - "APPS]"
-$ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
-$!
-$! Set up the logical name OPENSSL to point at the include directory
-$!
-$ DEFINE OPENSSL /NOLOG '__INCLUDE'
-$!
-$! Done
-$!
-$ RETURN
-$!
-$ CLEANUP:
-$!
-$! Restore the saved logical name OPENSSL, if it had a value.
-$!
-$ if (f$type( __SAVE_OPENSSL) .nes. "")
-$ then
-$   IF __SAVE_OPENSSL .EQS. ""
-$   THEN
-$     DEASSIGN OPENSSL
-$   ELSE
-$     DEFINE /NOLOG OPENSSL '__SAVE_OPENSSL'
-$   ENDIF
-$ endif
-$!
-$! Close any open files.
-$!
-$ if (f$trnlnm( "objects", "LNM$PROCESS", 0, "SUPERVISOR") .nes. "") then -
-   close objects
-$!
-$! Done
-$!
-$ RETURN
-$!
diff --git a/src/lib/libssl/src/apps/ocsp.c b/src/lib/libssl/src/apps/ocsp.c
index 01847dfad7..83c5a76700 100644
--- a/src/lib/libssl/src/apps/ocsp.c
+++ b/src/lib/libssl/src/apps/ocsp.c
@@ -617,7 +617,7 @@ int MAIN(int argc, char **argv)
                 BIO_printf (bio_err, "-ndays n           number of days before next update\n");
                 BIO_printf (bio_err, "-resp_key_id       identify reponse by signing certificate key ID\n");
                 BIO_printf (bio_err, "-nrequest n        number of requests to accept (default unlimited)\n");
-                BIO_printf (bio_err, "-<dgst alg>     use specified digest in the request");
+                BIO_printf (bio_err, "-<dgst alg>     use specified digest in the request\n");
                 goto end;
                 }
 
diff --git a/src/lib/libssl/src/apps/openssl.c b/src/lib/libssl/src/apps/openssl.c
index 1c880d90ba..71e1e48ece 100644
--- a/src/lib/libssl/src/apps/openssl.c
+++ b/src/lib/libssl/src/apps/openssl.c
@@ -117,6 +117,7 @@
 #include "apps.h"
 #include <openssl/bio.h>
 #include <openssl/crypto.h>
+#include <openssl/rand.h>
 #include <openssl/lhash.h>
 #include <openssl/conf.h>
 #include <openssl/x509.h>
diff --git a/src/lib/libssl/src/apps/pkcs12.c b/src/lib/libssl/src/apps/pkcs12.c
index b54c6f84a4..4d62a7b8ca 100644
--- a/src/lib/libssl/src/apps/pkcs12.c
+++ b/src/lib/libssl/src/apps/pkcs12.c
@@ -112,7 +112,7 @@ int MAIN(int argc, char **argv)
     int maciter = PKCS12_DEFAULT_ITER;
     int twopass = 0;
     int keytype = 0;
-    int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
+    int cert_pbe;
     int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
     int ret = 1;
     int macver = 1;
@@ -130,6 +130,13 @@ int MAIN(int argc, char **argv)
 
     apps_startup();
 
+#ifdef OPENSSL_FIPS
+    if (FIPS_mode())
+        cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+    else
+#endif
+    cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
+
     enc = EVP_des_ede3_cbc();
     if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
 
diff --git a/src/lib/libssl/src/apps/req.c b/src/lib/libssl/src/apps/req.c
index 85526581ce..5e034a85e8 100644
--- a/src/lib/libssl/src/apps/req.c
+++ b/src/lib/libssl/src/apps/req.c
@@ -644,6 +644,11 @@ bad:
                 if (inrand)
                         app_RAND_load_files(inrand);
 
+                if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
+                        {
+                        newkey=DEFAULT_KEY_LENGTH;
+                        }
+
                 if (keyalg)
                         {
                         genctx = set_keygen_ctx(bio_err, keyalg, &pkey_type, &newkey,
@@ -652,12 +657,6 @@ bad:
                                 goto end;
                         }
         
-                if (newkey <= 0)
-                        {
-                        if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
-                                newkey=DEFAULT_KEY_LENGTH;
-                        }
-
                 if (newkey < MIN_KEY_LENGTH && (pkey_type == EVP_PKEY_RSA || pkey_type == EVP_PKEY_DSA))
                         {
                         BIO_printf(bio_err,"private key length is too short,\n");
@@ -1649,6 +1648,8 @@ static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, int *pkey_type,
                                 keylen = atol(p + 1);
                                 *pkeylen = keylen;
                                 }
+                        else
+                                keylen = *pkeylen;
                         }
                 else if (p)
                         paramfile = p + 1;
diff --git a/src/lib/libssl/src/apps/s_cb.c b/src/lib/libssl/src/apps/s_cb.c
index 2cd73376df..84c3b447c2 100644
--- a/src/lib/libssl/src/apps/s_cb.c
+++ b/src/lib/libssl/src/apps/s_cb.c
@@ -237,8 +237,8 @@ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
 
                 /* If we are using DSA, we can copy the parameters from
                  * the private key */
-                
-                
+
+
                 /* Now we know that a key and cert have been set against
                  * the SSL context */
                 if (!SSL_CTX_check_private_key(ctx))
@@ -436,6 +436,8 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *
 
         if (version == SSL3_VERSION ||
             version == TLS1_VERSION ||
+            version == TLS1_1_VERSION ||
+            version == TLS1_2_VERSION ||
             version == DTLS1_VERSION ||
             version == DTLS1_BAD_VER)
                 {
diff --git a/src/lib/libssl/src/apps/s_client.c b/src/lib/libssl/src/apps/s_client.c
index 5e60c8371b..eb8b8eef67 100644
--- a/src/lib/libssl/src/apps/s_client.c
+++ b/src/lib/libssl/src/apps/s_client.c
@@ -365,12 +365,14 @@ static void sc_usage(void)
         BIO_printf(bio_err," -tlsextdebug      - hex dump of all TLS extensions received\n");
         BIO_printf(bio_err," -status           - request certificate status from server\n");
         BIO_printf(bio_err," -no_ticket        - disable use of RFC4507bis session tickets\n");
-# if !defined(OPENSSL_NO_NEXTPROTONEG)
+# ifndef OPENSSL_NO_NEXTPROTONEG
         BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n");
 # endif
 #endif
         BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
+#ifndef OPENSSL_NO_SRTP
         BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
+#endif
         BIO_printf(bio_err," -keymatexport label   - Export keying material using label\n");
         BIO_printf(bio_err," -keymatexportlen len  - Export len bytes of keying material (default 20)\n");
         }
@@ -510,7 +512,9 @@ static char * MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
         }
 
 #endif
+#ifndef OPENSSL_NO_SRTP
         char *srtp_profiles = NULL;
+#endif
 
 # ifndef OPENSSL_NO_NEXTPROTONEG
 /* This the context that we pass to next_proto_cb */
@@ -544,7 +548,7 @@ static int next_proto_cb(SSL *s, unsigned char **out, unsigned char *outlen, con
         ctx->status = SSL_select_next_proto(out, outlen, in, inlen, ctx->data, ctx->len);
         return SSL_TLSEXT_ERR_OK;
         }
-# endif
+# endif  /* ndef OPENSSL_NO_NEXTPROTONEG */
 #endif
 
 enum
@@ -955,11 +959,13 @@ int MAIN(int argc, char **argv)
                         jpake_secret = *++argv;
                         }
 #endif
+#ifndef OPENSSL_NO_SRTP
                 else if (strcmp(*argv,"-use_srtp") == 0)
                         {
                         if (--argc < 1) goto bad;
                         srtp_profiles = *(++argv);
                         }
+#endif
                 else if (strcmp(*argv,"-keymatexport") == 0)
                         {
                         if (--argc < 1) goto bad;
@@ -1140,6 +1146,8 @@ bad:
                         BIO_printf(bio_c_out, "PSK key given or JPAKE in use, setting client callback\n");
                 SSL_CTX_set_psk_client_callback(ctx, psk_client_cb);
                 }
+#endif
+#ifndef OPENSSL_NO_SRTP
         if (srtp_profiles != NULL)
                 SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles);
 #endif
@@ -1905,6 +1913,10 @@ end:
                         print_stuff(bio_c_out,con,1);
                 SSL_free(con);
                 }
+#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
+        if (next_proto.data)
+                OPENSSL_free(next_proto.data);
+#endif
         if (ctx != NULL) SSL_CTX_free(ctx);
         if (cert)
                 X509_free(cert);
@@ -1912,6 +1924,8 @@ end:
                 EVP_PKEY_free(key);
         if (pass)
                 OPENSSL_free(pass);
+        if (vpm)
+                X509_VERIFY_PARAM_free(vpm);
         if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
         if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
         if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); }
@@ -2076,6 +2090,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
         }
 #endif
 
+#ifndef OPENSSL_NO_SRTP
         {
         SRTP_PROTECTION_PROFILE *srtp_profile=SSL_get_selected_srtp_profile(s);
  
@@ -2083,6 +2098,7 @@ static void print_stuff(BIO *bio, SSL *s, int full)
                 BIO_printf(bio,"SRTP Extension negotiated, profile=%s\n",
                            srtp_profile->name);
         }
+#endif
  
         SSL_SESSION_print(bio,SSL_get_session(s));
         if (keymatexportlabel != NULL)
diff --git a/src/lib/libssl/src/apps/s_server.c b/src/lib/libssl/src/apps/s_server.c
index 3f9b3704c6..8198d7f065 100644
--- a/src/lib/libssl/src/apps/s_server.c
+++ b/src/lib/libssl/src/apps/s_server.c
@@ -556,7 +556,9 @@ static void sv_usage(void)
 # ifndef OPENSSL_NO_NEXTPROTONEG
         BIO_printf(bio_err," -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n");
 # endif
+# ifndef OPENSSL_NO_SRTP
         BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
+# endif
 #endif
         BIO_printf(bio_err," -keymatexport label   - Export keying material using label\n");
         BIO_printf(bio_err," -keymatexportlen len  - Export len bytes of keying material (default 20)\n");
@@ -923,7 +925,9 @@ static char *jpake_secret = NULL;
 #ifndef OPENSSL_NO_SRP
         static srpsrvparm srp_callback_parm;
 #endif
+#ifndef OPENSSL_NO_SRTP
 static char *srtp_profiles = NULL;
+#endif
 
 int MAIN(int argc, char *argv[])
         {
@@ -1206,13 +1210,13 @@ int MAIN(int argc, char *argv[])
                         {
                         if (--argc < 1) goto bad;
                         srp_verifier_file = *(++argv);
-                        meth=TLSv1_server_method();
+                        meth = TLSv1_server_method();
                         }
                 else if (strcmp(*argv, "-srpuserseed") == 0)
                         {
                         if (--argc < 1) goto bad;
                         srpuserseed = *(++argv);
-                        meth=TLSv1_server_method();
+                        meth = TLSv1_server_method();
                         }
 #endif
                 else if (strcmp(*argv,"-www") == 0)
@@ -1319,11 +1323,13 @@ int MAIN(int argc, char *argv[])
                         jpake_secret = *(++argv);
                         }
 #endif
+#ifndef OPENSSL_NO_SRTP
                 else if (strcmp(*argv,"-use_srtp") == 0)
                         {
                         if (--argc < 1) goto bad;
                         srtp_profiles = *(++argv);
                         }
+#endif
                 else if (strcmp(*argv,"-keymatexport") == 0)
                         {
                         if (--argc < 1) goto bad;
@@ -1431,25 +1437,24 @@ bad:
                                 goto end;
                                 }
                         }
-
-# ifndef OPENSSL_NO_NEXTPROTONEG
-                if (next_proto_neg_in)
-                        {
-                        unsigned short len;
-                        next_proto.data = next_protos_parse(&len,
-                                next_proto_neg_in);
-                        if (next_proto.data == NULL)
-                                goto end;
-                        next_proto.len = len;
-                        }
-                else
-                        {
-                        next_proto.data = NULL;
-                        }
-# endif
 #endif
                 }
 
+#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) 
+        if (next_proto_neg_in)
+                {
+                unsigned short len;
+                next_proto.data = next_protos_parse(&len, next_proto_neg_in);
+                if (next_proto.data == NULL)
+                        goto end;
+                next_proto.len = len;
+                }
+        else
+                {
+                next_proto.data = NULL;
+                }
+#endif
+
 
         if (s_dcert_file)
                 {
@@ -1550,8 +1555,10 @@ bad:
         else
                 SSL_CTX_sess_set_cache_size(ctx,128);
 
+#ifndef OPENSSL_NO_SRTP
         if (srtp_profiles != NULL)
                 SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles);
+#endif
 
 #if 0
         if (cipher == NULL) cipher=getenv("SSL_CIPHER");
@@ -1730,7 +1737,7 @@ bad:
                 }
 #endif
         
-        if (!set_cert_key_stuff(ctx,s_cert,s_key))
+        if (!set_cert_key_stuff(ctx, s_cert, s_key))
                 goto end;
 #ifndef OPENSSL_NO_TLSEXT
         if (ctx2 && !set_cert_key_stuff(ctx2,s_cert2,s_key2))
@@ -1738,7 +1745,7 @@ bad:
 #endif
         if (s_dcert != NULL)
                 {
-                if (!set_cert_key_stuff(ctx,s_dcert,s_dkey))
+                if (!set_cert_key_stuff(ctx, s_dcert, s_dkey))
                         goto end;
                 }
 
@@ -1893,7 +1900,15 @@ end:
                 OPENSSL_free(pass);
         if (dpass)
                 OPENSSL_free(dpass);
+        if (vpm)
+                X509_VERIFY_PARAM_free(vpm);
 #ifndef OPENSSL_NO_TLSEXT
+        if (tlscstatp.host)
+                OPENSSL_free(tlscstatp.host);
+        if (tlscstatp.port)
+                OPENSSL_free(tlscstatp.port);
+        if (tlscstatp.path)
+                OPENSSL_free(tlscstatp.path);
         if (ctx2 != NULL) SSL_CTX_free(ctx2);
         if (s_cert2)
                 X509_free(s_cert2);
@@ -2433,6 +2448,7 @@ static int init_ssl_connection(SSL *con)
                 BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);
         str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));
         BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");
+
 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
         SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len);
         if (next_proto_neg)
@@ -2442,6 +2458,7 @@ static int init_ssl_connection(SSL *con)
                 BIO_printf(bio_s_out, "\n");
                 }
 #endif
+#ifndef OPENSSL_NO_SRTP
         {
         SRTP_PROTECTION_PROFILE *srtp_profile
           = SSL_get_selected_srtp_profile(con);
@@ -2450,6 +2467,7 @@ static int init_ssl_connection(SSL *con)
                 BIO_printf(bio_s_out,"SRTP Extension negotiated, profile=%s\n",
                            srtp_profile->name);
         }
+#endif
         if (SSL_cache_hit(con)) BIO_printf(bio_s_out,"Reused session-id\n");
         if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) &
                 TLS1_FLAGS_TLS_PADDING_BUG)
@@ -2701,6 +2719,11 @@ static int www_body(char *hostname, int s, unsigned char *context)
                                 }
                         BIO_puts(io,"\n");
 
+                        BIO_printf(io,
+                                "Secure Renegotiation IS%s supported\n",
+                                SSL_get_secure_renegotiation_support(con) ?
+                                                        "" : " NOT");
+
                         /* The following is evil and should not really
                          * be done */
                         BIO_printf(io,"Ciphers supported in s_server binary\n");
diff --git a/src/lib/libssl/src/apps/speed.c b/src/lib/libssl/src/apps/speed.c
index 8358b12fdd..9886ca3766 100644
--- a/src/lib/libssl/src/apps/speed.c
+++ b/src/lib/libssl/src/apps/speed.c
@@ -254,7 +254,7 @@ static const char *names[ALGOR_NUM]={
   "aes-128 cbc","aes-192 cbc","aes-256 cbc",
   "camellia-128 cbc","camellia-192 cbc","camellia-256 cbc",
   "evp","sha256","sha512","whirlpool",
-  "aes-128 ige","aes-192 ige","aes-256 ige","ghash"};
+  "aes-128 ige","aes-192 ige","aes-256 ige","ghash" };
 static double results[ALGOR_NUM][SIZE_NUM];
 static int lengths[SIZE_NUM]={16,64,256,1024,8*1024};
 #ifndef OPENSSL_NO_RSA
@@ -299,7 +299,7 @@ static SIGRETTYPE sig_done(int sig)
 #if defined(_WIN32)
 
 #if !defined(SIGALRM)
-#define SIGALRM
+# define SIGALRM
 #endif
 static unsigned int lapse,schlock;
 static void alarm_win32(unsigned int secs) { lapse = secs*1000; }
diff --git a/src/lib/libssl/src/apps/tsget b/src/lib/libssl/src/apps/tsget
index 482b8cae3f..c8ad4b8338 100644
--- a/src/lib/libssl/src/apps/tsget
+++ b/src/lib/libssl/src/apps/tsget
@@ -1,7 +1,7 @@
 #!/usr/bin/perl -w
 # Written by Zoltan Glozik <zglozik@stones.com>.
 # Copyright (c) 2002 The OpenTSA Project.  All rights reserved.
-$::version = '$Id: tsget,v 1.2 2010/10/01 22:58:51 djm Exp $';
+$::version = '$Id: tsget,v 1.3 2014/04/13 15:25:28 miod Exp $';
 
 use strict;
 use IO::Handle;
diff --git a/src/lib/libssl/src/apps/verify.c b/src/lib/libssl/src/apps/verify.c
index b9749dcd36..893670ff41 100644
--- a/src/lib/libssl/src/apps/verify.c
+++ b/src/lib/libssl/src/apps/verify.c
@@ -222,11 +222,19 @@ int MAIN(int argc, char **argv)
                         goto end;
                 }
 
-        if (argc < 1) check(cert_ctx, NULL, untrusted, trusted, crls, e);
+        ret = 0;
+        if (argc < 1)
+                { 
+                if (1 != check(cert_ctx, NULL, untrusted, trusted, crls, e))
+                        ret = -1;
+                }
         else
+                {
                 for (i=0; i<argc; i++)
-                        check(cert_ctx,argv[i], untrusted, trusted, crls, e);
-        ret=0;
+                        if (1 != check(cert_ctx,argv[i], untrusted, trusted, crls, e))
+                                ret = -1;
+                }
+
 end:
         if (ret == 1) {
                 BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
@@ -235,13 +243,16 @@ end:
                 BIO_printf(bio_err," [-engine e]");
 #endif
                 BIO_printf(bio_err," cert1 cert2 ...\n");
+
                 BIO_printf(bio_err,"recognized usages:\n");
-                for(i = 0; i < X509_PURPOSE_get_count(); i++) {
+                for(i = 0; i < X509_PURPOSE_get_count(); i++)
+                        {
                         X509_PURPOSE *ptmp;
                         ptmp = X509_PURPOSE_get0(i);
-                        BIO_printf(bio_err, "\t%-10s\t%s\n", X509_PURPOSE_get0_sname(ptmp),
-                                                                X509_PURPOSE_get0_name(ptmp));
-                }
+                        BIO_printf(bio_err, "\t%-10s\t%s\n",
+                                   X509_PURPOSE_get0_sname(ptmp),
+                                   X509_PURPOSE_get0_name(ptmp));
+                        }
         }
         if (vpm) X509_VERIFY_PARAM_free(vpm);
         if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
@@ -249,7 +260,7 @@ end:
         sk_X509_pop_free(trusted, X509_free);
         sk_X509_CRL_pop_free(crls, X509_CRL_free);
         apps_shutdown();
-        OPENSSL_EXIT(ret);
+        OPENSSL_EXIT(ret < 0 ? 2 : ret);
         }
 
 static int check(X509_STORE *ctx, char *file,
diff --git a/src/lib/libssl/src/apps/x509.c b/src/lib/libssl/src/apps/x509.c
index e6e5e0d4e5..3863ab968d 100644
--- a/src/lib/libssl/src/apps/x509.c
+++ b/src/lib/libssl/src/apps/x509.c
@@ -288,7 +288,7 @@ int MAIN(int argc, char **argv)
                         days=atoi(*(++argv));
                         if (days == 0)
                                 {
-                                BIO_printf(STDout,"bad number of days\n");
+                                BIO_printf(bio_err,"bad number of days\n");
                                 goto bad;
                                 }
                         }
@@ -912,7 +912,7 @@ bad:
                                 }
                         else if (text == i)
                                 {
-                                X509_print_ex(out,x,nmflag, certflag);
+                                X509_print_ex(STDout,x,nmflag, certflag);
                                 }
                         else if (startdate == i)
                                 {
diff --git a/src/lib/libssl/src/crypto/aes/asm/aes-x86_64.pl b/src/lib/libssl/src/crypto/aes/asm/aes-x86_64.pl
index 48fa857d5b..34cbb5d844 100755
--- a/src/lib/libssl/src/crypto/aes/asm/aes-x86_64.pl
+++ b/src/lib/libssl/src/crypto/aes/asm/aes-x86_64.pl
@@ -36,7 +36,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 
-open STDOUT,"| $^X $xlate $flavour $output";
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
 
 $verticalspin=1;        # unlike 32-bit version $verticalspin performs
                         # ~15% better on both AMD and Intel cores
diff --git a/src/lib/libssl/src/crypto/aes/asm/aesni-x86_64.pl b/src/lib/libssl/src/crypto/aes/asm/aesni-x86_64.pl
index 499f3b3f42..0dbb194b8d 100644
--- a/src/lib/libssl/src/crypto/aes/asm/aesni-x86_64.pl
+++ b/src/lib/libssl/src/crypto/aes/asm/aesni-x86_64.pl
@@ -172,7 +172,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 
-open STDOUT,"| $^X $xlate $flavour $output";
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
 
 $movkey = $PREFIX eq "aesni" ? "movups" : "movups";
 @_4args=$win64? ("%rcx","%rdx","%r8", "%r9") :  # Win64 order
diff --git a/src/lib/libssl/src/crypto/asn1/a_int.c b/src/lib/libssl/src/crypto/asn1/a_int.c
index ad0d2506f6..297c45a9ff 100644
--- a/src/lib/libssl/src/crypto/asn1/a_int.c
+++ b/src/lib/libssl/src/crypto/asn1/a_int.c
@@ -116,7 +116,7 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
         int pad=0,ret,i,neg;
         unsigned char *p,*n,pb=0;
 
-        if ((a == NULL) || (a->data == NULL)) return(0);
+        if (a == NULL) return(0);
         neg=a->type & V_ASN1_NEG;
         if (a->length == 0)
                 ret=1;
diff --git a/src/lib/libssl/src/crypto/asn1/a_strex.c b/src/lib/libssl/src/crypto/asn1/a_strex.c
index 264ebf2393..ead37ac325 100644
--- a/src/lib/libssl/src/crypto/asn1/a_strex.c
+++ b/src/lib/libssl/src/crypto/asn1/a_strex.c
@@ -567,6 +567,7 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
         if(mbflag == -1) return -1;
         mbflag |= MBSTRING_FLAG;
         stmp.data = NULL;
+        stmp.length = 0;
         ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
         if(ret < 0) return ret;
         *out = stmp.data;
diff --git a/src/lib/libssl/src/crypto/asn1/asn1_err.c b/src/lib/libssl/src/crypto/asn1/asn1_err.c
index 1a30bf119b..aa60203ba8 100644
--- a/src/lib/libssl/src/crypto/asn1/asn1_err.c
+++ b/src/lib/libssl/src/crypto/asn1/asn1_err.c
@@ -305,7 +305,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE),"unknown public key type"},
 {ERR_REASON(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM),"unknown signature algorithm"},
 {ERR_REASON(ASN1_R_UNKNOWN_TAG)          ,"unknown tag"},
-{ERR_REASON(ASN1_R_UNKOWN_FORMAT)        ,"unkown format"},
+{ERR_REASON(ASN1_R_UNKOWN_FORMAT)        ,"unknown format"},
 {ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),"unsupported any defined by type"},
 {ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER)   ,"unsupported cipher"},
 {ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM),"unsupported encryption algorithm"},
diff --git a/src/lib/libssl/src/crypto/asn1/x_pubkey.c b/src/lib/libssl/src/crypto/asn1/x_pubkey.c
index 627ec87f9f..b649e1fcf9 100644
--- a/src/lib/libssl/src/crypto/asn1/x_pubkey.c
+++ b/src/lib/libssl/src/crypto/asn1/x_pubkey.c
@@ -175,12 +175,15 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
         CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
         if (key->pkey)
                 {
+                CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
                 EVP_PKEY_free(ret);
                 ret = key->pkey;
                 }
         else
+                {
                 key->pkey = ret;
-        CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
+                CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
+                }
         CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY);
 
         return ret;
diff --git a/src/lib/libssl/src/crypto/bio/bss_dgram.c b/src/lib/libssl/src/crypto/bio/bss_dgram.c
index 1b1e4bec81..54c012c47d 100644
--- a/src/lib/libssl/src/crypto/bio/bss_dgram.c
+++ b/src/lib/libssl/src/crypto/bio/bss_dgram.c
@@ -77,10 +77,20 @@
 #define OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE 0xc0
 #endif
 
-#ifdef OPENSSL_SYS_LINUX
+#if defined(OPENSSL_SYS_LINUX) && !defined(IP_MTU)
 #define IP_MTU      14 /* linux is lame */
 #endif
 
+#if defined(__FreeBSD__) && defined(IN6_IS_ADDR_V4MAPPED)
+/* Standard definition causes type-punning problems. */
+#undef IN6_IS_ADDR_V4MAPPED
+#define s6_addr32 __u6_addr.__u6_addr32
+#define IN6_IS_ADDR_V4MAPPED(a)               \
+        (((a)->s6_addr32[0] == 0) &&          \
+         ((a)->s6_addr32[1] == 0) &&          \
+         ((a)->s6_addr32[2] == htonl(0x0000ffff)))
+#endif
+
 #ifdef WATT32
 #define sock_write SockWrite  /* Watt-32 uses same names */
 #define sock_read  SockRead
@@ -255,7 +265,7 @@ static void dgram_adjust_rcv_timeout(BIO *b)
         {
 #if defined(SO_RCVTIMEO)
         bio_dgram_data *data = (bio_dgram_data *)b->ptr;
-        int sz = sizeof(int);
+        union { size_t s; int i; } sz = {0};
 
         /* Is a timer active? */
         if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0)
@@ -265,8 +275,10 @@ static void dgram_adjust_rcv_timeout(BIO *b)
                 /* Read current socket timeout */
 #ifdef OPENSSL_SYS_WINDOWS
                 int timeout;
+
+                sz.i = sizeof(timeout);
                 if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
-                                           (void*)&timeout, &sz) < 0)
+                                           (void*)&timeout, &sz.i) < 0)
                         { perror("getsockopt"); }
                 else
                         {
@@ -274,9 +286,12 @@ static void dgram_adjust_rcv_timeout(BIO *b)
                         data->socket_timeout.tv_usec = (timeout % 1000) * 1000;
                         }
 #else
+                sz.i = sizeof(data->socket_timeout);
                 if ( getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, 
                                                 &(data->socket_timeout), (void *)&sz) < 0)
                         { perror("getsockopt"); }
+                else if (sizeof(sz.s)!=sizeof(sz.i) && sz.i==0)
+                        OPENSSL_assert(sz.s<=sizeof(data->socket_timeout));
 #endif
 
                 /* Get current time */
@@ -445,11 +460,10 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
         int *ip;
         struct sockaddr *to = NULL;
         bio_dgram_data *data = NULL;
-#if defined(IP_MTU_DISCOVER) || defined(IP_MTU)
-        long sockopt_val = 0;
-        unsigned int sockopt_len = 0;
-#endif
-#ifdef OPENSSL_SYS_LINUX
+#if defined(OPENSSL_SYS_LINUX) && (defined(IP_MTU_DISCOVER) || defined(IP_MTU))
+        int sockopt_val = 0;
+        socklen_t sockopt_len;  /* assume that system supporting IP_MTU is
+                                 * modern enough to define socklen_t */
         socklen_t addr_len;
         union   {
                 struct sockaddr sa;
@@ -531,7 +545,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                 break;
                 /* (Linux)kernel sets DF bit on outgoing IP packets */
         case BIO_CTRL_DGRAM_MTU_DISCOVER:
-#ifdef OPENSSL_SYS_LINUX
+#if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO)
                 addr_len = (socklen_t)sizeof(addr);
                 memset((void *)&addr, 0, sizeof(addr));
                 if (getsockname(b->num, &addr.sa, &addr_len) < 0)
@@ -539,7 +553,6 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                         ret = 0;
                         break;
                         }
-                sockopt_len = sizeof(sockopt_val);
                 switch (addr.sa.sa_family)
                         {
                 case AF_INET:
@@ -548,7 +561,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                                 &sockopt_val, sizeof(sockopt_val))) < 0)
                                 perror("setsockopt");
                         break;
-#if OPENSSL_USE_IPV6 && defined(IPV6_MTU_DISCOVER)
+#if OPENSSL_USE_IPV6 && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO)
                 case AF_INET6:
                         sockopt_val = IPV6_PMTUDISC_DO;
                         if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
@@ -565,7 +578,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                 break;
 #endif
         case BIO_CTRL_DGRAM_QUERY_MTU:
-#ifdef OPENSSL_SYS_LINUX
+#if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU)
                 addr_len = (socklen_t)sizeof(addr);
                 memset((void *)&addr, 0, sizeof(addr));
                 if (getsockname(b->num, &addr.sa, &addr_len) < 0)
@@ -727,12 +740,15 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
 #endif
                 break;
         case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT:
-#ifdef OPENSSL_SYS_WINDOWS
                 {
-                int timeout, sz = sizeof(timeout);
+                union { size_t s; int i; } sz = {0};
+#ifdef OPENSSL_SYS_WINDOWS
+                int timeout;
                 struct timeval *tv = (struct timeval *)ptr;
+
+                sz.i = sizeof(timeout);
                 if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
-                        (void*)&timeout, &sz) < 0)
+                        (void*)&timeout, &sz.i) < 0)
                         { perror("getsockopt"); ret = -1; }
                 else
                         {
@@ -740,12 +756,20 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                         tv->tv_usec = (timeout % 1000) * 1000;
                         ret = sizeof(*tv);
                         }
-                }
 #else
+                sz.i = sizeof(struct timeval);
                 if ( getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, 
-                        ptr, (void *)&ret) < 0)
+                        ptr, (void *)&sz) < 0)
                         { perror("getsockopt"); ret = -1; }
+                else if (sizeof(sz.s)!=sizeof(sz.i) && sz.i==0)
+                        {
+                        OPENSSL_assert(sz.s<=sizeof(struct timeval));
+                        ret = (int)sz.s;
+                        }
+                else
+                        ret = sz.i;
 #endif
+                }
                 break;
 #endif
 #if defined(SO_SNDTIMEO)
@@ -765,12 +789,15 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
 #endif
                 break;
         case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT:
-#ifdef OPENSSL_SYS_WINDOWS
                 {
-                int timeout, sz = sizeof(timeout);
+                union { size_t s; int i; } sz = {0};
+#ifdef OPENSSL_SYS_WINDOWS
+                int timeout;
                 struct timeval *tv = (struct timeval *)ptr;
+
+                sz.i = sizeof(timeout);
                 if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
-                        (void*)&timeout, &sz) < 0)
+                        (void*)&timeout, &sz.i) < 0)
                         { perror("getsockopt"); ret = -1; }
                 else
                         {
@@ -778,12 +805,20 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                         tv->tv_usec = (timeout % 1000) * 1000;
                         ret = sizeof(*tv);
                         }
-                }
 #else
+                sz.i = sizeof(struct timeval);
                 if ( getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, 
-                        ptr, (void *)&ret) < 0)
+                        ptr, (void *)&sz) < 0)
                         { perror("getsockopt"); ret = -1; }
+                else if (sizeof(sz.s)!=sizeof(sz.i) && sz.i==0)
+                        {
+                        OPENSSL_assert(sz.s<=sizeof(struct timeval));
+                        ret = (int)sz.s;
+                        }
+                else
+                        ret = sz.i;
 #endif
+                }
                 break;
 #endif
         case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP:
@@ -871,8 +906,8 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag)
         memset(authchunks, 0, sizeof(sockopt_len));
         ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks, &sockopt_len);
         OPENSSL_assert(ret >= 0);
-        
-        for (p = (unsigned char*) authchunks + sizeof(sctp_assoc_t);
+
+        for (p = (unsigned char*) authchunks->gauth_chunks;
              p < (unsigned char*) authchunks + sockopt_len;
              p += sizeof(uint8_t))
                 {
@@ -955,7 +990,6 @@ static int dgram_sctp_free(BIO *a)
 #ifdef SCTP_AUTHENTICATION_EVENT
 void dgram_sctp_handle_auth_free_key_event(BIO *b, union sctp_notification *snp)
         {
-        unsigned int sockopt_len = 0;
         int ret;
         struct sctp_authkey_event* authkeyevent = &snp->sn_auth_event;
 
@@ -965,9 +999,8 @@ void dgram_sctp_handle_auth_free_key_event(BIO *b, union sctp_notification *snp)
 
                 /* delete key */
                 authkeyid.scact_keynumber = authkeyevent->auth_keynumber;
-                sockopt_len = sizeof(struct sctp_authkeyid);
                 ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY,
-                      &authkeyid, sockopt_len);
+                      &authkeyid, sizeof(struct sctp_authkeyid));
                 }
         }
 #endif
@@ -1164,7 +1197,7 @@ static int dgram_sctp_read(BIO *b, char *out, int outl)
                         ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS, authchunks, &optlen);
                         OPENSSL_assert(ii >= 0);
 
-                        for (p = (unsigned char*) authchunks + sizeof(sctp_assoc_t);
+                        for (p = (unsigned char*) authchunks->gauth_chunks;
                                  p < (unsigned char*) authchunks + optlen;
                                  p += sizeof(uint8_t))
                                 {
@@ -1298,7 +1331,7 @@ static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr)
         {
         long ret=1;
         bio_dgram_sctp_data *data = NULL;
-        unsigned int sockopt_len = 0;
+        socklen_t sockopt_len = 0;
         struct sctp_authkeyid authkeyid;
         struct sctp_authkey *authkey;
 
diff --git a/src/lib/libssl/src/crypto/bio/bss_log.c b/src/lib/libssl/src/crypto/bio/bss_log.c
index b7dce5c1a2..2227b2b52d 100644
--- a/src/lib/libssl/src/crypto/bio/bss_log.c
+++ b/src/lib/libssl/src/crypto/bio/bss_log.c
@@ -245,7 +245,7 @@ static int MS_CALLBACK slg_puts(BIO *bp, const char *str)
 
 static void xopenlog(BIO* bp, char* name, int level)
 {
-        if (GetVersion() < 0x80000000)
+        if (check_winnt())
                 bp->ptr = RegisterEventSourceA(NULL,name);
         else
                 bp->ptr = NULL;
diff --git a/src/lib/libssl/src/crypto/bn/bn.h b/src/lib/libssl/src/crypto/bn/bn.h
index f34248ec4f..21a1a3fe35 100644
--- a/src/lib/libssl/src/crypto/bn/bn.h
+++ b/src/lib/libssl/src/crypto/bn/bn.h
@@ -538,6 +538,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret,
 BIGNUM *BN_mod_sqrt(BIGNUM *ret,
         const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
 
+void    BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
+
 /* Deprecated versions */
 #ifndef OPENSSL_NO_DEPRECATED
 BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,
@@ -774,11 +776,20 @@ int RAND_pseudo_bytes(unsigned char *buf,int num);
 
 #define bn_fix_top(a)           bn_check_top(a)
 
+#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
+#define bn_wcheck_size(bn, words) \
+        do { \
+                const BIGNUM *_bnum2 = (bn); \
+                assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \
+        } while(0)
+
 #else /* !BN_DEBUG */
 
 #define bn_pollute(a)
 #define bn_check_top(a)
 #define bn_fix_top(a)           bn_correct_top(a)
+#define bn_check_size(bn, bits)
+#define bn_wcheck_size(bn, words)
 
 #endif
 
diff --git a/src/lib/libssl/src/crypto/bn/bn_div.c b/src/lib/libssl/src/crypto/bn/bn_div.c
index 52b3304293..7b2403185e 100644
--- a/src/lib/libssl/src/crypto/bn/bn_div.c
+++ b/src/lib/libssl/src/crypto/bn/bn_div.c
@@ -141,6 +141,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
     *
     *                                   <appro@fy.chalmers.se>
     */
+#undef bn_div_words
 #  define bn_div_words(n0,n1,d0)                \
         ({  asm volatile (                      \
                 "divl   %4"                     \
@@ -155,6 +156,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
     * Same story here, but it's 128-bit by 64-bit division. Wow!
     *                                   <appro@fy.chalmers.se>
     */
+#  undef bn_div_words
 #  define bn_div_words(n0,n1,d0)                \
         ({  asm volatile (                      \
                 "divq   %4"                     \
diff --git a/src/lib/libssl/src/crypto/bn/bn_gcd.c b/src/lib/libssl/src/crypto/bn/bn_gcd.c
index 4a352119ba..a808f53178 100644
--- a/src/lib/libssl/src/crypto/bn/bn_gcd.c
+++ b/src/lib/libssl/src/crypto/bn/bn_gcd.c
@@ -205,6 +205,7 @@ err:
 /* solves ax == 1 (mod n) */
 static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
         const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
+
 BIGNUM *BN_mod_inverse(BIGNUM *in,
         const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
         {
diff --git a/src/lib/libssl/src/crypto/bn/bn_lcl.h b/src/lib/libssl/src/crypto/bn/bn_lcl.h
index eecfd8cc99..817c773b65 100644
--- a/src/lib/libssl/src/crypto/bn/bn_lcl.h
+++ b/src/lib/libssl/src/crypto/bn/bn_lcl.h
@@ -282,16 +282,23 @@ extern "C" {
 #  endif
 # elif defined(__mips) && (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG))
 #  if defined(__GNUC__) && __GNUC__>=2
-#   define BN_UMULT_HIGH(a,b)   ({      \
+#   if __GNUC__>=4 && __GNUC_MINOR__>=4 /* "h" constraint is no more since 4.4 */
+#     define BN_UMULT_HIGH(a,b)          (((__uint128_t)(a)*(b))>>64)
+#     define BN_UMULT_LOHI(low,high,a,b) ({     \
+        __uint128_t ret=(__uint128_t)(a)*(b);   \
+        (high)=ret>>64; (low)=ret;       })
+#   else
+#     define BN_UMULT_HIGH(a,b) ({      \
         register BN_ULONG ret;          \
         asm ("dmultu    %1,%2"          \
              : "=h"(ret)                \
              : "r"(a), "r"(b) : "l");   \
         ret;                    })
-#   define BN_UMULT_LOHI(low,high,a,b)  \
+#     define BN_UMULT_LOHI(low,high,a,b)\
         asm ("dmultu    %2,%3"          \
              : "=l"(low),"=h"(high)     \
              : "r"(a), "r"(b));
+#    endif
 #  endif
 # endif         /* cpu */
 #endif          /* OPENSSL_NO_ASM */
diff --git a/src/lib/libssl/src/crypto/bn/bn_lib.c b/src/lib/libssl/src/crypto/bn/bn_lib.c
index 7a5676de69..5461e6ee7d 100644
--- a/src/lib/libssl/src/crypto/bn/bn_lib.c
+++ b/src/lib/libssl/src/crypto/bn/bn_lib.c
@@ -824,3 +824,55 @@ int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,
                 }
         return bn_cmp_words(a,b,cl);
         }
+
+/* 
+ * Constant-time conditional swap of a and b.  
+ * a and b are swapped if condition is not 0.  The code assumes that at most one bit of condition is set.
+ * nwords is the number of words to swap.  The code assumes that at least nwords are allocated in both a and b,
+ * and that no more than nwords are used by either a or b.
+ * a and b cannot be the same number
+ */
+void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
+        {
+        BN_ULONG t;
+        int i;
+
+        bn_wcheck_size(a, nwords);
+        bn_wcheck_size(b, nwords);
+
+        assert(a != b);
+        assert((condition & (condition - 1)) == 0);
+        assert(sizeof(BN_ULONG) >= sizeof(int));
+
+        condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1;
+
+        t = (a->top^b->top) & condition;
+        a->top ^= t;
+        b->top ^= t;
+
+#define BN_CONSTTIME_SWAP(ind) \
+        do { \
+                t = (a->d[ind] ^ b->d[ind]) & condition; \
+                a->d[ind] ^= t; \
+                b->d[ind] ^= t; \
+        } while (0)
+
+
+        switch (nwords) {
+        default:
+                for (i = 10; i < nwords; i++) 
+                        BN_CONSTTIME_SWAP(i);
+                /* Fallthrough */
+        case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */
+        case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */
+        case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */
+        case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */
+        case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */
+        case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */
+        case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */
+        case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */
+        case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */
+        case 1: BN_CONSTTIME_SWAP(0);
+        }
+#undef BN_CONSTTIME_SWAP
+}
diff --git a/src/lib/libssl/src/crypto/bn/bn_nist.c b/src/lib/libssl/src/crypto/bn/bn_nist.c
index 43caee4770..e22968d4a3 100644
--- a/src/lib/libssl/src/crypto/bn/bn_nist.c
+++ b/src/lib/libssl/src/crypto/bn/bn_nist.c
@@ -286,26 +286,25 @@ const BIGNUM *BN_get0_nist_prime_521(void)
         }
 
 
-static void nist_cp_bn_0(BN_ULONG *buf, BN_ULONG *a, int top, int max)
+static void nist_cp_bn_0(BN_ULONG *dst, const BN_ULONG *src, int top, int max)
         {
         int i;
-        BN_ULONG *_tmp1 = (buf), *_tmp2 = (a);
 
 #ifdef BN_DEBUG
         OPENSSL_assert(top <= max);
 #endif
-        for (i = (top); i != 0; i--)
-                *_tmp1++ = *_tmp2++;
-        for (i = (max) - (top); i != 0; i--)
-                *_tmp1++ = (BN_ULONG) 0;
+        for (i = 0; i < top; i++)
+                dst[i] = src[i];
+        for (; i < max; i++)
+                dst[i] = 0;
         }
 
-static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top)
+static void nist_cp_bn(BN_ULONG *dst, const BN_ULONG *src, int top)
         { 
         int i;
-        BN_ULONG *_tmp1 = (buf), *_tmp2 = (a);
-        for (i = (top); i != 0; i--)
-                *_tmp1++ = *_tmp2++;
+
+        for (i = 0; i < top; i++)
+                dst[i] = src[i];
         }
 
 #if BN_BITS2 == 64
@@ -451,8 +450,9 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
          */
         mask  = 0-(PTR_SIZE_INT)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP);
         mask &= 0-(PTR_SIZE_INT)carry;
+        res   = c_d;
         res   = (BN_ULONG *)
-         (((PTR_SIZE_INT)c_d&~mask) | ((PTR_SIZE_INT)r_d&mask));
+         (((PTR_SIZE_INT)res&~mask) | ((PTR_SIZE_INT)r_d&mask));
         nist_cp_bn(r_d, res, BN_NIST_192_TOP);
         r->top = BN_NIST_192_TOP;
         bn_correct_top(r);
@@ -479,8 +479,11 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         int     top = a->top, i;
         int     carry;
         BN_ULONG *r_d, *a_d = a->d;
-        BN_ULONG buf[BN_NIST_224_TOP],
-                 c_d[BN_NIST_224_TOP],
+        union   {
+                BN_ULONG        bn[BN_NIST_224_TOP];
+                unsigned int    ui[BN_NIST_224_TOP*sizeof(BN_ULONG)/sizeof(unsigned int)];
+                } buf;
+        BN_ULONG c_d[BN_NIST_224_TOP],
                 *res;
         PTR_SIZE_INT mask;
         union { bn_addsub_f f; PTR_SIZE_INT p; } u;
@@ -519,18 +522,18 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         /* copy upper 256 bits of 448 bit number ... */
         nist_cp_bn_0(c_d, a_d + (BN_NIST_224_TOP-1), top - (BN_NIST_224_TOP-1), BN_NIST_224_TOP);
         /* ... and right shift by 32 to obtain upper 224 bits */
-        nist_set_224(buf, c_d, 14, 13, 12, 11, 10, 9, 8);
+        nist_set_224(buf.bn, c_d, 14, 13, 12, 11, 10, 9, 8);
         /* truncate lower part to 224 bits too */
         r_d[BN_NIST_224_TOP-1] &= BN_MASK2l;
 #else
-        nist_cp_bn_0(buf, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, BN_NIST_224_TOP);
+        nist_cp_bn_0(buf.bn, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, BN_NIST_224_TOP);
 #endif
 
 #if defined(NIST_INT64) && BN_BITS2!=64
         {
         NIST_INT64              acc;    /* accumulator */
         unsigned int            *rp=(unsigned int *)r_d;
-        const unsigned int      *bp=(const unsigned int *)buf;
+        const unsigned int      *bp=(const unsigned int *)buf.ui;
 
         acc  = rp[0];   acc -= bp[7-7];
                         acc -= bp[11-7]; rp[0] = (unsigned int)acc; acc >>= 32;
@@ -565,13 +568,13 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         {
         BN_ULONG t_d[BN_NIST_224_TOP];
 
-        nist_set_224(t_d, buf, 10, 9, 8, 7, 0, 0, 0);
+        nist_set_224(t_d, buf.bn, 10, 9, 8, 7, 0, 0, 0);
         carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
-        nist_set_224(t_d, buf, 0, 13, 12, 11, 0, 0, 0);
+        nist_set_224(t_d, buf.bn, 0, 13, 12, 11, 0, 0, 0);
         carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
-        nist_set_224(t_d, buf, 13, 12, 11, 10, 9, 8, 7);
+        nist_set_224(t_d, buf.bn, 13, 12, 11, 10, 9, 8, 7);
         carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
-        nist_set_224(t_d, buf, 0, 0, 0, 0, 13, 12, 11);
+        nist_set_224(t_d, buf.bn, 0, 0, 0, 0, 13, 12, 11);
         carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
 
 #if BN_BITS2==64
@@ -606,7 +609,8 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
         /* otherwise it's effectively same as in BN_nist_mod_192... */
         mask  = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_224[0],BN_NIST_224_TOP);
         mask &= 0-(PTR_SIZE_INT)carry;
-        res   = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) |
+        res   = c_d;
+        res   = (BN_ULONG *)(((PTR_SIZE_INT)res&~mask) |
          ((PTR_SIZE_INT)r_d&mask));
         nist_cp_bn(r_d, res, BN_NIST_224_TOP);
         r->top = BN_NIST_224_TOP;
@@ -805,7 +809,8 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 
         mask  = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP);
         mask &= 0-(PTR_SIZE_INT)carry;
-        res   = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) |
+        res   = c_d;
+        res   = (BN_ULONG *)(((PTR_SIZE_INT)res&~mask) |
          ((PTR_SIZE_INT)r_d&mask));
         nist_cp_bn(r_d, res, BN_NIST_256_TOP);
         r->top = BN_NIST_256_TOP;
@@ -1026,7 +1031,8 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 
         mask  = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_384[0],BN_NIST_384_TOP);
         mask &= 0-(PTR_SIZE_INT)carry;
-        res   = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) |
+        res   = c_d;
+        res   = (BN_ULONG *)(((PTR_SIZE_INT)res&~mask) |
          ((PTR_SIZE_INT)r_d&mask));
         nist_cp_bn(r_d, res, BN_NIST_384_TOP);
         r->top = BN_NIST_384_TOP;
@@ -1092,7 +1098,8 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 
         bn_add_words(r_d,r_d,t_d,BN_NIST_521_TOP);
         mask = 0-(PTR_SIZE_INT)bn_sub_words(t_d,r_d,_nist_p_521,BN_NIST_521_TOP);
-        res  = (BN_ULONG *)(((PTR_SIZE_INT)t_d&~mask) |
+        res  = t_d;
+        res  = (BN_ULONG *)(((PTR_SIZE_INT)res&~mask) |
          ((PTR_SIZE_INT)r_d&mask));
         nist_cp_bn(r_d,res,BN_NIST_521_TOP);
         r->top = BN_NIST_521_TOP;
diff --git a/src/lib/libssl/src/crypto/buffer/buffer.c b/src/lib/libssl/src/crypto/buffer/buffer.c
index d7aa79ad7f..d4a4ce43b3 100644
--- a/src/lib/libssl/src/crypto/buffer/buffer.c
+++ b/src/lib/libssl/src/crypto/buffer/buffer.c
@@ -179,14 +179,14 @@ int BUF_MEM_grow_clean(BUF_MEM *str, size_t len)
         return(len);
         }
 
-void BUF_reverse(unsigned char *out, unsigned char *in, size_t size)
+void BUF_reverse(unsigned char *out, const unsigned char *in, size_t size)
         {
         size_t i;
         if (in)
                 {
                 out += size - 1;
                 for (i = 0; i < size; i++)
-                        *in++ = *out--;
+                        *out-- = *in++;
                 }
         else
                 {
diff --git a/src/lib/libssl/src/crypto/buffer/buffer.h b/src/lib/libssl/src/crypto/buffer/buffer.h
index 178e418282..f8da32b485 100644
--- a/src/lib/libssl/src/crypto/buffer/buffer.h
+++ b/src/lib/libssl/src/crypto/buffer/buffer.h
@@ -88,7 +88,7 @@ int	BUF_MEM_grow_clean(BUF_MEM *str, size_t len);
 char *  BUF_strdup(const char *str);
 char *  BUF_strndup(const char *str, size_t siz);
 void *  BUF_memdup(const void *data, size_t siz);
-void    BUF_reverse(unsigned char *out, unsigned char *in, size_t siz);
+void    BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz);
 
 /* safe string functions */
 size_t BUF_strlcpy(char *dst,const char *src,size_t siz);
diff --git a/src/lib/libssl/src/crypto/cryptlib.c b/src/lib/libssl/src/crypto/cryptlib.c
index 766ea8cac7..0b77d8b7d0 100644
--- a/src/lib/libssl/src/crypto/cryptlib.c
+++ b/src/lib/libssl/src/crypto/cryptlib.c
@@ -504,7 +504,7 @@ void CRYPTO_THREADID_current(CRYPTO_THREADID *id)
         CRYPTO_THREADID_set_numeric(id, (unsigned long)find_thread(NULL));
 #else
         /* For everything else, default to using the address of 'errno' */
-        CRYPTO_THREADID_set_pointer(id, &errno);
+        CRYPTO_THREADID_set_pointer(id, (void*)&errno);
 #endif
         }
 
@@ -704,6 +704,7 @@ void OPENSSL_cpuid_setup(void)
     }
     else
         vec = OPENSSL_ia32_cpuid();
+
     /*
      * |(1<<10) sets a reserved bit to signal that variable
      * was initialized already... This is to avoid interference
@@ -888,7 +889,7 @@ void OPENSSL_showfatal (const char *fmta,...)
 
 #if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
     /* this -------------v--- guards NT-specific calls */
-    if (GetVersion() < 0x80000000 && OPENSSL_isservice() > 0)
+    if (check_winnt() && OPENSSL_isservice() > 0)
     {   HANDLE h = RegisterEventSource(0,_T("OPENSSL"));
         const TCHAR *pmsg=buf;
         ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0);
@@ -924,3 +925,16 @@ void OpenSSLDie(const char *file,int line,const char *assertion)
         }
 
 void *OPENSSL_stderr(void)      { return stderr; }
+
+int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len)
+        {
+        size_t i;
+        const unsigned char *a = in_a;
+        const unsigned char *b = in_b;
+        unsigned char x = 0;
+
+        for (i = 0; i < len; i++)
+                x |= a[i] ^ b[i];
+
+        return x;
+        }
diff --git a/src/lib/libssl/src/crypto/cryptlib.h b/src/lib/libssl/src/crypto/cryptlib.h
index 1761f6b668..d26f9630ea 100644
--- a/src/lib/libssl/src/crypto/cryptlib.h
+++ b/src/lib/libssl/src/crypto/cryptlib.h
@@ -100,7 +100,7 @@ extern "C" {
 
 void OPENSSL_cpuid_setup(void);
 extern unsigned int OPENSSL_ia32cap_P[];
-void OPENSSL_showfatal(const char *,...);
+void OPENSSL_showfatal(const char *fmta,...);
 void *OPENSSL_stderr(void);
 extern int OPENSSL_NONPIC_relocated;
 
diff --git a/src/lib/libssl/src/crypto/crypto-lib.com b/src/lib/libssl/src/crypto/crypto-lib.com
deleted file mode 100644
index c280aa03a8..0000000000
--- a/src/lib/libssl/src/crypto/crypto-lib.com
+++ /dev/null
@@ -1,1516 +0,0 @@
-$!
-$!  CRYPTO-LIB.COM
-$!  Written By:  Robert Byer
-$!               Vice-President
-$!               A-Com Computing, Inc.
-$!               byer@mail.all-net.net
-$!
-$!  Changes by Richard Levitte <richard@levitte.org>
-$!             Zoltan Arpadffy <arpadffy@polarhome.com>
-$!
-$!  This command files compiles and creates the "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" 
-$!  library for OpenSSL.  The "xxx" denotes the machine architecture, ALPHA,
-$!  IA64 or VAX.
-$!
-$!  It was re-written so it would try to determine what "C" compiler to use 
-$!  or you can specify which "C" compiler to use.
-$!
-$!  Specify the following as P1 to build just that part or ALL to just
-$!  build everything.
-$!
-$!      LIBRARY    To just compile the [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library.
-$!      APPS       To just compile the [.xxx.EXE.CRYPTO]*.EXE
-$!      ALL        To do both LIBRARY and APPS
-$!
-$!  Specify DEBUG or NODEBUG as P2 to compile with or without debugger
-$!  information.
-$!
-$!  Specify which compiler at P3 to try to compile under.
-$!
-$!      VAXC       For VAX C.
-$!      DECC       For DEC C.
-$!      GNUC       For GNU C.
-$!
-$!  If you don't specify a compiler, it will try to determine which
-$!  "C" compiler to use.
-$!
-$!  P4, if defined, sets a TCP/IP library to use, through one of the following
-$!  keywords:
-$!
-$!      UCX        For UCX
-$!      TCPIP      For TCPIP (post UCX)
-$!      SOCKETSHR  For SOCKETSHR+NETLIB
-$!
-$!  P5, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
-$!
-$!  P6, if defined, sets a choice of crypto methods to compile.
-$!  WARNING: this should only be done to recompile some part of an already
-$!  fully compiled library.
-$!
-$!  P7, if defined, specifies the C pointer size.  Ignored on VAX.
-$!      ("64=ARGV" gives more efficient code with HP C V7.3 or newer.)
-$!      Supported values are:
-$!
-$!      ""       Compile with default (/NOPOINTER_SIZE)
-$!      32       Compile with /POINTER_SIZE=32 (SHORT)
-$!      64       Compile with /POINTER_SIZE=64[=ARGV] (LONG[=ARGV]).
-$!               (Automatically select ARGV if compiler supports it.)
-$!      64=      Compile with /POINTER_SIZE=64 (LONG).
-$!      64=ARGV  Compile with /POINTER_SIZE=64=ARGV (LONG=ARGV).
-$!
-$!  P8, if defined, specifies a directory where ZLIB files (zlib.h,
-$!  libz.olb) may be found.  Optionally, a non-default object library
-$!  name may be included ("dev:[dir]libz_64.olb", for example).
-$!
-$!
-$! Announce/identify.
-$!
-$ proc = f$environment( "procedure")
-$ write sys$output "@@@ "+ -
-   f$parse( proc, , , "name")+ f$parse( proc, , , "type")
-$!
-$! Define A TCP/IP Library That We Will Need To Link To.
-$! (That Is, If We Need To Link To One.)
-$!
-$ TCPIP_LIB = ""
-$ ZLIB_LIB = ""
-$!
-$! Check Which Architecture We Are Using.
-$!
-$ IF (F$GETSYI("CPU").LT.128)
-$ THEN
-$!
-$!  The Architecture Is VAX
-$!
-$   ARCH = "VAX"
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$!  The Architecture Is Alpha, IA64 or whatever comes in the future.
-$!
-$   ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
-$   IF (ARCH .EQS. "") THEN ARCH = "UNK"
-$!
-$! End The Architecture Check.
-$!
-$ ENDIF
-$!
-$ ARCHD = ARCH
-$ LIB32 = "32"
-$ OPT_FILE = ""
-$ POINTER_SIZE = ""
-$!
-$! Define The Different Encryption Types.
-$! NOTE: Some might think this list ugly.  However, it's made this way to
-$! reflect the SDIRS variable in [-]Makefile.org as closely as possible,
-$! thereby making it fairly easy to verify that the lists are the same.
-$!
-$ ET_WHIRLPOOL = "WHRLPOOL"
-$ IF ARCH .EQS. "VAX" THEN ET_WHIRLPOOL = ""
-$ ENCRYPT_TYPES = "Basic,"+ -
-                  "OBJECTS,"+ -
-                  "MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ET_WHIRLPOOL+","+ -
-                  "DES,AES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,MODES,"+ -
-                  "BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,"+ -
-                  "BUFFER,BIO,STACK,LHASH,RAND,ERR,"+ -
-                  "EVP,EVP_2,EVP_3,ASN1,ASN1_2,PEM,X509,X509V3,"+ -
-                  "CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5,"+ -
-                  "CMS,PQUEUE,TS,JPAKE,SRP,STORE,CMAC"
-$!
-$! Check To Make Sure We Have Valid Command Line Parameters.
-$!
-$ GOSUB CHECK_OPTIONS
-$!
-$! Define The OBJ and EXE Directories.
-$!
-$ OBJ_DIR := SYS$DISK:[-.'ARCHD'.OBJ.CRYPTO]
-$ EXE_DIR := SYS$DISK:[-.'ARCHD'.EXE.CRYPTO]
-$!
-$! Specify the destination directory in any /MAP option.
-$!
-$ if (LINKMAP .eqs. "MAP")
-$ then
-$   LINKMAP = LINKMAP+ "=''EXE_DIR'"
-$ endif
-$!
-$! Add the location prefix to the linker options file name.
-$!
-$ if (OPT_FILE .nes. "")
-$ then
-$   OPT_FILE = EXE_DIR+ OPT_FILE
-$ endif
-$!
-$! Initialise logical names and such
-$!
-$ GOSUB INITIALISE
-$!
-$! Tell The User What Kind of Machine We Run On.
-$!
-$ WRITE SYS$OUTPUT "Host system architecture: ''ARCHD'"
-$!
-$!
-$! Check To See If The Architecture Specific OBJ Directory Exists.
-$!
-$ IF (F$PARSE(OBJ_DIR).EQS."")
-$ THEN
-$!
-$!  It Dosen't Exist, So Create It.
-$!
-$   CREATE/DIR 'OBJ_DIR'
-$!
-$! End The Architecture Specific OBJ Directory Check.
-$!
-$ ENDIF
-$!
-$! Check To See If The Architecture Specific Directory Exists.
-$!
-$ IF (F$PARSE(EXE_DIR).EQS."")
-$ THEN
-$!
-$!  It Dosen't Exist, So Create It.
-$!
-$   CREATE/DIRECTORY 'EXE_DIR'
-$!
-$! End The Architecture Specific Directory Check.
-$!
-$ ENDIF
-$!
-$! Define The Library Name.
-$!
-$ LIB_NAME := 'EXE_DIR'SSL_LIBCRYPTO'LIB32'.OLB
-$!
-$! Define The CRYPTO-LIB We Are To Use.
-$!
-$ CRYPTO_LIB := 'EXE_DIR'SSL_LIBCRYPTO'LIB32'.OLB
-$!
-$! Check To See If We Already Have A "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" Library...
-$!
-$ IF (F$SEARCH(LIB_NAME).EQS."")
-$ THEN
-$!
-$! Guess Not, Create The Library.
-$!
-$   LIBRARY/CREATE/OBJECT 'LIB_NAME'
-$!
-$! End The Library Check.
-$!
-$ ENDIF
-$!
-$! Build our options file for the application
-$!
-$ GOSUB CHECK_OPT_FILE
-$!
-$! Define The Different Encryption "library" Strings.
-$!
-$ APPS_DES = "DES/DES,CBC3_ENC"
-$ APPS_PKCS7 = "ENC/ENC;DEC/DEC;SIGN/SIGN;VERIFY/VERIFY,EXAMPLE"
-$
-$ LIB_ = "cryptlib,mem,mem_clr,mem_dbg,cversion,ex_data,cpt_err,"+ -
-        "ebcdic,uid,o_time,o_str,o_dir,o_fips.c,o_init,fips_ers"
-$ LIB_MD2 = "md2_dgst,md2_one"
-$ LIB_MD4 = "md4_dgst,md4_one"
-$ LIB_MD5 = "md5_dgst,md5_one"
-$ LIB_SHA = "sha_dgst,sha1dgst,sha_one,sha1_one,sha256,sha512"
-$ LIB_MDC2 = "mdc2dgst,mdc2_one"
-$ LIB_HMAC = "hmac,hm_ameth,hm_pmeth"
-$ LIB_RIPEMD = "rmd_dgst,rmd_one"
-$ LIB_WHRLPOOL = "wp_dgst,wp_block"
-$ LIB_DES = "set_key,ecb_enc,cbc_enc,"+ -
-        "ecb3_enc,cfb64enc,cfb64ede,cfb_enc,ofb64ede,"+ -
-        "enc_read,enc_writ,ofb64enc,"+ -
-        "ofb_enc,str2key,pcbc_enc,qud_cksm,rand_key,"+ -
-        "des_enc,fcrypt_b,"+ -
-        "fcrypt,xcbc_enc,rpc_enc,cbc_cksm,"+ -
-        "ede_cbcm_enc,des_old,des_old2,read2pwd"
-$ LIB_RC2 = "rc2_ecb,rc2_skey,rc2_cbc,rc2cfb64,rc2ofb64"
-$ LIB_RC4 = "rc4_skey,rc4_enc,rc4_utl"
-$ LIB_RC5 = "rc5_skey,rc5_ecb,rc5_enc,rc5cfb64,rc5ofb64"
-$ LIB_IDEA = "i_cbc,i_cfb64,i_ofb64,i_ecb,i_skey"
-$ LIB_BF = "bf_skey,bf_ecb,bf_enc,bf_cfb64,bf_ofb64"
-$ LIB_CAST = "c_skey,c_ecb,c_enc,c_cfb64,c_ofb64"
-$ LIB_CAMELLIA = "camellia,cmll_misc,cmll_ecb,cmll_cbc,cmll_ofb,"+ -
-        "cmll_cfb,cmll_ctr,cmll_utl"
-$ LIB_SEED = "seed,seed_ecb,seed_cbc,seed_cfb,seed_ofb"
-$ LIB_MODES = "cbc128,ctr128,cts128,cfb128,ofb128,gcm128,"+ -
-        "ccm128,xts128"
-$ LIB_BN_ASM = "[.asm]vms.mar,vms-helper"
-$ IF F$TRNLNM("OPENSSL_NO_ASM") .OR. ARCH .NES. "VAX" THEN -
-     LIB_BN_ASM = "bn_asm"
-$ LIB_BN = "bn_add,bn_div,bn_exp,bn_lib,bn_ctx,bn_mul,bn_mod,"+ -
-        "bn_print,bn_rand,bn_shift,bn_word,bn_blind,"+ -
-        "bn_kron,bn_sqrt,bn_gcd,bn_prime,bn_err,bn_sqr,"+LIB_BN_ASM+","+ -
-        "bn_recp,bn_mont,bn_mpi,bn_exp2,bn_gf2m,bn_nist,"+ -
-        "bn_depr,bn_const,bn_x931p"
-$ LIB_EC = "ec_lib,ecp_smpl,ecp_mont,ecp_nist,ec_cvt,ec_mult,"+ -
-        "ec_err,ec_curve,ec_check,ec_print,ec_asn1,ec_key,"+ -
-        "ec2_smpl,ec2_mult,ec_ameth,ec_pmeth,eck_prn,"+ -
-        "ecp_nistp224,ecp_nistp256,ecp_nistp521,ecp_nistputil,"+ -
-        "ecp_oct,ec2_oct,ec_oct"
-$ LIB_RSA = "rsa_eay,rsa_gen,rsa_lib,rsa_sign,rsa_saos,rsa_err,"+ -
-        "rsa_pk1,rsa_ssl,rsa_none,rsa_oaep,rsa_chk,rsa_null,"+ -
-        "rsa_pss,rsa_x931,rsa_asn1,rsa_depr,rsa_ameth,rsa_prn,"+ -
-        "rsa_pmeth,rsa_crpt"
-$ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa_asn1,dsa_vrf,dsa_sign,"+ -
-        "dsa_err,dsa_ossl,dsa_depr,dsa_ameth,dsa_pmeth,dsa_prn"
-$ LIB_ECDSA = "ecs_lib,ecs_asn1,ecs_ossl,ecs_sign,ecs_vrf,ecs_err"
-$ LIB_DH = "dh_asn1,dh_gen,dh_key,dh_lib,dh_check,dh_err,dh_depr,"+ -
-        "dh_ameth,dh_pmeth,dh_prn"
-$ LIB_ECDH = "ech_lib,ech_ossl,ech_key,ech_err"
-$ LIB_DSO = "dso_dl,dso_dlfcn,dso_err,dso_lib,dso_null,"+ -
-        "dso_openssl,dso_win32,dso_vms,dso_beos"
-$ LIB_ENGINE = "eng_err,eng_lib,eng_list,eng_init,eng_ctrl,"+ -
-        "eng_table,eng_pkey,eng_fat,eng_all,"+ -
-        "tb_rsa,tb_dsa,tb_ecdsa,tb_dh,tb_ecdh,tb_rand,tb_store,"+ -
-        "tb_cipher,tb_digest,tb_pkmeth,tb_asnmth,"+ -
-        "eng_openssl,eng_dyn,eng_cnf,eng_cryptodev,"+ -
-        "eng_rsax,eng_rdrand"
-$ LIB_AES = "aes_core,aes_misc,aes_ecb,aes_cbc,aes_cfb,aes_ofb,aes_ctr,"+ -
-        "aes_ige,aes_wrap"
-$ LIB_BUFFER = "buffer,buf_str,buf_err"
-$ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ -
-        "bss_mem,bss_null,bss_fd,"+ -
-        "bss_file,bss_sock,bss_conn,"+ -
-        "bf_null,bf_buff,b_print,b_dump,"+ -
-        "b_sock,bss_acpt,bf_nbio,bss_rtcp,bss_bio,bss_log,"+ -
-        "bss_dgram,"+ -
-        "bf_lbuf"
-$ LIB_STACK = "stack"
-$ LIB_LHASH = "lhash,lh_stats"
-$ LIB_RAND = "md_rand,randfile,rand_lib,rand_err,rand_egd,"+ -
-        "rand_vms"
-$ LIB_ERR = "err,err_all,err_prn"
-$ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err,obj_xref"
-$ LIB_EVP = "encode,digest,evp_enc,evp_key,evp_acnf,"+ -
-        "e_des,e_bf,e_idea,e_des3,e_camellia,"+ -
-        "e_rc4,e_aes,names,e_seed,"+ -
-        "e_xcbc_d,e_rc2,e_cast,e_rc5"
-$ LIB_EVP_2 = "m_null,m_md2,m_md4,m_md5,m_sha,m_sha1,m_wp," + -
-        "m_dss,m_dss1,m_mdc2,m_ripemd,m_ecdsa,"+ -
-        "p_open,p_seal,p_sign,p_verify,p_lib,p_enc,p_dec,"+ -
-        "bio_md,bio_b64,bio_enc,evp_err,e_null,"+ -
-        "c_all,c_allc,c_alld,evp_lib,bio_ok,"+-
-        "evp_pkey,evp_pbe,p5_crpt,p5_crpt2"
-$ LIB_EVP_3 = "e_old,pmeth_lib,pmeth_fn,pmeth_gn,m_sigver,evp_fips,"+ -
-        "e_aes_cbc_hmac_sha1,e_rc4_hmac_md5"
-$ LIB_ASN1 = "a_object,a_bitstr,a_utctm,a_gentm,a_time,a_int,a_octet,"+ -
-        "a_print,a_type,a_set,a_dup,a_d2i_fp,a_i2d_fp,"+ -
-        "a_enum,a_utf8,a_sign,a_digest,a_verify,a_mbstr,a_strex,"+ -
-        "x_algor,x_val,x_pubkey,x_sig,x_req,x_attrib,x_bignum,"+ -
-        "x_long,x_name,x_x509,x_x509a,x_crl,x_info,x_spki,nsseq,"+ -
-        "x_nx509,d2i_pu,d2i_pr,i2d_pu,i2d_pr"
-$ LIB_ASN1_2 = "t_req,t_x509,t_x509a,t_crl,t_pkey,t_spki,t_bitst,"+ -
-        "tasn_new,tasn_fre,tasn_enc,tasn_dec,tasn_utl,tasn_typ,"+ -
-        "tasn_prn,ameth_lib,"+ -
-        "f_int,f_string,n_pkey,"+ -
-        "f_enum,x_pkey,a_bool,x_exten,bio_asn1,bio_ndef,asn_mime,"+ -
-        "asn1_gen,asn1_par,asn1_lib,asn1_err,a_bytes,a_strnid,"+ -
-        "evp_asn1,asn_pack,p5_pbe,p5_pbev2,p8_pkey,asn_moid"
-$ LIB_PEM = "pem_sign,pem_seal,pem_info,pem_lib,pem_all,pem_err,"+ -
-        "pem_x509,pem_xaux,pem_oth,pem_pk8,pem_pkey,pvkfmt"
-$ LIB_X509 = "x509_def,x509_d2,x509_r2x,x509_cmp,"+ -
-        "x509_obj,x509_req,x509spki,x509_vfy,"+ -
-        "x509_set,x509cset,x509rset,x509_err,"+ -
-        "x509name,x509_v3,x509_ext,x509_att,"+ -
-        "x509type,x509_lu,x_all,x509_txt,"+ -
-        "x509_trs,by_file,by_dir,x509_vpm"
-$ LIB_X509V3 = "v3_bcons,v3_bitst,v3_conf,v3_extku,v3_ia5,v3_lib,"+ -
-        "v3_prn,v3_utl,v3err,v3_genn,v3_alt,v3_skey,v3_akey,v3_pku,"+ -
-        "v3_int,v3_enum,v3_sxnet,v3_cpols,v3_crld,v3_purp,v3_info,"+ -
-        "v3_ocsp,v3_akeya,v3_pmaps,v3_pcons,v3_ncons,v3_pcia,v3_pci,"+ -
-        "pcy_cache,pcy_node,pcy_data,pcy_map,pcy_tree,pcy_lib,"+ -
-        "v3_asid,v3_addr"
-$ LIB_CONF = "conf_err,conf_lib,conf_api,conf_def,conf_mod,conf_mall,conf_sap"
-$ LIB_TXT_DB = "txt_db"
-$ LIB_PKCS7 = "pk7_asn1,pk7_lib,pkcs7err,pk7_doit,pk7_smime,pk7_attr,"+ -
-        "pk7_mime,bio_pk7"
-$ LIB_PKCS12 = "p12_add,p12_asn,p12_attr,p12_crpt,p12_crt,p12_decr,"+ -
-        "p12_init,p12_key,p12_kiss,p12_mutl,"+ -
-        "p12_utl,p12_npas,pk12err,p12_p8d,p12_p8e"
-$ LIB_COMP = "comp_lib,comp_err,"+ -
-        "c_rle,c_zlib"
-$ LIB_OCSP = "ocsp_asn,ocsp_ext,ocsp_ht,ocsp_lib,ocsp_cl,"+ -
-        "ocsp_srv,ocsp_prn,ocsp_vfy,ocsp_err"
-$ LIB_UI_COMPAT = ",ui_compat"
-$ LIB_UI = "ui_err,ui_lib,ui_openssl,ui_util"+LIB_UI_COMPAT
-$ LIB_KRB5 = "krb5_asn"
-$ LIB_CMS = "cms_lib,cms_asn1,cms_att,cms_io,cms_smime,cms_err,"+ -
-        "cms_sd,cms_dd,cms_cd,cms_env,cms_enc,cms_ess,"+ -
-        "cms_pwri"
-$ LIB_PQUEUE = "pqueue"
-$ LIB_TS = "ts_err,ts_req_utils,ts_req_print,ts_rsp_utils,ts_rsp_print,"+ -
-        "ts_rsp_sign,ts_rsp_verify,ts_verify_ctx,ts_lib,ts_conf,"+ -
-        "ts_asn1"
-$ LIB_JPAKE = "jpake,jpake_err"
-$ LIB_SRP = "srp_lib,srp_vfy"
-$ LIB_STORE = "str_err,str_lib,str_meth,str_mem"
-$ LIB_CMAC = "cmac,cm_ameth.c,cm_pmeth"
-$!
-$! Setup exceptional compilations
-$!
-$ CC3_SHOWN = 0
-$ CC4_SHOWN = 0
-$ CC5_SHOWN = 0
-$ CC6_SHOWN = 0
-$!
-$! The following lists must have leading and trailing commas, and no
-$! embedded spaces.  (They are scanned for ",name,".)
-$!
-$ ! Add definitions for no threads on OpenVMS 7.1 and higher.
-$ COMPILEWITH_CC3 = ",bss_rtcp,"
-$ ! Disable the DOLLARID warning.  Not needed with /STANDARD=RELAXED.
-$ COMPILEWITH_CC4 = "" !!! ",a_utctm,bss_log,o_time,o_dir,"
-$ ! Disable disjoint optimization on VAX with DECC.
-$ COMPILEWITH_CC5 = ",md2_dgst,md4_dgst,md5_dgst,mdc2dgst," + -
-                    "seed,sha_dgst,sha1dgst,rmd_dgst,bf_enc,"
-$ ! Disable the MIXLINKAGE warning.
-$ COMPILEWITH_CC6 = "" !!! ",enc_read,set_key,"
-$!
-$! Figure Out What Other Modules We Are To Build.
-$!
-$ BUILD_SET:
-$!
-$! Define A Module Counter.
-$!
-$ MODULE_COUNTER = 0
-$!
-$! Top Of The Loop.
-$!
-$ MODULE_NEXT:
-$!
-$! Extract The Module Name From The Encryption List.
-$!
-$ MODULE_NAME = F$ELEMENT(MODULE_COUNTER,",",ENCRYPT_TYPES)
-$ IF MODULE_NAME.EQS."Basic" THEN MODULE_NAME = ""
-$ MODULE_NAME1 = MODULE_NAME
-$!
-$! Check To See If We Are At The End Of The Module List.
-$!
-$ IF (MODULE_NAME.EQS.",") 
-$ THEN 
-$!
-$!  We Are At The End Of The Module List, Go To MODULE_DONE.
-$!
-$   GOTO MODULE_DONE
-$!
-$! End The Module List Check.
-$!
-$ ENDIF
-$!
-$! Increment The Moudle Counter.
-$!
-$ MODULE_COUNTER = MODULE_COUNTER + 1
-$!
-$! Create The Library and Apps Module Names.
-$!
-$ LIB_MODULE = "LIB_" + MODULE_NAME
-$ APPS_MODULE = "APPS_" + MODULE_NAME
-$ IF (F$EXTRACT(0,5,MODULE_NAME).EQS."ASN1_")
-$ THEN
-$   MODULE_NAME = "ASN1"
-$ ENDIF
-$ IF (F$EXTRACT(0,4,MODULE_NAME).EQS."EVP_")
-$ THEN
-$   MODULE_NAME = "EVP"
-$ ENDIF
-$!
-$! Set state (can be LIB and APPS)
-$!
-$ STATE = "LIB"
-$ IF BUILDALL .EQS. "APPS" THEN STATE = "APPS"
-$!
-$! Check if the library module name actually is defined
-$!
-$ IF F$TYPE('LIB_MODULE') .EQS. ""
-$ THEN
-$   WRITE SYS$ERROR ""
-$   WRITE SYS$ERROR "The module ",MODULE_NAME1," does not exist.  Continuing..."
-$   WRITE SYS$ERROR ""
-$   GOTO MODULE_NEXT
-$ ENDIF
-$!
-$! Top Of The Module Loop.
-$!
-$ MODULE_AGAIN:
-$!
-$! Tell The User What Module We Are Building.
-$!
-$ IF (MODULE_NAME1.NES."") 
-$ THEN
-$   IF STATE .EQS. "LIB"
-$   THEN
-$     WRITE SYS$OUTPUT "Compiling The ",MODULE_NAME1," Library Files. (",BUILDALL,",",STATE,")"
-$   ELSE IF F$TYPE('APPS_MODULE') .NES. ""
-$     THEN
-$       WRITE SYS$OUTPUT "Compiling The ",MODULE_NAME1," Applications. (",BUILDALL,",",STATE,")"
-$     ENDIF
-$   ENDIF
-$ ENDIF
-$!
-$!  Define A File Counter And Set It To "0".
-$!
-$ FILE_COUNTER = 0
-$ APPLICATION = ""
-$ APPLICATION_COUNTER = 0
-$!
-$! Top Of The File Loop.
-$!
-$ NEXT_FILE:
-$!
-$! Look in the LIB_MODULE is we're in state LIB
-$!
-$ IF STATE .EQS. "LIB"
-$ THEN
-$!
-$!   O.K, Extract The File Name From The File List.
-$!
-$   FILE_NAME = F$ELEMENT(FILE_COUNTER,",",'LIB_MODULE')
-$!
-$!   else
-$!
-$ ELSE
-$   FILE_NAME = ","
-$!
-$   IF F$TYPE('APPS_MODULE') .NES. ""
-$   THEN
-$!
-$!     Extract The File Name From The File List.
-$!     This part is a bit more complicated.
-$!
-$     IF APPLICATION .EQS. ""
-$     THEN
-$       APPLICATION = F$ELEMENT(APPLICATION_COUNTER,";",'APPS_MODULE')
-$       APPLICATION_COUNTER = APPLICATION_COUNTER + 1
-$       APPLICATION_OBJECTS = F$ELEMENT(1,"/",APPLICATION)
-$       APPLICATION = F$ELEMENT(0,"/",APPLICATION)
-$       FILE_COUNTER = 0
-$     ENDIF
-$
-$!     WRITE SYS$OUTPUT "DEBUG: SHOW SYMBOL APPLICATION*"
-$!     SHOW SYMBOL APPLICATION*
-$!
-$     IF APPLICATION .NES. ";"
-$     THEN
-$       FILE_NAME = F$ELEMENT(FILE_COUNTER,",",APPLICATION_OBJECTS)
-$       IF FILE_NAME .EQS. ","
-$       THEN
-$         APPLICATION = ""
-$         GOTO NEXT_FILE
-$       ENDIF
-$     ENDIF
-$   ENDIF
-$ ENDIF
-$!
-$! Check To See If We Are At The End Of The File List.
-$!
-$ IF (FILE_NAME.EQS.",") 
-$ THEN 
-$!
-$!  We Are At The End Of The File List, Change State Or Goto FILE_DONE.
-$!
-$   IF STATE .EQS. "LIB" .AND. BUILDALL .NES. "LIBRARY"
-$   THEN
-$     STATE = "APPS"
-$     GOTO MODULE_AGAIN
-$   ELSE
-$     GOTO FILE_DONE
-$   ENDIF
-$!
-$! End The File List Check.
-$!
-$ ENDIF
-$!
-$! Increment The Counter.
-$!
-$ FILE_COUNTER = FILE_COUNTER + 1
-$!
-$! Create The Source File Name.
-$!
-$ TMP_FILE_NAME = F$ELEMENT(1,"]",FILE_NAME)
-$ IF TMP_FILE_NAME .EQS. "]" THEN TMP_FILE_NAME = FILE_NAME
-$ IF F$ELEMENT(0,".",TMP_FILE_NAME) .EQS. TMP_FILE_NAME THEN -
-        FILE_NAME = FILE_NAME + ".c"
-$ IF (MODULE_NAME.NES."")
-$ THEN
-$   SOURCE_FILE = "SYS$DISK:[." + MODULE_NAME+ "]" + FILE_NAME
-$ ELSE
-$   SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME
-$ ENDIF
-$ SOURCE_FILE = SOURCE_FILE - "]["
-$!
-$! Create The Object File Name.
-$!
-$ OBJECT_FILE = OBJ_DIR + F$PARSE(FILE_NAME,,,"NAME","SYNTAX_ONLY") + ".OBJ"
-$ ON WARNING THEN GOTO NEXT_FILE
-$!
-$! Check To See If The File We Want To Compile Is Actually There.
-$!
-$ IF (F$SEARCH(SOURCE_FILE).EQS."")
-$ THEN
-$!
-$!  Tell The User That The File Doesn't Exist.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Doesn't Exist."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Exit The Build.
-$!
-$   GOTO EXIT
-$!
-$! End The File Exist Check.
-$!
-$ ENDIF
-$!
-$! Tell The User We Are Compiling The File.
-$!
-$ IF (MODULE_NAME.EQS."")
-$ THEN
-$   WRITE SYS$OUTPUT "Compiling The ",FILE_NAME," File.  (",BUILDALL,",",STATE,")"
-$ ENDIF
-$ IF (MODULE_NAME.NES."")
-$ THEN 
-$   WRITE SYS$OUTPUT "        ",FILE_NAME,""
-$ ENDIF
-$!
-$! Compile The File.
-$!
-$ ON ERROR THEN GOTO NEXT_FILE
-$ FILE_NAME0 = ","+ F$ELEMENT(0,".",FILE_NAME)+ ","
-$ IF FILE_NAME - ".mar" .NES. FILE_NAME
-$ THEN
-$   MACRO/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
-$ ELSE
-$   IF COMPILEWITH_CC3 - FILE_NAME0 .NES. COMPILEWITH_CC3
-$   THEN
-$     write sys$output "        \Using special rule (3)"
-$     if (.not. CC3_SHOWN)
-$     then
-$       CC3_SHOWN = 1
-$       x = "    "+ CC3
-$       write /symbol sys$output x
-$     endif
-$     CC3/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
-$   ELSE
-$     IF COMPILEWITH_CC4 - FILE_NAME0 .NES. COMPILEWITH_CC4
-$     THEN
-$       write /symbol sys$output "        \Using special rule (4)"
-$       if (.not. CC4_SHOWN)
-$       then
-$         CC4_SHOWN = 1
-$         x = "    "+ CC4
-$         write /symbol sys$output x
-$       endif
-$       CC4/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
-$     ELSE
-$       IF CC5_DIFFERENT .AND. -
-         (COMPILEWITH_CC5 - FILE_NAME0 .NES. COMPILEWITH_CC5)
-$       THEN
-$         write sys$output "        \Using special rule (5)"
-$         if (.not. CC5_SHOWN)
-$         then
-$           CC5_SHOWN = 1
-$           x = "    "+ CC5
-$           write /symbol sys$output x
-$         endif
-$         CC5/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
-$       ELSE
-$         IF COMPILEWITH_CC6 - FILE_NAME0 .NES. COMPILEWITH_CC6
-$         THEN
-$           write sys$output "        \Using special rule (6)"
-$           if (.not. CC6_SHOWN)
-$           then
-$             CC6_SHOWN = 1
-$             x = "    "+ CC6
-$             write /symbol sys$output x
-$           endif
-$           CC6/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
-$         ELSE
-$           CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
-$         ENDIF
-$       ENDIF
-$     ENDIF
-$   ENDIF
-$ ENDIF
-$ IF STATE .EQS. "LIB"
-$ THEN 
-$!
-$!   Add It To The Library.
-$!
-$   LIBRARY/REPLACE 'LIB_NAME' 'OBJECT_FILE'
-$!
-$!   Time To Clean Up The Object File.
-$!
-$   DELETE 'OBJECT_FILE';*
-$ ENDIF
-$!
-$! Go Back And Do It Again.
-$!
-$ GOTO NEXT_FILE
-$!
-$! All Done With This Library Part.
-$!
-$ FILE_DONE:
-$!
-$! Time To Build Some Applications
-$!
-$ IF F$TYPE('APPS_MODULE') .NES. "" .AND. BUILDALL .NES. "LIBRARY"
-$ THEN
-$   APPLICATION_COUNTER = 0
-$ NEXT_APPLICATION:
-$   APPLICATION = F$ELEMENT(APPLICATION_COUNTER,";",'APPS_MODULE')
-$   IF APPLICATION .EQS. ";" THEN GOTO APPLICATION_DONE
-$
-$   APPLICATION_COUNTER = APPLICATION_COUNTER + 1
-$   APPLICATION_OBJECTS = F$ELEMENT(1,"/",APPLICATION)
-$   APPLICATION = F$ELEMENT(0,"/",APPLICATION)
-$
-$!   WRITE SYS$OUTPUT "DEBUG: SHOW SYMBOL APPLICATION*"
-$!   SHOW SYMBOL APPLICATION*
-$!
-$! Tell the user what happens
-$!
-$   WRITE SYS$OUTPUT "        ",APPLICATION,".exe"
-$!
-$! Link The Program.
-$!
-$   ON ERROR THEN GOTO NEXT_APPLICATION
-$!
-$!  Link With A TCP/IP Library.
-$!
-$   LINK /'DEBUGGER' /'LINKMAP' /'TRACEBACK' -
-     /EXE='EXE_DIR''APPLICATION'.EXE -
-     'OBJ_DIR''APPLICATION_OBJECTS', -
-     'CRYPTO_LIB'/LIBRARY -
-     'TCPIP_LIB' -
-     'ZLIB_LIB' -
-     ,'OPT_FILE' /OPTIONS
-$!
-$   GOTO NEXT_APPLICATION
-$  APPLICATION_DONE:
-$ ENDIF
-$!
-$! Go Back And Get The Next Module.
-$!
-$ GOTO MODULE_NEXT
-$!
-$! All Done With This Module.
-$!
-$ MODULE_DONE:
-$!
-$! Tell The User That We Are All Done.
-$!
-$ WRITE SYS$OUTPUT "All Done..."
-$ EXIT:
-$ GOSUB CLEANUP
-$ EXIT
-$!
-$! Check For The Link Option FIle.
-$!
-$ CHECK_OPT_FILE:
-$!
-$! Check To See If We Need To Make A VAX C Option File.
-$!
-$ IF (COMPILER.EQS."VAXC")
-$ THEN
-$!
-$!  Check To See If We Already Have A VAX C Linker Option File.
-$!
-$   IF (F$SEARCH(OPT_FILE).EQS."")
-$   THEN
-$!
-$!    We Need A VAX C Linker Option File.
-$!
-$     CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File To Link Against 
-! The Sharable VAX C Runtime Library.
-!
-SYS$SHARE:VAXCRTL.EXE/SHARE
-$EOD
-$!
-$!  End The Option File Check.
-$!
-$   ENDIF
-$!
-$! End The VAXC Check.
-$!
-$ ENDIF
-$!
-$! Check To See If We Need A GNU C Option File.
-$!
-$ IF (COMPILER.EQS."GNUC")
-$ THEN
-$!
-$!  Check To See If We Already Have A GNU C Linker Option File.
-$!
-$   IF (F$SEARCH(OPT_FILE).EQS."")
-$   THEN
-$!
-$!    We Need A GNU C Linker Option File.
-$!
-$     CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File To Link Against 
-! The Sharable C Runtime Library.
-!
-GNU_CC:[000000]GCCLIB/LIBRARY
-SYS$SHARE:VAXCRTL/SHARE
-$EOD
-$!
-$!  End The Option File Check.
-$!
-$   ENDIF
-$!
-$! End The GNU C Check.
-$!
-$ ENDIF
-$!
-$! Check To See If We Need A DEC C Option File.
-$!
-$ IF (COMPILER.EQS."DECC")
-$ THEN
-$!
-$!  Check To See If We Already Have A DEC C Linker Option File.
-$!
-$   IF (F$SEARCH(OPT_FILE).EQS."")
-$   THEN
-$!
-$!    Figure Out If We Need A non-VAX Or A VAX Linker Option File.
-$!
-$     IF ARCH .EQS. "VAX"
-$     THEN
-$!
-$!      We Need A DEC C Linker Option File For VAX.
-$!
-$       CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File To Link Against 
-! The Sharable DEC C Runtime Library.
-!
-SYS$SHARE:DECC$SHR.EXE/SHARE
-$EOD
-$!
-$!    Else...
-$!
-$     ELSE
-$!
-$!      Create The non-VAX Linker Option File.
-$!
-$       CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File For non-VAX To Link Against 
-! The Sharable C Runtime Library.
-!
-SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
-SYS$SHARE:CMA$OPEN_RTL/SHARE
-$EOD
-$!
-$!    End The DEC C Option File Check.
-$!
-$     ENDIF
-$!
-$!  End The Option File Search.
-$!
-$   ENDIF
-$!
-$! End The DEC C Check.
-$!
-$ ENDIF
-$!
-$!  Tell The User What Linker Option File We Are Using.
-$!
-$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"."
-$!
-$! Time To RETURN.
-$!
-$ RETURN
-$!
-$! Check The User's Options.
-$!
-$ CHECK_OPTIONS:
-$!
-$! Check To See If P1 Is Blank.
-$!
-$ IF (P1.EQS."ALL")
-$ THEN
-$!
-$!   P1 Is Blank, So Build Everything.
-$!
-$    BUILDALL = "TRUE"
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$!  Else, Check To See If P1 Has A Valid Argument.
-$!
-$   IF (P1.EQS."LIBRARY").OR.(P1.EQS."APPS")
-$   THEN
-$!
-$!    A Valid Argument.
-$!
-$     BUILDALL = P1
-$!
-$!  Else...
-$!
-$   ELSE
-$!
-$!    Tell The User We Don't Know What They Want.
-$!
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "The Option ",P1," Is Invalid.  The Valid Options Are:"
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "    ALL      :  Just Build Everything."
-$     WRITE SYS$OUTPUT "    LIBRARY  :  To Compile Just The [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library."
-$     WRITE SYS$OUTPUT "    APPS     :  To Compile Just The [.xxx.EXE.CRYPTO]*.EXE Programs."
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT " Where 'xxx' Stands For:"
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "    ALPHA[64]:  Alpha Architecture."
-$     WRITE SYS$OUTPUT "    IA64[64] :  IA64 Architecture."
-$     WRITE SYS$OUTPUT "    VAX      :  VAX Architecture."
-$     WRITE SYS$OUTPUT ""
-$!
-$!    Time To EXIT.
-$!
-$     EXIT
-$!
-$!  End The Valid Argument Check.
-$!
-$   ENDIF
-$!
-$! End The P1 Check.
-$!
-$ ENDIF
-$!
-$! Check To See If P2 Is Blank.
-$!
-$ IF (P2.EQS."NODEBUG")
-$ THEN
-$!
-$!  P2 Is NODEBUG, So Compile Without The Debugger Information.
-$!
-$   DEBUGGER = "NODEBUG"
-$   LINKMAP = "NOMAP"
-$   TRACEBACK = "NOTRACEBACK" 
-$   GCC_OPTIMIZE = "OPTIMIZE"
-$   CC_OPTIMIZE = "OPTIMIZE"
-$   MACRO_OPTIMIZE = "OPTIMIZE"
-$   WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
-$   WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
-$ ELSE
-$!
-$!  Check To See If We Are To Compile With Debugger Information.
-$!
-$   IF (P2.EQS."DEBUG")
-$   THEN
-$!
-$!    Compile With Debugger Information.
-$!
-$     DEBUGGER = "DEBUG"
-$     LINKMAP = "MAP"
-$     TRACEBACK = "TRACEBACK"
-$     GCC_OPTIMIZE = "NOOPTIMIZE"
-$     CC_OPTIMIZE = "NOOPTIMIZE"
-$     MACRO_OPTIMIZE = "NOOPTIMIZE"
-$     WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile."
-$     WRITE SYS$OUTPUT "Compiling Without Compiler Optimization."
-$   ELSE 
-$!
-$!    They Entered An Invalid Option.
-$!
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "The Option ",P2," Is Invalid.  The Valid Options Are:"
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "     DEBUG   :  Compile With The Debugger Information."
-$     WRITE SYS$OUTPUT "     NODEBUG :  Compile Without The Debugger Information."
-$     WRITE SYS$OUTPUT ""
-$!
-$!    Time To EXIT.
-$!
-$     EXIT
-$!
-$!  End The Valid Argument Check.
-$!
-$   ENDIF
-$!
-$! End The P2 Check.
-$!
-$ ENDIF
-$!
-$! Special Threads For OpenVMS v7.1 Or Later
-$!
-$! Written By:  Richard Levitte
-$!              richard@levitte.org
-$!
-$!
-$! Check To See If We Have A Option For P5.
-$!
-$ IF (P5.EQS."")
-$ THEN
-$!
-$!  Get The Version Of VMS We Are Using.
-$!
-$   ISSEVEN :=
-$   TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION")))
-$   TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP))
-$!
-$!  Check To See If The VMS Version Is v7.1 Or Later.
-$!
-$   IF (TMP.GE.71)
-$   THEN
-$!
-$!    We Have OpenVMS v7.1 Or Later, So Use The Special Threads.
-$!
-$     ISSEVEN := ,PTHREAD_USE_D4
-$!
-$!  End The VMS Version Check.
-$!
-$   ENDIF
-$!
-$! End The P5 Check.
-$!
-$ ENDIF
-$!
-$! Check P7 (POINTER_SIZE).
-$!
-$ IF (P7 .NES. "") .AND. (ARCH .NES. "VAX")
-$ THEN
-$!
-$   IF (P7 .EQS. "32")
-$   THEN
-$     POINTER_SIZE = " /POINTER_SIZE=32"
-$   ELSE
-$     POINTER_SIZE = F$EDIT( P7, "COLLAPSE, UPCASE")
-$     IF ((POINTER_SIZE .EQS. "64") .OR. -
-       (POINTER_SIZE .EQS. "64=") .OR. -
-       (POINTER_SIZE .EQS. "64=ARGV"))
-$     THEN
-$       ARCHD = ARCH+ "_64"
-$       LIB32 = ""
-$       POINTER_SIZE = " /POINTER_SIZE=64"
-$     ELSE
-$!
-$!      Tell The User Entered An Invalid Option.
-$!
-$       WRITE SYS$OUTPUT ""
-$       WRITE SYS$OUTPUT "The Option ", P7, -
-         " Is Invalid.  The Valid Options Are:"
-$       WRITE SYS$OUTPUT ""
-$       WRITE SYS$OUTPUT -
-         "    """"       :  Compile with default (short) pointers."
-$       WRITE SYS$OUTPUT -
-         "    32       :  Compile with 32-bit (short) pointers."
-$       WRITE SYS$OUTPUT -
-         "    64       :  Compile with 64-bit (long) pointers (auto ARGV)."
-$       WRITE SYS$OUTPUT -
-         "    64=      :  Compile with 64-bit (long) pointers (no ARGV)."
-$       WRITE SYS$OUTPUT -
-         "    64=ARGV  :  Compile with 64-bit (long) pointers (ARGV)."
-$       WRITE SYS$OUTPUT ""
-$! 
-$!      Time To EXIT.
-$!
-$       EXIT
-$!
-$     ENDIF
-$!
-$   ENDIF
-$!
-$! End The P7 (POINTER_SIZE) Check.
-$!
-$ ENDIF
-$!
-$! Set basic C compiler /INCLUDE directories.
-$!
-$ CC_INCLUDES = "SYS$DISK:[.''ARCHD'],SYS$DISK:[],SYS$DISK:[-],"+ -
-   "SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.MODES],SYS$DISK:[.ASN1],SYS$DISK:[.EVP]"
-$!
-$! Check To See If P3 Is Blank.
-$!
-$ IF (P3.EQS."")
-$ THEN
-$!
-$!  O.K., The User Didn't Specify A Compiler, Let's Try To
-$!  Find Out Which One To Use.
-$!
-$!  Check To See If We Have GNU C.
-$!
-$   IF (F$TRNLNM("GNU_CC").NES."")
-$   THEN
-$!
-$!    Looks Like GNUC, Set To Use GNUC.
-$!
-$     P3 = "GNUC"
-$!
-$!  Else...
-$!
-$   ELSE
-$!
-$!    Check To See If We Have VAXC Or DECC.
-$!
-$     IF (ARCH.NES."VAX").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
-$     THEN 
-$!
-$!      Looks Like DECC, Set To Use DECC.
-$!
-$       P3 = "DECC"
-$!
-$!    Else...
-$!
-$     ELSE
-$!
-$!      Looks Like VAXC, Set To Use VAXC.
-$!
-$       P3 = "VAXC"
-$!
-$!    End The VAXC Compiler Check.
-$!
-$     ENDIF
-$!
-$!  End The DECC & VAXC Compiler Check.
-$!
-$   ENDIF
-$!
-$!  End The Compiler Check.
-$!
-$ ENDIF
-$!
-$! Check To See If We Have A Option For P4.
-$!
-$ IF (P4.EQS."")
-$ THEN
-$!
-$!  Find out what socket library we have available
-$!
-$   IF F$PARSE("SOCKETSHR:") .NES. ""
-$   THEN
-$!
-$!    We have SOCKETSHR, and it is my opinion that it's the best to use.
-$!
-$     P4 = "SOCKETSHR"
-$!
-$!    Tell the user
-$!
-$     WRITE SYS$OUTPUT "Using SOCKETSHR for TCP/IP"
-$!
-$!    Else, let's look for something else
-$!
-$   ELSE
-$!
-$!    Like UCX (the reason to do this before Multinet is that the UCX
-$!    emulation is easier to use...)
-$!
-$     IF F$TRNLNM("UCX$IPC_SHR") .NES. "" -
-         .OR. F$PARSE("SYS$SHARE:UCX$IPC_SHR.EXE") .NES. "" -
-         .OR. F$PARSE("SYS$LIBRARY:UCX$IPC.OLB") .NES. ""
-$     THEN
-$!
-$!      Last resort: a UCX or UCX-compatible library
-$!
-$       P4 = "UCX"
-$!
-$!      Tell the user
-$!
-$       WRITE SYS$OUTPUT "Using UCX or an emulation thereof for TCP/IP"
-$!
-$!      That was all...
-$!
-$     ENDIF
-$   ENDIF
-$ ENDIF
-$!
-$! Set Up Initial CC Definitions, Possibly With User Ones
-$!
-$ CCDEFS = "TCPIP_TYPE_''P4',DSO_VMS"
-$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
-$ CCEXTRAFLAGS = ""
-$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = "" !!! "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
-$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
-        CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
-$!
-$! Check To See If We Have A ZLIB Option.
-$!
-$ ZLIB = P8
-$ IF (ZLIB .NES. "")
-$ THEN
-$!
-$!  Check for expected ZLIB files.
-$!
-$   err = 0
-$   file1 = f$parse( "zlib.h", ZLIB, , , "SYNTAX_ONLY")
-$   if (f$search( file1) .eqs. "")
-$   then
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid."
-$     WRITE SYS$OUTPUT "    Can't find header: ''file1'"
-$     err = 1
-$   endif
-$   file1 = f$parse( "A.;", ZLIB)- "A.;"
-$!
-$   file2 = f$parse( ZLIB, "libz.olb", , , "SYNTAX_ONLY")
-$   if (f$search( file2) .eqs. "")
-$   then
-$     if (err .eq. 0)
-$     then
-$       WRITE SYS$OUTPUT ""
-$       WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid."
-$     endif
-$     WRITE SYS$OUTPUT "    Can't find library: ''file2'"
-$     WRITE SYS$OUTPUT ""
-$     err = err+ 2
-$   endif
-$   if (err .eq. 1)
-$   then
-$     WRITE SYS$OUTPUT ""
-$   endif
-$!
-$   if (err .ne. 0)
-$   then
-$     EXIT
-$   endif
-$!
-$   CCDEFS = """ZLIB=1"", "+ CCDEFS
-$   CC_INCLUDES = CC_INCLUDES+ ", "+ file1
-$   ZLIB_LIB = ", ''file2' /library"
-$!
-$!  Print info
-$!
-$   WRITE SYS$OUTPUT "ZLIB library spec: ", file2
-$!
-$! End The ZLIB Check.
-$!
-$ ENDIF
-$!
-$!  Check To See If The User Entered A Valid Parameter.
-$!
-$ IF (P3.EQS."VAXC").OR.(P3.EQS."DECC").OR.(P3.EQS."GNUC")
-$ THEN
-$!
-$!    Check To See If The User Wanted DECC.
-$!
-$   IF (P3.EQS."DECC")
-$   THEN
-$!
-$!    Looks Like DECC, Set To Use DECC.
-$!
-$     COMPILER = "DECC"
-$!
-$!    Tell The User We Are Using DECC.
-$!
-$     WRITE SYS$OUTPUT "Using DECC 'C' Compiler."
-$!
-$!    Use DECC...
-$!
-$     CC = "CC"
-$     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
-         THEN CC = "CC/DECC"
-$     CC = CC + " /''CC_OPTIMIZE' /''DEBUGGER' /STANDARD=RELAXED"+ -
-       "''POINTER_SIZE' /NOLIST /PREFIX=ALL" + -
-       " /INCLUDE=(''CC_INCLUDES')"+ -
-       CCEXTRAFLAGS
-$!
-$!    Define The Linker Options File Name.
-$!
-$     OPT_FILE = "VAX_DECC_OPTIONS.OPT"
-$!
-$!  End DECC Check.
-$!
-$   ENDIF
-$!
-$!  Check To See If We Are To Use VAXC.
-$!
-$   IF (P3.EQS."VAXC")
-$   THEN
-$!
-$!    Looks Like VAXC, Set To Use VAXC.
-$!
-$     COMPILER = "VAXC"
-$!
-$!    Tell The User We Are Using VAX C.
-$!
-$     WRITE SYS$OUTPUT "Using VAXC 'C' Compiler."
-$!
-$!    Compile Using VAXC.
-$!
-$     CC = "CC"
-$     IF ARCH.NES."VAX"
-$     THEN
-$       WRITE SYS$OUTPUT "There is no VAX C on ''ARCH'!"
-$       EXIT
-$     ENDIF
-$     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
-$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-       "/INCLUDE=(''CC_INCLUDES')"+ -
-           CCEXTRAFLAGS
-$     CCDEFS = """VAXC""," + CCDEFS
-$!
-$!    Define <sys> As SYS$COMMON:[SYSLIB]
-$!
-$     DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
-$!
-$!    Define The Linker Options File Name.
-$!
-$     OPT_FILE = "VAX_VAXC_OPTIONS.OPT"
-$!
-$!  End VAXC Check
-$!
-$   ENDIF
-$!
-$!  Check To See If We Are To Use GNU C.
-$!
-$   IF (P3.EQS."GNUC")
-$   THEN
-$!
-$!    Looks Like GNUC, Set To Use GNUC.
-$!
-$     COMPILER = "GNUC"
-$!
-$!    Tell The User We Are Using GNUC.
-$!
-$     WRITE SYS$OUTPUT "Using GNU 'C' Compiler."
-$!
-$!    Use GNU C...
-$!
-$     CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-       "/INCLUDE=(''CC_INCLUDES')"+ -
-           CCEXTRAFLAGS
-$!
-$!    Define The Linker Options File Name.
-$!
-$     OPT_FILE = "VAX_GNUC_OPTIONS.OPT"
-$!
-$!  End The GNU C Check.
-$!
-$   ENDIF
-$!
-$!  Set up default defines
-$!
-$   CCDEFS = """FLAT_INC=1""," + CCDEFS
-$!
-$!  Finish up the definition of CC.
-$!
-$   IF COMPILER .EQS. "DECC"
-$   THEN
-$     IF CCDISABLEWARNINGS .EQS. ""
-$     THEN
-$       CC4DISABLEWARNINGS = "DOLLARID"
-$       CC6DISABLEWARNINGS = "MIXLINKAGE"
-$     ELSE
-$       CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID"
-$       CC6DISABLEWARNINGS = CCDISABLEWARNINGS + ",MIXLINKAGE"
-$       CCDISABLEWARNINGS = " /WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
-$     ENDIF
-$     CC4DISABLEWARNINGS = " /WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
-$     CC6DISABLEWARNINGS = " /WARNING=(DISABLE=(" + CC6DISABLEWARNINGS + "))"
-$   ELSE
-$     CCDISABLEWARNINGS = ""
-$     CC4DISABLEWARNINGS = ""
-$     CC6DISABLEWARNINGS = ""
-$   ENDIF
-$   CC3 = CC + " /DEFINE=(" + CCDEFS + ISSEVEN + ")" + CCDISABLEWARNINGS
-$   CC = CC + " /DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
-$   IF ARCH .EQS. "VAX" .AND. COMPILER .EQS. "DECC" .AND. P2 .NES. "DEBUG"
-$   THEN
-$     CC5 = CC + " /OPTIMIZE=NODISJOINT"
-$     CC5_DIFFERENT = 1
-$   ELSE
-$     CC5 = CC
-$     CC5_DIFFERENT = 0
-$   ENDIF
-$   CC4 = CC - CCDISABLEWARNINGS + CC4DISABLEWARNINGS
-$   CC6 = CC - CCDISABLEWARNINGS + CC6DISABLEWARNINGS
-$!
-$!  Show user the result
-$!
-$   WRITE/SYMBOL SYS$OUTPUT "Main C Compiling Command: ",CC
-$!
-$!  Else The User Entered An Invalid Argument.
-$!
-$ ELSE
-$!
-$!  Tell The User We Don't Know What They Want.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The Option ",P3," Is Invalid.  The Valid Options Are:"
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "    VAXC  :  To Compile With VAX C."
-$   WRITE SYS$OUTPUT "    DECC  :  To Compile With DEC C."
-$   WRITE SYS$OUTPUT "    GNUC  :  To Compile With GNU C."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Time To EXIT.
-$!
-$   EXIT
-$!
-$! End The Valid Argument Check.
-$!
-$ ENDIF
-$!
-$! Build a MACRO command for the architecture at hand
-$!
-$ IF ARCH .EQS. "VAX" THEN MACRO = "MACRO/''DEBUGGER'"
-$ IF ARCH .NES. "VAX" THEN MACRO = "MACRO/MIGRATION/''DEBUGGER'/''MACRO_OPTIMIZE'"
-$!
-$!  Show user the result
-$!
-$   WRITE/SYMBOL SYS$OUTPUT "Main MACRO Compiling Command: ",MACRO
-$!
-$! Time to check the contents, and to make sure we get the correct library.
-$!
-$ IF P4.EQS."SOCKETSHR" .OR. P4.EQS."MULTINET" .OR. P4.EQS."UCX" -
-     .OR. P4.EQS."TCPIP" .OR. P4.EQS."NONE"
-$ THEN
-$!
-$!  Check to see if SOCKETSHR was chosen
-$!
-$   IF P4.EQS."SOCKETSHR"
-$   THEN
-$!
-$!    Set the library to use SOCKETSHR
-$!
-$     TCPIP_LIB = ",SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT /OPTIONS"
-$!
-$!    Done with SOCKETSHR
-$!
-$   ENDIF
-$!
-$!  Check to see if MULTINET was chosen
-$!
-$   IF P4.EQS."MULTINET"
-$   THEN
-$!
-$!    Set the library to use UCX emulation.
-$!
-$     P4 = "UCX"
-$!
-$!    Done with MULTINET
-$!
-$   ENDIF
-$!
-$!  Check to see if UCX was chosen
-$!
-$   IF P4.EQS."UCX"
-$   THEN
-$!
-$!    Set the library to use UCX.
-$!
-$     TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT /OPTIONS"
-$     IF F$TRNLNM("UCX$IPC_SHR") .NES. ""
-$     THEN
-$       TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT /OPTIONS"
-$     ELSE
-$       IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN -
-          TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT /OPTIONS"
-$     ENDIF
-$!
-$!    Done with UCX
-$!
-$   ENDIF
-$!
-$!  Check to see if TCPIP was chosen
-$!
-$   IF P4.EQS."TCPIP"
-$   THEN
-$!
-$!    Set the library to use TCPIP (post UCX).
-$!
-$     TCPIP_LIB = ",SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT /OPTIONS"
-$!
-$!    Done with TCPIP
-$!
-$   ENDIF
-$!
-$!  Check to see if NONE was chosen
-$!
-$   IF P4.EQS."NONE"
-$   THEN
-$!
-$!    Do not use a TCPIP library.
-$!
-$     TCPIP_LIB = ""
-$!
-$!    Done with TCPIP
-$!
-$   ENDIF
-$!
-$!  Print info
-$!
-$   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB- ","
-$!
-$!  Else The User Entered An Invalid Argument.
-$!
-$ ELSE
-$!
-$!  Tell The User We Don't Know What They Want.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The Option ",P4," Is Invalid.  The Valid Options Are:"
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "    SOCKETSHR  :  To link with SOCKETSHR TCP/IP library."
-$   WRITE SYS$OUTPUT "    UCX        :  To link with UCX TCP/IP library."
-$   WRITE SYS$OUTPUT "    TCPIP      :  To link with TCPIP (post UCX) TCP/IP library."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Time To EXIT.
-$!
-$   EXIT
-$!
-$!  Done with TCP/IP libraries
-$!
-$ ENDIF
-$!
-$! Check if the user wanted to compile just a subset of all the encryption
-$! methods.
-$!
-$ IF P6 .NES. ""
-$ THEN
-$   ENCRYPT_TYPES = P6
-$ ENDIF
-$!
-$!  Time To RETURN...
-$!
-$ RETURN
-$!
-$ INITIALISE:
-$!
-$! Save old value of the logical name OPENSSL
-$!
-$ __SAVE_OPENSSL = F$TRNLNM("OPENSSL","LNM$PROCESS_TABLE")
-$!
-$! Save directory information
-$!
-$ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A.;"
-$ __HERE = F$EDIT(__HERE,"UPCASE")
-$ __TOP = __HERE - "CRYPTO]"
-$ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
-$!
-$! Set up the logical name OPENSSL to point at the include directory
-$!
-$ DEFINE OPENSSL/NOLOG '__INCLUDE'
-$!
-$! Done
-$!
-$ RETURN
-$!
-$ CLEANUP:
-$!
-$! Restore the logical name OPENSSL if it had a value
-$!
-$ IF __SAVE_OPENSSL .EQS. ""
-$ THEN
-$   DEASSIGN OPENSSL
-$ ELSE
-$   DEFINE/NOLOG OPENSSL '__SAVE_OPENSSL'
-$ ENDIF
-$!
-$! Done
-$!
-$ RETURN
diff --git a/src/lib/libssl/src/crypto/crypto.h b/src/lib/libssl/src/crypto/crypto.h
index 6aeda0a9ac..f92fc5182d 100644
--- a/src/lib/libssl/src/crypto/crypto.h
+++ b/src/lib/libssl/src/crypto/crypto.h
@@ -488,10 +488,10 @@ void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int),
                                     long (**go)(void));
 
 void *CRYPTO_malloc_locked(int num, const char *file, int line);
-void CRYPTO_free_locked(void *);
+void CRYPTO_free_locked(void *ptr);
 void *CRYPTO_malloc(int num, const char *file, int line);
 char *CRYPTO_strdup(const char *str, const char *file, int line);
-void CRYPTO_free(void *);
+void CRYPTO_free(void *ptr);
 void *CRYPTO_realloc(void *addr,int num, const char *file, int line);
 void *CRYPTO_realloc_clean(void *addr,int old_num,int num,const char *file,
                            int line);
@@ -574,6 +574,13 @@ void OPENSSL_init(void);
 #define fips_cipher_abort(alg) while(0)
 #endif
 
+/* CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It
+ * takes an amount of time dependent on |len|, but independent of the contents
+ * of |a| and |b|. Unlike memcmp, it cannot be used to put elements into a
+ * defined order as the return value when a != b is undefined, other than to be
+ * non-zero. */
+int CRYPTO_memcmp(const void *a, const void *b, size_t len);
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
diff --git a/src/lib/libssl/src/crypto/des/des-lib.com b/src/lib/libssl/src/crypto/des/des-lib.com
deleted file mode 100644
index 348f1c0470..0000000000
--- a/src/lib/libssl/src/crypto/des/des-lib.com
+++ /dev/null
@@ -1,1005 +0,0 @@
-$!
-$!  DES-LIB.COM
-$!  Written By:  Robert Byer
-$!               Vice-President
-$!               A-Com Computing, Inc.
-$!               byer@mail.all-net.net
-$!
-$!  Changes by Richard Levitte <richard@levitte.org>
-$!
-$!  This command files compiles and creates the 
-$!  "[.xxx.EXE.CRYPTO.DES]LIBDES.OLB" library.  The "xxx" denotes the machine 
-$!  architecture of ALPHA, IA64 or VAX.
-$!
-$!  It was re-written to try to determine which "C" compiler to try to use
-$!  or the user can specify a compiler in P3.
-$!
-$!  Specify one of the following to build just that part, specify "ALL" to
-$!  just build everything.
-$!
-$!         ALL       To Just Build "Everything".
-$!         LIBRARY   To Just Build The [.xxx.EXE.CRYPTO.DES]LIBDES.OLB Library.
-$!         DESTEST   To Just Build The [.xxx.EXE.CRYPTO.DES]DESTEST.EXE Program.
-$!         SPEED     To Just Build The [.xxx.EXE.CRYPTO.DES]SPEED.EXE Program.
-$!         RPW       To Just Build The [.xxx.EXE.CRYPTO.DES]RPW.EXE Program.
-$!         DES       To Just Build The [.xxx.EXE.CRYPTO.DES]DES.EXE Program.
-$!         DES_OPTS  To Just Build The [.xxx.EXE.CRYPTO.DES]DES_OPTS.EXE Program.
-$!
-$!  Specify either DEBUG or NODEBUG as P2 to compile with or without
-$!  debugging information.
-$!
-$!  Specify which compiler at P3 to try to compile under.
-$!
-$!         VAXC  For VAX C.
-$!         DECC  For DEC C.
-$!         GNUC  For GNU C.
-$!
-$!  If you don't speficy a compiler, it will try to determine which
-$!  "C" compiler to try to use.
-$!
-$!  P4, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
-$!
-$!
-$! Make sure we know what architecture we run on.
-$!
-$!
-$! Check Which Architecture We Are Using.
-$!
-$ IF (F$GETSYI("CPU").LT.128)
-$ THEN
-$!
-$!  The Architecture Is VAX
-$!
-$   ARCH := VAX
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$!  The Architecture Is Alpha, IA64 or whatever comes in the future.
-$!
-$   ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
-$   IF (ARCH .EQS. "") THEN ARCH = "UNK"
-$!
-$! End The Architecture Check.
-$!
-$ ENDIF
-$!
-$! Define The OBJ Directory Name.
-$!
-$ OBJ_DIR := SYS$DISK:[--.'ARCH'.OBJ.CRYPTO.DES]
-$!
-$! Define The EXE Directory Name.
-$!
-$ EXE_DIR :== SYS$DISK:[--.'ARCH'.EXE.CRYPTO.DES]
-$!
-$! Check To Make Sure We Have Valid Command Line Parameters.
-$!
-$ GOSUB CHECK_OPTIONS
-$!
-$! Tell The User What Kind of Machine We Run On.
-$!
-$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine."
-$!
-$! Check To See If The Architecture Specific OBJ Directory Exists.
-$!
-$ IF (F$PARSE(OBJ_DIR).EQS."")
-$ THEN
-$!
-$!  It Dosen't Exist, So Create It.
-$!
-$   CREATE/DIR 'OBJ_DIR'
-$!
-$! End The Architecture Specific OBJ Directory Check.
-$!
-$ ENDIF
-$!
-$! Check To See If The Architecture Specific Directory Exists.
-$!
-$ IF (F$PARSE(EXE_DIR).EQS."")
-$ THEN
-$!
-$!  It Dosen't Exist, So Create It.
-$!
-$   CREATE/DIR 'EXE_DIR'
-$!
-$! End The Architecture Specific Directory Check.
-$!
-$ ENDIF
-$!
-$! Define The Library Name.
-$!
-$ LIB_NAME := 'EXE_DIR'LIBDES.OLB
-$!
-$! Check To See What We Are To Do.
-$!
-$ IF (BUILDALL.EQS."TRUE")
-$ THEN
-$!
-$!  Since Nothing Special Was Specified, Do Everything.
-$!
-$   GOSUB LIBRARY
-$   GOSUB DESTEST
-$   GOSUB SPEED
-$   GOSUB RPW
-$   GOSUB DES
-$   GOSUB DES_OPTS
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$!    Build Just What The User Wants Us To Build.
-$!
-$     GOSUB 'BUILDALL'
-$!
-$! End The BUILDALL Check.
-$!
-$ ENDIF
-$!
-$! Time To EXIT.
-$!
-$ EXIT
-$ LIBRARY:
-$!
-$! Tell The User That We Are Compiling.
-$!
-$ WRITE SYS$OUTPUT "Compiling The ",LIB_NAME," Files."
-$!
-$! Check To See If We Already Have A "[.xxx.EXE.CRYPTO.DES]LIBDES.OLB" Library...
-$!
-$ IF (F$SEARCH(LIB_NAME).EQS."")
-$ THEN
-$!
-$! Guess Not, Create The Library.
-$!
-$   LIBRARY/CREATE/OBJECT 'LIB_NAME'
-$!
-$! End The Library Exist Check.
-$!
-$ ENDIF
-$!
-$! Define The DES Library Files.
-$!
-$ LIB_DES = "set_key,ecb_enc,cbc_enc,"+ -
-                "ecb3_enc,cfb64enc,cfb64ede,cfb_enc,ofb64ede,"+ -
-                "enc_read,enc_writ,ofb64enc,"+ -
-                "ofb_enc,str2key,pcbc_enc,qud_cksm,rand_key,"+ -
-                "des_enc,fcrypt_b,read2pwd,"+ -
-                "fcrypt,xcbc_enc,read_pwd,rpc_enc,cbc_cksm,supp"
-$!
-$!  Define A File Counter And Set It To "0".
-$!
-$ FILE_COUNTER = 0
-$!
-$! Top Of The File Loop.
-$!
-$ NEXT_FILE:
-$!
-$! O.K, Extract The File Name From The File List.
-$!
-$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",LIB_DES)
-$!
-$! Check To See If We Are At The End Of The File List.
-$!
-$ IF (FILE_NAME.EQS.",") THEN GOTO FILE_DONE
-$!
-$! Increment The Counter.
-$!
-$ FILE_COUNTER = FILE_COUNTER + 1
-$!
-$! Create The Source File Name.
-$!
-$ SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME + ".C"
-$!
-$!  Tell The User We Are Compiling The Source File.
-$!
-$ WRITE SYS$OUTPUT "    ",FILE_NAME,".C"
-$!
-$! Create The Object File Name.
-$!
-$ OBJECT_FILE = OBJ_DIR + FILE_NAME + "." + ARCH + "OBJ"
-$ ON WARNING THEN GOTO NEXT_FILE
-$!
-$! Check To See If The File We Want To Compile Actually Exists.
-$!
-$ IF (F$SEARCH(SOURCE_FILE).EQS."")
-$ THEN
-$!
-$!  Tell The User That The File Dosen't Exist.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Dosen't Exist."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Exit The Build.
-$!
-$   EXIT
-$!
-$! End The File Exists Check.
-$!
-$ ENDIF
-$!
-$! Compile The File.
-$!
-$ ON ERROR THEN GOTO NEXT_FILE
-$ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
-$!
-$! Add It To The Library.
-$!
-$ LIBRARY/REPLACE/OBJECT 'LIB_NAME' 'OBJECT_FILE'
-$!
-$! Time To Clean Up The Object File.
-$!
-$ DELETE 'OBJECT_FILE';*
-$!
-$! Go Back And Do It Again.
-$!
-$ GOTO NEXT_FILE
-$!
-$! All Done With This Library Part.
-$!
-$ FILE_DONE:
-$!
-$! Tell The User That We Are All Done.
-$!
-$ WRITE SYS$OUTPUT "Library ",LIB_NAME," Built."
-$!
-$! All Done, Time To Return.
-$!
-$ RETURN
-$!
-$!  Compile The DESTEST Program.
-$!
-$ DESTEST:
-$!
-$! Check To See If We Have The Proper Libraries.
-$!
-$ GOSUB LIB_CHECK
-$!
-$! Check To See If We Have A Linker Option File.
-$!
-$ GOSUB CHECK_OPT_FILE
-$!
-$! Check To See If The File We Want To Compile Actually Exists.
-$!
-$ IF (F$SEARCH("SYS$DISK:[]DESTEST.C").EQS."")
-$ THEN
-$!
-$!  Tell The User That The File Dosen't Exist.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The File DESTEST.C Dosen't Exist."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Exit The Build.
-$!
-$   EXIT
-$!
-$! End The DESTEST.C File Check.
-$!
-$ ENDIF
-$!
-$! Tell The User What We Are Building.
-$!
-$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"DESTEST.EXE"
-$!
-$! Compile The DESTEST Program.
-$!
-$ CC/OBJECT='OBJ_DIR'DESTEST.OBJ SYS$DISK:[]DESTEST.C
-$!
-$! Link The DESTEST Program.
-$!
-$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'DESTEST.EXE -
-      'OBJ_DIR'DESTEST.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION
-$!
-$! All Done, Time To Return.
-$!
-$ RETURN
-$!
-$!  Compile The SPEED Program.
-$!
-$ SPEED:
-$!
-$! Check To See If We Have The Proper Libraries.
-$!
-$ GOSUB LIB_CHECK
-$!
-$! Check To See If We Have A Linker Option File.
-$!
-$ GOSUB CHECK_OPT_FILE
-$!
-$! Check To See If The File We Want To Compile Actually Exists.
-$!
-$ IF (F$SEARCH("SYS$DISK:[]SPEED.C").EQS."")
-$ THEN
-$!
-$!  Tell The User That The File Dosen't Exist.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The File SPEED.C Dosen't Exist."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Exit The Build.
-$!
-$   EXIT
-$!
-$! End The SPEED.C File Check.
-$!
-$ ENDIF
-$!
-$! Tell The User What We Are Building.
-$!
-$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"SPEED.EXE"
-$!
-$! Compile The SPEED Program.
-$!
-$ CC/OBJECT='OBJ_DIR'SPEED.OBJ SYS$DISK:[]SPEED.C
-$!
-$! Link The SPEED Program.
-$!
-$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'SPEED.EXE -
-      'OBJ_DIR'SPEED.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION
-$!
-$! All Done, Time To Return.
-$!
-$ RETURN
-$!
-$!  Compile The RPW Program.
-$!
-$ RPW:
-$!
-$! Check To See If We Have The Proper Libraries.
-$!
-$ GOSUB LIB_CHECK
-$!
-$! Check To See If We Have A Linker Option File.
-$!
-$ GOSUB CHECK_OPT_FILE
-$!
-$! Check To See If The File We Want To Compile Actually Exists.
-$!
-$ IF (F$SEARCH("SYS$DISK:[]RPW.C").EQS."")
-$ THEN
-$!
-$!  Tell The User That The File Dosen't Exist.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The File RPW.C Dosen't Exist."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Exit The Build.
-$!
-$   EXIT
-$!
-$! End The RPW.C File Check.
-$!
-$ ENDIF
-$!
-$! Tell The User What We Are Building.
-$!
-$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"RPW.EXE"
-$!
-$! Compile The RPW Program.
-$!
-$ CC/OBJECT='OBJ_DIR'RPW.OBJ SYS$DISK:[]RPW.C
-$!
-$! Link The RPW Program.
-$!
-$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'RPW.EXE -
-      'OBJ_DIR'RPW.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION
-$!
-$! All Done, Time To Return.
-$!
-$ RETURN
-$!
-$!  Compile The DES Program.
-$!
-$ DES:
-$!
-$! Check To See If We Have The Proper Libraries.
-$!
-$ GOSUB LIB_CHECK
-$!
-$! Check To See If We Have A Linker Option File.
-$!
-$ GOSUB CHECK_OPT_FILE
-$!
-$! Check To See If The File We Want To Compile Actually Exists.
-$!
-$ IF (F$SEARCH("SYS$DISK:[]DES.C").EQS."")
-$ THEN
-$!
-$!  Tell The User That The File Dosen't Exist.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The File DES.C Dosen't Exist."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Exit The Build.
-$!
-$   EXIT
-$!
-$! End The DES.C File Check.
-$!
-$ ENDIF
-$!
-$! Tell The User What We Are Building.
-$!
-$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"DES.EXE"
-$!
-$! Compile The DES Program.
-$!
-$ CC/OBJECT='OBJ_DIR'DES.OBJ SYS$DISK:[]DES.C
-$ CC/OBJECT='OBJ_DIR'DES.OBJ SYS$DISK:[]CBC3_ENC.C
-$!
-$! Link The DES Program.
-$!
-$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'DES.EXE -
-      'OBJ_DIR'DES.OBJ,'OBJ_DIR'CBC3_ENC.OBJ,-
-      'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION
-$!
-$! All Done, Time To Return.
-$!
-$ RETURN
-$!
-$!  Compile The DES_OPTS Program.
-$!
-$ DES_OPTS:
-$!
-$! Check To See If We Have The Proper Libraries.
-$!
-$ GOSUB LIB_CHECK
-$!
-$! Check To See If We Have A Linker Option File.
-$!
-$ GOSUB CHECK_OPT_FILE
-$!
-$! Check To See If The File We Want To Compile Actually Exists.
-$!
-$ IF (F$SEARCH("SYS$DISK:[]DES_OPTS.C").EQS."")
-$ THEN
-$!
-$!  Tell The User That The File Dosen't Exist.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The File DES_OPTS.C Dosen't Exist."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Exit The Build.
-$!
-$   EXIT
-$!
-$! End The DES_OPTS.C File Check.
-$!
-$ ENDIF
-$!
-$! Tell The User What We Are Building.
-$!
-$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"DES_OPTS.EXE"
-$!
-$! Compile The DES_OPTS Program.
-$!
-$ CC/OBJECT='OBJ_DIR'DES_OPTS.OBJ SYS$DISK:[]DES_OPTS.C
-$!
-$! Link The DES_OPTS Program.
-$!
-$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'DES_OPTS.EXE -
-      'OBJ_DIR'DES_OPTS.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION
-$!
-$! All Done, Time To Return.
-$!
-$ RETURN
-$ EXIT
-$!
-$! Check For The Link Option FIle.
-$!
-$ CHECK_OPT_FILE:
-$!
-$! Check To See If We Need To Make A VAX C Option File.
-$!
-$ IF (COMPILER.EQS."VAXC")
-$ THEN
-$!
-$!  Check To See If We Already Have A VAX C Linker Option File.
-$!
-$   IF (F$SEARCH(OPT_FILE).EQS."")
-$   THEN
-$!
-$!    We Need A VAX C Linker Option File.
-$!
-$     CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File To Link Agianst 
-! The Sharable VAX C Runtime Library.
-!
-SYS$SHARE:VAXCRTL.EXE/SHARE
-$EOD
-$!
-$!  End The Option File Check.
-$!
-$   ENDIF
-$!
-$! End The VAXC Check.
-$!
-$ ENDIF
-$!
-$! Check To See If We Need A GNU C Option File.
-$!
-$ IF (COMPILER.EQS."GNUC")
-$ THEN
-$!
-$!  Check To See If We Already Have A GNU C Linker Option File.
-$!
-$   IF (F$SEARCH(OPT_FILE).EQS."")
-$   THEN
-$!
-$!    We Need A GNU C Linker Option File.
-$!
-$     CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File To Link Agianst 
-! The Sharable C Runtime Library.
-!
-GNU_CC:[000000]GCCLIB/LIBRARY
-SYS$SHARE:VAXCRTL/SHARE
-$EOD
-$!
-$!  End The Option File Check.
-$!
-$   ENDIF
-$!
-$! End The GNU C Check.
-$!
-$ ENDIF
-$!
-$! Check To See If We Need A DEC C Option File.
-$!
-$ IF (COMPILER.EQS."DECC")
-$ THEN
-$!
-$!  Check To See If We Already Have A DEC C Linker Option File.
-$!
-$   IF (F$SEARCH(OPT_FILE).EQS."")
-$   THEN
-$!
-$!    Figure Out If We Need An non-VAX Or A VAX Linker Option File.
-$!
-$     IF (F$GETSYI("CPU").LT.128)
-$     THEN
-$!
-$!      We Need A DEC C Linker Option File For VAX.
-$!
-$       CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File To Link Agianst 
-! The Sharable DEC C Runtime Library.
-!
-SYS$SHARE:DECC$SHR.EXE/SHARE
-$EOD
-$!
-$!    Else...
-$!
-$     ELSE
-$!
-$!      Create The non-VAX Linker Option File.
-$!
-$       CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File For non-VAX To Link Agianst 
-! The Sharable C Runtime Library.
-!
-SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
-SYS$SHARE:CMA$OPEN_RTL/SHARE
-$EOD
-$!
-$!    End The DEC C Option File Check.
-$!
-$     ENDIF
-$!
-$!  End The Option File Search.
-$!
-$   ENDIF
-$!
-$! End The DEC C Check.
-$!
-$ ENDIF
-$!
-$!  Tell The User What Linker Option File We Are Using.
-$!
-$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"."     
-$!
-$! Time To RETURN.
-$!
-$ RETURN
-$!
-$! Library Check.
-$!
-$ LIB_CHECK:
-$!
-$!  Look For The Library LIBDES.OLB.
-$!
-$ IF (F$SEARCH(LIB_NAME).EQS."")
-$ THEN
-$!
-$!    Tell The User We Can't Find The [.xxx.CRYPTO.DES]LIBDES.OLB Library.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "Can't Find The Library ",LIB_NAME,"."
-$   WRITE SYS$OUTPUT "We Can't Link Without It."
-$   WRITE SYS$OUTPUT ""
-$!
-$!    Since We Can't Link Without It, Exit.
-$!
-$   EXIT
-$ ENDIF
-$!
-$! Time To Return.
-$!
-$ RETURN
-$!
-$! Check The User's Options.
-$!
-$ CHECK_OPTIONS:
-$!
-$! Check To See If We Are To "Just Build Everything".
-$!
-$ IF (P1.EQS."ALL")
-$ THEN
-$!
-$!   P1 Is "ALL", So Build Everything.
-$!
-$    BUILDALL = "TRUE"
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$!  Else, Check To See If P1 Has A Valid Argument.
-$!
-$   IF (P1.EQS."LIBRARY").OR.(P1.EQS."DESTEST").OR.(P1.EQS."SPEED") -
-       .OR.(P1.EQS."RPW").OR.(P1.EQS."DES").OR.(P1.EQS."DES_OPTS")
-$   THEN
-$!
-$!    A Valid Argument.
-$!
-$     BUILDALL = P1
-$!
-$!  Else...
-$!
-$   ELSE
-$!
-$!    Tell The User We Don't Know What They Want.
-$!
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "The Option ",P1," Is Invalid.  The Valid Options Are:"
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "    ALL      :  Just Build Everything."
-$     WRITE SYS$OUTPUT "    LIBRARY  :  To Compile Just The [.xxx.EXE.CRYPTO.DES]LIBDES.OLB Library."
-$     WRITE SYS$OUTPUT "    DESTEST  :  To Compile Just The [.xxx.EXE.CRYPTO.DES]DESTEST.EXE Program."
-$     WRITE SYS$OUTPUT "    SPEED    :  To Compile Just The [.xxx.EXE.CRYPTO.DES]SPEED.EXE Program."
-$     WRITE SYS$OUTPUT "    RPW      :  To Compile Just The [.xxx.EXE.CRYPTO.DES]RPW.EXE Program."
-$     WRITE SYS$OUTPUT "    DES      :  To Compile Just The [.xxx.EXE.CRYPTO.DES]DES.EXE Program."
-$     WRITE SYS$OUTPUT "    DES_OPTS :  To Compile Just The [.xxx.EXE.CRYTPO.DES]DES_OPTS.EXE Program."
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT " Where 'xxx' Stands For: "
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "    ALPHA    :  Alpha Architecture."
-$     WRITE SYS$OUTPUT "    IA64     :  IA64 Architecture."
-$     WRITE SYS$OUTPUT "    VAX      :  VAX Architecture."
-$     WRITE SYS$OUTPUT ""
-$!
-$!    Time To EXIT.
-$!
-$     EXIT
-$!
-$!  End The Valid Argument Check.
-$!
-$   ENDIF
-$!
-$! End The P1 Check.
-$!
-$ ENDIF
-$!
-$! Check To See If We Are To Compile Without Debugger Information.
-$!
-$ IF (P2.EQS."NODEBUG")
-$ THEN
-$!
-$!   P2 Is Blank, So Compile Without Debugger Information.
-$!
-$    DEBUGGER  = "NODEBUG"
-$    TRACEBACK = "NOTRACEBACK" 
-$    GCC_OPTIMIZE = "OPTIMIZE"
-$    CC_OPTIMIZE = "OPTIMIZE"
-$    WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
-$    WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$!  Check To See If We Are To Compile With Debugger Information.
-$!
-$   IF (P2.EQS."DEBUG")
-$   THEN
-$!
-$!    Compile With Debugger Information.
-$!
-$     DEBUGGER  = "DEBUG"
-$     TRACEBACK = "TRACEBACK"
-$     GCC_OPTIMIZE = "NOOPTIMIZE"
-$     CC_OPTIMIZE = "NOOPTIMIZE"
-$     WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile."
-$     WRITE SYS$OUTPUT "Compiling Without Compiler Optimization."
-$!
-$!  Else...
-$!
-$   ELSE
-$!
-$!    Tell The User Entered An Invalid Option..
-$!
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "The Option ",P2," Is Invalid.  The Valid Options Are:"
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "    DEBUG    :  Compile With The Debugger Information."
-$     WRITE SYS$OUTPUT "    NODEBUG  :  Compile Without The Debugger Information."
-$     WRITE SYS$OUTPUT ""
-$!
-$!    Time To EXIT.
-$!
-$     EXIT
-$!
-$!  End The Valid Argument Check.
-$!
-$   ENDIF
-$!
-$! End The P2 Check.
-$!
-$ ENDIF
-$!
-$! Special Threads For OpenVMS v7.1 Or Later.
-$!
-$! Written By:  Richard Levitte
-$!              richard@levitte.org
-$!
-$!
-$! Check To See If We Have A Option For P4.
-$!
-$ IF (P4.EQS."")
-$ THEN
-$!
-$!  Get The Version Of VMS We Are Using.
-$!
-$   ISSEVEN := ""
-$   TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION")))
-$   TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP))
-$!
-$!  Check To See If The VMS Version Is v7.1 Or Later.
-$!
-$   IF (TMP.GE.71)
-$   THEN
-$!
-$!    We Have OpenVMS v7.1 Or Later, So Use The Special Threads.
-$!
-$     ISSEVEN := ,PTHREAD_USE_D4
-$!
-$!  End The VMS Version Check.
-$!
-$   ENDIF
-$!
-$! End The P4 Check.
-$!
-$ ENDIF
-$!
-$! Check To See If P3 Is Blank.
-$!
-$ IF (P3.EQS."")
-$ THEN
-$!
-$!  O.K., The User Didn't Specify A Compiler, Let's Try To
-$!  Find Out Which One To Use.
-$!
-$!  Check To See If We Have GNU C.
-$!
-$   IF (F$TRNLNM("GNU_CC").NES."")
-$   THEN
-$!
-$!    Looks Like GNUC, Set To Use GNUC.
-$!
-$     P3 = "GNUC"
-$!
-$!  Else...
-$!
-$   ELSE
-$!
-$!    Check To See If We Have VAXC Or DECC.
-$!
-$     IF (ARCH.NES."VAX").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
-$     THEN 
-$!
-$!      Looks Like DECC, Set To Use DECC.
-$!
-$       P3 = "DECC"
-$!
-$!    Else...
-$!
-$     ELSE
-$!
-$!      Looks Like VAXC, Set To Use VAXC.
-$!
-$       P3 = "VAXC"
-$!
-$!    End The VAXC Compiler Check.
-$!
-$     ENDIF
-$!
-$!  End The DECC & VAXC Compiler Check.
-$!
-$   ENDIF
-$!
-$!  End The Compiler Check.
-$!
-$ ENDIF
-$!
-$! Set Up Initial CC Definitions, Possibly With User Ones
-$!
-$ CCDEFS = ""
-$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = USER_CCDEFS
-$ CCEXTRAFLAGS = ""
-$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = ""
-$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
-        CCDISABLEWARNINGS = USER_CCDISABLEWARNINGS
-$!
-$!  Check To See If The User Entered A Valid Paramter.
-$!
-$ IF (P3.EQS."VAXC").OR.(P3.EQS."DECC").OR.(P3.EQS."GNUC")
-$ THEN
-$!
-$!    Check To See If The User Wanted DECC.
-$!
-$   IF (P3.EQS."DECC")
-$   THEN
-$!
-$!    Looks Like DECC, Set To Use DECC.
-$!
-$     COMPILER = "DECC"
-$!
-$!    Tell The User We Are Using DECC.
-$!
-$     WRITE SYS$OUTPUT "Using DECC 'C' Compiler."
-$!
-$!    Use DECC...
-$!
-$     CC = "CC"
-$     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
-         THEN CC = "CC/DECC"
-$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
-           "/NOLIST/PREFIX=ALL" + CCEXTRAFLAGS
-$!
-$!    Define The Linker Options File Name.
-$!
-$     OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT"
-$!
-$!  End DECC Check.
-$!
-$   ENDIF
-$!
-$!  Check To See If We Are To Use VAXC.
-$!
-$   IF (P3.EQS."VAXC")
-$   THEN
-$!
-$!    Looks Like VAXC, Set To Use VAXC.
-$!
-$     COMPILER = "VAXC"
-$!
-$!    Tell The User We Are Using VAX C.
-$!
-$     WRITE SYS$OUTPUT "Using VAXC 'C' Compiler."
-$!
-$!    Compile Using VAXC.
-$!
-$     CC = "CC"
-$     IF ARCH.NES."VAX"
-$     THEN
-$       WRITE SYS$OUTPUT "There is no VAX C on ''ARCH'!"
-$       EXIT
-$     ENDIF
-$     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
-$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + CCEXTRAFLAGS
-$     CCDEFS = """VAXC""," + CCDEFS
-$!
-$!    Define <sys> As SYS$COMMON:[SYSLIB]
-$!
-$     DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
-$!
-$!    Define The Linker Options File Name.
-$!
-$     OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT"
-$!
-$!  End VAXC Check
-$!
-$   ENDIF
-$!
-$!  Check To See If We Are To Use GNU C.
-$!
-$   IF (P3.EQS."GNUC")
-$   THEN
-$!
-$!    Looks Like GNUC, Set To Use GNUC.
-$!
-$     COMPILER = "GNUC"
-$!
-$!    Tell The User We Are Using GNUC.
-$!
-$     WRITE SYS$OUTPUT "Using GNU 'C' Compiler."
-$!
-$!    Use GNU C...
-$!
-$     CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + CCEXTRAFLAGS
-$!
-$!    Define The Linker Options File Name.
-$!
-$     OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT"
-$!
-$!  End The GNU C Check.
-$!
-$   ENDIF
-$!
-$!  Set up default defines
-$!
-$   CCDEFS = """FLAT_INC=1""," + CCDEFS
-$!
-$!  Finish up the definition of CC.
-$!
-$   IF COMPILER .EQS. "DECC"
-$   THEN
-$     IF CCDISABLEWARNINGS .EQS. ""
-$     THEN
-$       CC4DISABLEWARNINGS = "DOLLARID"
-$     ELSE
-$       CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID"
-$       CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
-$     ENDIF
-$     CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
-$   ELSE
-$     CCDISABLEWARNINGS = ""
-$     CC4DISABLEWARNINGS = ""
-$   ENDIF
-$   CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
-$!
-$!  Show user the result
-$!
-$   WRITE SYS$OUTPUT "Main Compiling Command: ",CC
-$!
-$!  Else The User Entered An Invalid Argument.
-$!
-$ ELSE
-$!
-$!  Tell The User We Don't Know What They Want.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The Option ",P3," Is Invalid.  The Valid Options Are:"
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "    VAXC  :  To Compile With VAX C."
-$   WRITE SYS$OUTPUT "    DECC  :  To Compile With DEC C."
-$   WRITE SYS$OUTPUT "    GNUC  :  To Compile With GNU C."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Time To EXIT.
-$!
-$   EXIT
-$!
-$! End The P3 Check.
-$!
-$ ENDIF
-$!
-$!  Time To RETURN...
-$!
-$ RETURN
diff --git a/src/lib/libssl/src/crypto/des/des.h b/src/lib/libssl/src/crypto/des/des.h
index 23c8cfc901..1eaedcbd24 100644
--- a/src/lib/libssl/src/crypto/des/des.h
+++ b/src/lib/libssl/src/crypto/des/des.h
@@ -56,8 +56,8 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef HEADER_DES_H
-#define HEADER_DES_H
+#ifndef HEADER_NEW_DES_H
+#define HEADER_NEW_DES_H
 
 #include <openssl/e_os2.h>      /* OPENSSL_EXTERN, OPENSSL_NO_DES,
                                    DES_LONG (via openssl/opensslconf.h */
@@ -71,8 +71,6 @@
 # define OPENSSL_EXTERN OPENSSL_EXPORT
 #endif
 
-#define des_SPtrans DES_SPtrans
-
 #ifdef  __cplusplus
 extern "C" {
 #endif
diff --git a/src/lib/libssl/src/crypto/des/des_old.h b/src/lib/libssl/src/crypto/des/des_old.h
index 8665ba4e7e..2b2c372354 100644
--- a/src/lib/libssl/src/crypto/des/des_old.h
+++ b/src/lib/libssl/src/crypto/des/des_old.h
@@ -88,8 +88,8 @@
  *
  */
 
-#ifndef HEADER_DES_OLD_H
-#define HEADER_DES_OLD_H
+#ifndef HEADER_DES_H
+#define HEADER_DES_H
 
 #include <openssl/e_os2.h>      /* OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG */
 
@@ -97,7 +97,7 @@
 #error DES is disabled.
 #endif
 
-#ifndef HEADER_DES_H
+#ifndef HEADER_NEW_DES_H
 #error You must include des.h, not des_old.h directly.
 #endif
 
diff --git a/src/lib/libssl/src/crypto/des/set_key.c b/src/lib/libssl/src/crypto/des/set_key.c
index d3e69ca8b5..da4d62e112 100644
--- a/src/lib/libssl/src/crypto/des/set_key.c
+++ b/src/lib/libssl/src/crypto/des/set_key.c
@@ -63,9 +63,8 @@
  * 1.1 added norm_expand_bits
  * 1.0 First working version
  */
-#include "des_locl.h"
-
 #include <openssl/crypto.h>
+#include "des_locl.h"
 
 OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key,0)   /* defaults to false */
 
diff --git a/src/lib/libssl/src/crypto/des/str2key.c b/src/lib/libssl/src/crypto/des/str2key.c
index 9c2054bda6..1077f99d1b 100644
--- a/src/lib/libssl/src/crypto/des/str2key.c
+++ b/src/lib/libssl/src/crypto/des/str2key.c
@@ -56,8 +56,8 @@
  * [including the GNU Public Licence.]
  */
 
-#include "des_locl.h"
 #include <openssl/crypto.h>
+#include "des_locl.h"
 
 void DES_string_to_key(const char *str, DES_cblock *key)
         {
diff --git a/src/lib/libssl/src/crypto/dso/dso_dlfcn.c b/src/lib/libssl/src/crypto/dso/dso_dlfcn.c
index e21b9f6dbc..5f351b318d 100644
--- a/src/lib/libssl/src/crypto/dso/dso_dlfcn.c
+++ b/src/lib/libssl/src/crypto/dso/dso_dlfcn.c
@@ -86,7 +86,7 @@ DSO_METHOD *DSO_METHOD_dlfcn(void)
 # if defined(_AIX) || defined(__CYGWIN__) || \
      defined(__SCO_VERSION__) || defined(_SCO_ELF) || \
      (defined(__osf__) && !defined(RTLD_NEXT))     || \
-     (defined(__OpenBSD__) && (!defined(__ELF__) || !defined(RTLD_SELF))) || \
+     (defined(__OpenBSD__) && !defined(RTLD_SELF)) || \
         defined(__ANDROID__)
 #  undef HAVE_DLINFO
 # endif
diff --git a/src/lib/libssl/src/crypto/ec/ec.h b/src/lib/libssl/src/crypto/ec/ec.h
index 9d01325af3..dfe8710d33 100644
--- a/src/lib/libssl/src/crypto/ec/ec.h
+++ b/src/lib/libssl/src/crypto/ec/ec.h
@@ -274,10 +274,10 @@ int EC_GROUP_get_curve_name(const EC_GROUP *group);
 void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag);
 int EC_GROUP_get_asn1_flag(const EC_GROUP *group);
 
-void EC_GROUP_set_point_conversion_form(EC_GROUP *, point_conversion_form_t);
+void EC_GROUP_set_point_conversion_form(EC_GROUP *group, point_conversion_form_t form);
 point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *);
 
-unsigned char *EC_GROUP_get0_seed(const EC_GROUP *);
+unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x);
 size_t EC_GROUP_get_seed_len(const EC_GROUP *);
 size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len);
 
@@ -626,8 +626,8 @@ int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *c
  */
 int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);
 
-int EC_POINT_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
-int EC_POINTs_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
+int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx);
+int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx);
 
 /** Computes r = generator * n sum_{i=0}^num p[i] * m[i]
  *  \param  group  underlying EC_GROUP object
@@ -800,16 +800,24 @@ const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key);
 int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub);
 
 unsigned EC_KEY_get_enc_flags(const EC_KEY *key);
-void EC_KEY_set_enc_flags(EC_KEY *, unsigned int);
-point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *);
-void EC_KEY_set_conv_form(EC_KEY *, point_conversion_form_t);
+void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags);
+point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key);
+void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform);
 /* functions to set/get method specific data  */
-void *EC_KEY_get_key_method_data(EC_KEY *, 
+void *EC_KEY_get_key_method_data(EC_KEY *key, 
         void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
-void EC_KEY_insert_key_method_data(EC_KEY *, void *data,
+/** Sets the key method data of an EC_KEY object, if none has yet been set.
+ *  \param  key              EC_KEY object
+ *  \param  data             opaque data to install.
+ *  \param  dup_func         a function that duplicates |data|.
+ *  \param  free_func        a function that frees |data|.
+ *  \param  clear_free_func  a function that wipes and frees |data|.
+ *  \return the previously set data pointer, or NULL if |data| was inserted.
+ */
+void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data,
         void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
 /* wrapper functions for the underlying EC_GROUP object */
-void EC_KEY_set_asn1_flag(EC_KEY *, int);
+void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag);
 
 /** Creates a table of pre-computed multiples of the generator to 
  *  accelerate further EC_KEY operations.
diff --git a/src/lib/libssl/src/crypto/ec/ec_lib.c b/src/lib/libssl/src/crypto/ec/ec_lib.c
index 25247b5803..de9a0cc2b3 100644
--- a/src/lib/libssl/src/crypto/ec/ec_lib.c
+++ b/src/lib/libssl/src/crypto/ec/ec_lib.c
@@ -480,10 +480,10 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx)
         if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) !=
             EC_METHOD_get_field_type(EC_GROUP_method_of(b)))
                 return 1;
-        /* compare the curve name (if present) */
+        /* compare the curve name (if present in both) */
         if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) &&
-            EC_GROUP_get_curve_name(a) == EC_GROUP_get_curve_name(b))
-                return 0;
+            EC_GROUP_get_curve_name(a) != EC_GROUP_get_curve_name(b))
+                return 1;
 
         if (!ctx)
                 ctx_new = ctx = BN_CTX_new();
@@ -993,12 +993,12 @@ int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN
         if (group->meth->point_cmp == 0)
                 {
                 ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return 0;
+                return -1;
                 }
         if ((group->meth != a->meth) || (a->meth != b->meth))
                 {
                 ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS);
-                return 0;
+                return -1;
                 }
         return group->meth->point_cmp(group, a, b, ctx);
         }
diff --git a/src/lib/libssl/src/crypto/ec/ecp_mont.c b/src/lib/libssl/src/crypto/ec/ecp_mont.c
index 079e47431b..f04f132c7a 100644
--- a/src/lib/libssl/src/crypto/ec/ecp_mont.c
+++ b/src/lib/libssl/src/crypto/ec/ecp_mont.c
@@ -114,7 +114,6 @@ const EC_METHOD *EC_GFp_mont_method(void)
                 ec_GFp_mont_field_decode,
                 ec_GFp_mont_field_set_to_one };
 
-
         return &ret;
 #endif
         }
diff --git a/src/lib/libssl/src/crypto/ec/ectest.c b/src/lib/libssl/src/crypto/ec/ectest.c
index f107782de0..102eaa9b23 100644
--- a/src/lib/libssl/src/crypto/ec/ectest.c
+++ b/src/lib/libssl/src/crypto/ec/ectest.c
@@ -236,7 +236,7 @@ static void group_order_tests(EC_GROUP *group)
         }
 
 static void prime_field_tests(void)
-        {       
+        {
         BN_CTX *ctx = NULL;
         BIGNUM *p, *a, *b;
         EC_GROUP *group;
diff --git a/src/lib/libssl/src/crypto/ecdh/Makefile b/src/lib/libssl/src/crypto/ecdh/Makefile
index 65d8904ee8..ba05fea05c 100644
--- a/src/lib/libssl/src/crypto/ecdh/Makefile
+++ b/src/lib/libssl/src/crypto/ecdh/Makefile
@@ -84,17 +84,12 @@ ech_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 ech_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 ech_err.o: ech_err.c
 ech_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-ech_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-ech_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-ech_key.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-ech_key.o: ../../include/openssl/engine.h ../../include/openssl/evp.h
-ech_key.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-ech_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-ech_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-ech_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-ech_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-ech_key.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-ech_key.o: ../../include/openssl/x509_vfy.h ech_key.c ech_locl.h
+ech_key.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ech_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+ech_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ech_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+ech_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ech_key.o: ech_key.c ech_locl.h
 ech_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 ech_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 ech_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
diff --git a/src/lib/libssl/src/crypto/engine/eng_all.c b/src/lib/libssl/src/crypto/engine/eng_all.c
index 0ae5d672b1..6093376df4 100644
--- a/src/lib/libssl/src/crypto/engine/eng_all.c
+++ b/src/lib/libssl/src/crypto/engine/eng_all.c
@@ -73,7 +73,6 @@ void ENGINE_load_builtin_engines(void)
 #if !defined(OPENSSL_NO_HW) && (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV))
         ENGINE_load_cryptodev();
 #endif
-
 #ifndef OPENSSL_NO_RSAX
         ENGINE_load_rsax();
 #endif
diff --git a/src/lib/libssl/src/crypto/engine/eng_list.c b/src/lib/libssl/src/crypto/engine/eng_list.c
index 27846edb1e..95c858960b 100644
--- a/src/lib/libssl/src/crypto/engine/eng_list.c
+++ b/src/lib/libssl/src/crypto/engine/eng_list.c
@@ -408,6 +408,7 @@ ENGINE *ENGINE_by_id(const char *id)
                                 !ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) ||
                                 !ENGINE_ctrl_cmd_string(iterator, "DIR_ADD",
                                         load_dir, 0) ||
+                                !ENGINE_ctrl_cmd_string(iterator, "LIST_ADD", "1", 0) ||
                                 !ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0))
                                 goto notfound;
                 return iterator;
diff --git a/src/lib/libssl/src/crypto/err/err_all.c b/src/lib/libssl/src/crypto/err/err_all.c
index bd8946d8ba..8eb547d98d 100644
--- a/src/lib/libssl/src/crypto/err/err_all.c
+++ b/src/lib/libssl/src/crypto/err/err_all.c
@@ -64,7 +64,9 @@
 #endif
 #include <openssl/buffer.h>
 #include <openssl/bio.h>
+#ifndef OPENSSL_NO_COMP
 #include <openssl/comp.h>
+#endif
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
@@ -95,6 +97,9 @@
 #include <openssl/ui.h>
 #include <openssl/ocsp.h>
 #include <openssl/err.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
 #include <openssl/ts.h>
 #ifndef OPENSSL_NO_CMS
 #include <openssl/cms.h>
@@ -102,11 +107,6 @@
 #ifndef OPENSSL_NO_JPAKE
 #include <openssl/jpake.h>
 #endif
-#include <openssl/comp.h>
-
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
 
 void ERR_load_crypto_strings(void)
         {
@@ -130,7 +130,9 @@ void ERR_load_crypto_strings(void)
         ERR_load_ASN1_strings();
         ERR_load_CONF_strings();
         ERR_load_CRYPTO_strings();
+#ifndef OPENSSL_NO_COMP
         ERR_load_COMP_strings();
+#endif
 #ifndef OPENSSL_NO_EC
         ERR_load_EC_strings();
 #endif
@@ -153,15 +155,14 @@ void ERR_load_crypto_strings(void)
 #endif
         ERR_load_OCSP_strings();
         ERR_load_UI_strings();
+#ifdef OPENSSL_FIPS
+        ERR_load_FIPS_strings();
+#endif
 #ifndef OPENSSL_NO_CMS
         ERR_load_CMS_strings();
 #endif
 #ifndef OPENSSL_NO_JPAKE
         ERR_load_JPAKE_strings();
 #endif
-        ERR_load_COMP_strings();
-#endif
-#ifdef OPENSSL_FIPS
-        ERR_load_FIPS_strings();
 #endif
         }
diff --git a/src/lib/libssl/src/crypto/evp/Makefile b/src/lib/libssl/src/crypto/evp/Makefile
index 0fe1b96bff..0447b442bc 100644
--- a/src/lib/libssl/src/crypto/evp/Makefile
+++ b/src/lib/libssl/src/crypto/evp/Makefile
@@ -67,7 +67,7 @@ files:
 links:
         @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
         @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
-        cp $(TESTDATA) ../../test
+        @[ -f $(TESTDATA) ] && cp $(TESTDATA) ../../test && echo "$(TESTDATA) -> ../../test/$(TESTDATA)"
         @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
@@ -356,6 +356,20 @@ evp_acnf.o: ../../include/openssl/opensslconf.h
 evp_acnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 evp_acnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 evp_acnf.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_acnf.c
+evp_cnf.o: ../../e_os.h ../../include/openssl/asn1.h
+evp_cnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+evp_cnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+evp_cnf.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+evp_cnf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+evp_cnf.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+evp_cnf.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+evp_cnf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_cnf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+evp_cnf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+evp_cnf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+evp_cnf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+evp_cnf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+evp_cnf.o: ../../include/openssl/x509v3.h ../cryptlib.h evp_cnf.c
 evp_enc.o: ../../e_os.h ../../include/openssl/asn1.h
 evp_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 evp_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
@@ -437,28 +451,22 @@ evp_pkey.o: ../asn1/asn1_locl.h ../cryptlib.h evp_pkey.c
 m_dss.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 m_dss.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 m_dss.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-m_dss.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-m_dss.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-m_dss.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-m_dss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_dss.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-m_dss.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_dss.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_dss.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+m_dss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_dss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 m_dss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 m_dss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_dss.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 m_dss.o: ../cryptlib.h m_dss.c
 m_dss1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 m_dss1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 m_dss1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-m_dss1.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-m_dss1.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-m_dss1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-m_dss1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_dss1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-m_dss1.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_dss1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_dss1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+m_dss1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_dss1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 m_dss1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 m_dss1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_dss1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 m_dss1.o: ../cryptlib.h m_dss1.c
 m_ecdsa.o: ../../e_os.h ../../include/openssl/asn1.h
 m_ecdsa.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
@@ -563,16 +571,13 @@ m_sha.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 m_sha.o: ../cryptlib.h evp_locl.h m_sha.c
 m_sha1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 m_sha1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-m_sha1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-m_sha1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-m_sha1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_sha1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-m_sha1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-m_sha1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-m_sha1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+m_sha1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_sha1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+m_sha1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_sha1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_sha1.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
 m_sha1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 m_sha1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_sha1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 m_sha1.o: ../cryptlib.h m_sha1.c
 m_sigver.o: ../../e_os.h ../../include/openssl/asn1.h
 m_sigver.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
diff --git a/src/lib/libssl/src/crypto/evp/bio_b64.c b/src/lib/libssl/src/crypto/evp/bio_b64.c
index 72a2a67277..ac6d441aad 100644
--- a/src/lib/libssl/src/crypto/evp/bio_b64.c
+++ b/src/lib/libssl/src/crypto/evp/bio_b64.c
@@ -264,7 +264,7 @@ static int b64_read(BIO *b, char *out, int outl)
                                 }
 
                         /* we fell off the end without starting */
-                        if (j == i)
+                        if ((j == i) && (num == 0))
                                 {
                                 /* Is this is one long chunk?, if so, keep on
                                  * reading until a new line. */
diff --git a/src/lib/libssl/src/crypto/evp/digest.c b/src/lib/libssl/src/crypto/evp/digest.c
index 467e6b5ae9..d14e8e48d5 100644
--- a/src/lib/libssl/src/crypto/evp/digest.c
+++ b/src/lib/libssl/src/crypto/evp/digest.c
@@ -267,6 +267,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
         return FIPS_digestfinal(ctx, md, size);
 #else
         int ret;
+
         OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
         ret=ctx->digest->final(ctx,md);
         if (size != NULL)
@@ -365,8 +366,11 @@ int EVP_Digest(const void *data, size_t count,
 
 void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
         {
-        EVP_MD_CTX_cleanup(ctx);
-        OPENSSL_free(ctx);
+        if (ctx)
+                {
+                EVP_MD_CTX_cleanup(ctx);
+                OPENSSL_free(ctx);
+                }
         }
 
 /* This call frees resources associated with the context */
diff --git a/src/lib/libssl/src/crypto/evp/e_aes.c b/src/lib/libssl/src/crypto/evp/e_aes.c
index 1e4af0cb75..c7869b69ef 100644
--- a/src/lib/libssl/src/crypto/evp/e_aes.c
+++ b/src/lib/libssl/src/crypto/evp/e_aes.c
@@ -842,7 +842,10 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                         gctx->ctr = NULL;
                         break;
                         }
+                else
 #endif
+                (void)0;        /* terminate potentially open 'else' */
+
                 AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks);
                 CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f)AES_encrypt);
 #ifdef AES_CTR_ASM
@@ -969,8 +972,6 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 
         if (!gctx->iv_set)
                 return -1;
-        if (!ctx->encrypt && gctx->taglen < 0)
-                return -1;
         if (in)
                 {
                 if (out == NULL)
@@ -1012,6 +1013,8 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                 {
                 if (!ctx->encrypt)
                         {
+                        if (gctx->taglen < 0)
+                                return -1;
                         if (CRYPTO_gcm128_finish(&gctx->gcm,
                                         ctx->buf, gctx->taglen) != 0)
                                 return -1;
@@ -1083,14 +1086,17 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                         xctx->xts.block1 = (block128_f)vpaes_decrypt;
                         }
 
-                vpaes_set_encrypt_key(key + ctx->key_len/2,
+                    vpaes_set_encrypt_key(key + ctx->key_len/2,
                                                 ctx->key_len * 4, &xctx->ks2);
-                xctx->xts.block2 = (block128_f)vpaes_encrypt;
+                    xctx->xts.block2 = (block128_f)vpaes_encrypt;
 
-                xctx->xts.key1 = &xctx->ks1;
-                break;
-                }
+                    xctx->xts.key1 = &xctx->ks1;
+                    break;
+                    }
+                else
 #endif
+                (void)0;        /* terminate potentially open 'else' */
+
                 if (enc)
                         {
                         AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1);
@@ -1217,6 +1223,7 @@ static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                         vpaes_set_encrypt_key(key, ctx->key_len*8, &cctx->ks);
                         CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
                                         &cctx->ks, (block128_f)vpaes_encrypt);
+                        cctx->str = NULL;
                         cctx->key_set = 1;
                         break;
                         }
diff --git a/src/lib/libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c b/src/lib/libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c
index 483e04b605..fb2c884a78 100644
--- a/src/lib/libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/src/lib/libssl/src/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -328,10 +328,11 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 
                                 if (res!=SHA_CBLOCK) continue;
 
-                                mask = 0-((inp_len+8-j)>>(sizeof(j)*8-1));
+                                /* j is not incremented yet */
+                                mask = 0-((inp_len+7-j)>>(sizeof(j)*8-1));
                                 data->u[SHA_LBLOCK-1] |= bitlen&mask;
                                 sha1_block_data_order(&key->md,data,1);
-                                mask &= 0-((j-inp_len-73)>>(sizeof(j)*8-1));
+                                mask &= 0-((j-inp_len-72)>>(sizeof(j)*8-1));
                                 pmac->u[0] |= key->md.h0 & mask;
                                 pmac->u[1] |= key->md.h1 & mask;
                                 pmac->u[2] |= key->md.h2 & mask;
diff --git a/src/lib/libssl/src/crypto/evp/e_des3.c b/src/lib/libssl/src/crypto/evp/e_des3.c
index 1e69972662..8d7b7de292 100644
--- a/src/lib/libssl/src/crypto/evp/e_des3.c
+++ b/src/lib/libssl/src/crypto/evp/e_des3.c
@@ -101,7 +101,7 @@ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                               const unsigned char *in, size_t inl)
 {
-        if (inl>=EVP_MAXCHUNK)
+        while (inl>=EVP_MAXCHUNK)
                 {
                 DES_ede3_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK,
                                &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
@@ -132,7 +132,7 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         printf("\n");
         }
 #endif    /* KSSL_DEBUG */
-        if (inl>=EVP_MAXCHUNK)
+        while (inl>=EVP_MAXCHUNK)
                 {
                 DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK,
                              &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
@@ -151,7 +151,7 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                               const unsigned char *in, size_t inl)
 {
-        if (inl>=EVP_MAXCHUNK)
+        while (inl>=EVP_MAXCHUNK)
                 {
                 DES_ede3_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, 
                                &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
diff --git a/src/lib/libssl/src/crypto/evp/evp.h b/src/lib/libssl/src/crypto/evp/evp.h
index 3b1fa87576..faeb3c24e6 100644
--- a/src/lib/libssl/src/crypto/evp/evp.h
+++ b/src/lib/libssl/src/crypto/evp/evp.h
@@ -788,8 +788,8 @@ const EVP_CIPHER *EVP_aes_128_cfb128(void);
 # define EVP_aes_128_cfb EVP_aes_128_cfb128
 const EVP_CIPHER *EVP_aes_128_ofb(void);
 const EVP_CIPHER *EVP_aes_128_ctr(void);
-const EVP_CIPHER *EVP_aes_128_gcm(void);
 const EVP_CIPHER *EVP_aes_128_ccm(void);
+const EVP_CIPHER *EVP_aes_128_gcm(void);
 const EVP_CIPHER *EVP_aes_128_xts(void);
 const EVP_CIPHER *EVP_aes_192_ecb(void);
 const EVP_CIPHER *EVP_aes_192_cbc(void);
@@ -799,8 +799,8 @@ const EVP_CIPHER *EVP_aes_192_cfb128(void);
 # define EVP_aes_192_cfb EVP_aes_192_cfb128
 const EVP_CIPHER *EVP_aes_192_ofb(void);
 const EVP_CIPHER *EVP_aes_192_ctr(void);
-const EVP_CIPHER *EVP_aes_192_gcm(void);
 const EVP_CIPHER *EVP_aes_192_ccm(void);
+const EVP_CIPHER *EVP_aes_192_gcm(void);
 const EVP_CIPHER *EVP_aes_256_ecb(void);
 const EVP_CIPHER *EVP_aes_256_cbc(void);
 const EVP_CIPHER *EVP_aes_256_cfb1(void);
@@ -809,8 +809,8 @@ const EVP_CIPHER *EVP_aes_256_cfb128(void);
 # define EVP_aes_256_cfb EVP_aes_256_cfb128
 const EVP_CIPHER *EVP_aes_256_ofb(void);
 const EVP_CIPHER *EVP_aes_256_ctr(void);
-const EVP_CIPHER *EVP_aes_256_gcm(void);
 const EVP_CIPHER *EVP_aes_256_ccm(void);
+const EVP_CIPHER *EVP_aes_256_gcm(void);
 const EVP_CIPHER *EVP_aes_256_xts(void);
 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
 const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void);
@@ -1242,6 +1242,8 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
         int (*ctrl_str)(EVP_PKEY_CTX *ctx,
                                         const char *type, const char *value));
 
+void EVP_add_alg_module(void);
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
@@ -1256,6 +1258,7 @@ void ERR_load_EVP_strings(void);
 #define EVP_F_AES_INIT_KEY                               133
 #define EVP_F_AES_XTS                                    172
 #define EVP_F_AES_XTS_CIPHER                             175
+#define EVP_F_ALG_MODULE_INIT                            177
 #define EVP_F_CAMELLIA_INIT_KEY                          159
 #define EVP_F_CMAC_INIT                                  173
 #define EVP_F_D2I_PKEY                                   100
@@ -1349,15 +1352,19 @@ void ERR_load_EVP_strings(void);
 #define EVP_R_DIFFERENT_PARAMETERS                       153
 #define EVP_R_DISABLED_FOR_FIPS                          163
 #define EVP_R_ENCODE_ERROR                               115
+#define EVP_R_ERROR_LOADING_SECTION                      165
+#define EVP_R_ERROR_SETTING_FIPS_MODE                    166
 #define EVP_R_EVP_PBE_CIPHERINIT_ERROR                   119
 #define EVP_R_EXPECTING_AN_RSA_KEY                       127
 #define EVP_R_EXPECTING_A_DH_KEY                         128
 #define EVP_R_EXPECTING_A_DSA_KEY                        129
 #define EVP_R_EXPECTING_A_ECDSA_KEY                      141
 #define EVP_R_EXPECTING_A_EC_KEY                         142
+#define EVP_R_FIPS_MODE_NOT_SUPPORTED                    167
 #define EVP_R_INITIALIZATION_ERROR                       134
 #define EVP_R_INPUT_NOT_INITIALIZED                      111
 #define EVP_R_INVALID_DIGEST                             152
+#define EVP_R_INVALID_FIPS_MODE                          168
 #define EVP_R_INVALID_KEY_LENGTH                         130
 #define EVP_R_INVALID_OPERATION                          148
 #define EVP_R_IV_TOO_LARGE                               102
@@ -1382,6 +1389,7 @@ void ERR_load_EVP_strings(void);
 #define EVP_R_TOO_LARGE                                  164
 #define EVP_R_UNKNOWN_CIPHER                             160
 #define EVP_R_UNKNOWN_DIGEST                             161
+#define EVP_R_UNKNOWN_OPTION                             169
 #define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
 #define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS                135
 #define EVP_R_UNSUPPORTED_ALGORITHM                      156
diff --git a/src/lib/libssl/src/crypto/evp/evp_err.c b/src/lib/libssl/src/crypto/evp/evp_err.c
index db0f76d59b..08eab9882f 100644
--- a/src/lib/libssl/src/crypto/evp/evp_err.c
+++ b/src/lib/libssl/src/crypto/evp/evp_err.c
@@ -75,6 +75,7 @@ static ERR_STRING_DATA EVP_str_functs[]=
 {ERR_FUNC(EVP_F_AES_INIT_KEY),  "AES_INIT_KEY"},
 {ERR_FUNC(EVP_F_AES_XTS),       "AES_XTS"},
 {ERR_FUNC(EVP_F_AES_XTS_CIPHER),        "AES_XTS_CIPHER"},
+{ERR_FUNC(EVP_F_ALG_MODULE_INIT),       "ALG_MODULE_INIT"},
 {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY),     "CAMELLIA_INIT_KEY"},
 {ERR_FUNC(EVP_F_CMAC_INIT),     "CMAC_INIT"},
 {ERR_FUNC(EVP_F_D2I_PKEY),      "D2I_PKEY"},
@@ -171,15 +172,19 @@ static ERR_STRING_DATA EVP_str_reasons[]=
 {ERR_REASON(EVP_R_DIFFERENT_PARAMETERS)  ,"different parameters"},
 {ERR_REASON(EVP_R_DISABLED_FOR_FIPS)     ,"disabled for fips"},
 {ERR_REASON(EVP_R_ENCODE_ERROR)          ,"encode error"},
+{ERR_REASON(EVP_R_ERROR_LOADING_SECTION) ,"error loading section"},
+{ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE),"error setting fips mode"},
 {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"},
 {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY)  ,"expecting an rsa key"},
 {ERR_REASON(EVP_R_EXPECTING_A_DH_KEY)    ,"expecting a dh key"},
 {ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY)   ,"expecting a dsa key"},
 {ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY) ,"expecting a ecdsa key"},
 {ERR_REASON(EVP_R_EXPECTING_A_EC_KEY)    ,"expecting a ec key"},
+{ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED),"fips mode not supported"},
 {ERR_REASON(EVP_R_INITIALIZATION_ERROR)  ,"initialization error"},
 {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"},
 {ERR_REASON(EVP_R_INVALID_DIGEST)        ,"invalid digest"},
+{ERR_REASON(EVP_R_INVALID_FIPS_MODE)     ,"invalid fips mode"},
 {ERR_REASON(EVP_R_INVALID_KEY_LENGTH)    ,"invalid key length"},
 {ERR_REASON(EVP_R_INVALID_OPERATION)     ,"invalid operation"},
 {ERR_REASON(EVP_R_IV_TOO_LARGE)          ,"iv too large"},
@@ -204,6 +209,7 @@ static ERR_STRING_DATA EVP_str_reasons[]=
 {ERR_REASON(EVP_R_TOO_LARGE)             ,"too large"},
 {ERR_REASON(EVP_R_UNKNOWN_CIPHER)        ,"unknown cipher"},
 {ERR_REASON(EVP_R_UNKNOWN_DIGEST)        ,"unknown digest"},
+{ERR_REASON(EVP_R_UNKNOWN_OPTION)        ,"unknown option"},
 {ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"},
 {ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS),"unsuported number of rounds"},
 {ERR_REASON(EVP_R_UNSUPPORTED_ALGORITHM) ,"unsupported algorithm"},
diff --git a/src/lib/libssl/src/crypto/evp/m_dss.c b/src/lib/libssl/src/crypto/evp/m_dss.c
index 4ad63ada6f..6fb7e9a861 100644
--- a/src/lib/libssl/src/crypto/evp/m_dss.c
+++ b/src/lib/libssl/src/crypto/evp/m_dss.c
@@ -60,7 +60,7 @@
 #include "cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/objects.h>
-#include <openssl/x509.h>
+#include <openssl/sha.h>
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
diff --git a/src/lib/libssl/src/crypto/evp/m_dss1.c b/src/lib/libssl/src/crypto/evp/m_dss1.c
index f80170efeb..2df362a670 100644
--- a/src/lib/libssl/src/crypto/evp/m_dss1.c
+++ b/src/lib/libssl/src/crypto/evp/m_dss1.c
@@ -63,7 +63,7 @@
 
 #include <openssl/evp.h>
 #include <openssl/objects.h>
-#include <openssl/x509.h>
+#include <openssl/sha.h>
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
diff --git a/src/lib/libssl/src/crypto/evp/m_sha1.c b/src/lib/libssl/src/crypto/evp/m_sha1.c
index 3cb11f1ebb..bd0c01ad3c 100644
--- a/src/lib/libssl/src/crypto/evp/m_sha1.c
+++ b/src/lib/libssl/src/crypto/evp/m_sha1.c
@@ -65,7 +65,7 @@
 
 #include <openssl/evp.h>
 #include <openssl/objects.h>
-#include <openssl/x509.h>
+#include <openssl/sha.h>
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
diff --git a/src/lib/libssl/src/crypto/evp/p5_crpt2.c b/src/lib/libssl/src/crypto/evp/p5_crpt2.c
index 975d004df4..fe3c6c8813 100644
--- a/src/lib/libssl/src/crypto/evp/p5_crpt2.c
+++ b/src/lib/libssl/src/crypto/evp/p5_crpt2.c
@@ -85,19 +85,24 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
         unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4];
         int cplen, j, k, tkeylen, mdlen;
         unsigned long i = 1;
-        HMAC_CTX hctx;
+        HMAC_CTX hctx_tpl, hctx;
 
         mdlen = EVP_MD_size(digest);
         if (mdlen < 0)
                 return 0;
 
-        HMAC_CTX_init(&hctx);
+        HMAC_CTX_init(&hctx_tpl);
         p = out;
         tkeylen = keylen;
         if(!pass)
                 passlen = 0;
         else if(passlen == -1)
                 passlen = strlen(pass);
+        if (!HMAC_Init_ex(&hctx_tpl, pass, passlen, digest, NULL))
+                {
+                HMAC_CTX_cleanup(&hctx_tpl);
+                return 0;
+                }
         while(tkeylen)
                 {
                 if(tkeylen > mdlen)
@@ -111,19 +116,36 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
                 itmp[1] = (unsigned char)((i >> 16) & 0xff);
                 itmp[2] = (unsigned char)((i >> 8) & 0xff);
                 itmp[3] = (unsigned char)(i & 0xff);
-                if (!HMAC_Init_ex(&hctx, pass, passlen, digest, NULL)
-                        || !HMAC_Update(&hctx, salt, saltlen)
-                        || !HMAC_Update(&hctx, itmp, 4)
-                        || !HMAC_Final(&hctx, digtmp, NULL))
+                if (!HMAC_CTX_copy(&hctx, &hctx_tpl))
                         {
+                        HMAC_CTX_cleanup(&hctx_tpl);
+                        return 0;
+                        }
+                if (!HMAC_Update(&hctx, salt, saltlen)
+                    || !HMAC_Update(&hctx, itmp, 4)
+                    || !HMAC_Final(&hctx, digtmp, NULL))
+                        {
+                        HMAC_CTX_cleanup(&hctx_tpl);
                         HMAC_CTX_cleanup(&hctx);
                         return 0;
                         }
+                HMAC_CTX_cleanup(&hctx);
                 memcpy(p, digtmp, cplen);
                 for(j = 1; j < iter; j++)
                         {
-                        HMAC(digest, pass, passlen,
-                                 digtmp, mdlen, digtmp, NULL);
+                        if (!HMAC_CTX_copy(&hctx, &hctx_tpl))
+                                {
+                                HMAC_CTX_cleanup(&hctx_tpl);
+                                return 0;
+                                }
+                        if (!HMAC_Update(&hctx, digtmp, mdlen)
+                            || !HMAC_Final(&hctx, digtmp, NULL))
+                                {
+                                HMAC_CTX_cleanup(&hctx_tpl);
+                                HMAC_CTX_cleanup(&hctx);
+                                return 0;
+                                }
+                        HMAC_CTX_cleanup(&hctx);
                         for(k = 0; k < cplen; k++)
                                 p[k] ^= digtmp[k];
                         }
@@ -131,7 +153,7 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
                 i++;
                 p+= cplen;
                 }
-        HMAC_CTX_cleanup(&hctx);
+        HMAC_CTX_cleanup(&hctx_tpl);
 #ifdef DEBUG_PKCS5V2
         fprintf(stderr, "Password:\n");
         h__dump (pass, passlen);
diff --git a/src/lib/libssl/src/crypto/evp/p_sign.c b/src/lib/libssl/src/crypto/evp/p_sign.c
index dfa48c157c..8afb664306 100644
--- a/src/lib/libssl/src/crypto/evp/p_sign.c
+++ b/src/lib/libssl/src/crypto/evp/p_sign.c
@@ -80,7 +80,7 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
         {
         unsigned char m[EVP_MAX_MD_SIZE];
         unsigned int m_len;
-        int i=0,ok=0,v;
+        int i = 0,ok = 0,v;
         EVP_MD_CTX tmp_ctx;
         EVP_PKEY_CTX *pkctx = NULL;
 
diff --git a/src/lib/libssl/src/crypto/evp/p_verify.c b/src/lib/libssl/src/crypto/evp/p_verify.c
index 5f5c409f45..c66d63ccf8 100644
--- a/src/lib/libssl/src/crypto/evp/p_verify.c
+++ b/src/lib/libssl/src/crypto/evp/p_verify.c
@@ -67,7 +67,7 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
         {
         unsigned char m[EVP_MAX_MD_SIZE];
         unsigned int m_len;
-        int i=-1,ok=0,v;
+        int i = 0,ok = 0,v;
         EVP_MD_CTX tmp_ctx;
         EVP_PKEY_CTX *pkctx = NULL;
 
diff --git a/src/lib/libssl/src/crypto/install-crypto.com b/src/lib/libssl/src/crypto/install-crypto.com
deleted file mode 100755
index 85b3d583cf..0000000000
--- a/src/lib/libssl/src/crypto/install-crypto.com
+++ /dev/null
@@ -1,196 +0,0 @@
-$! INSTALL.COM -- Installs the files in a given directory tree
-$!
-$! Author: Richard Levitte <richard@levitte.org>
-$! Time of creation: 22-MAY-1998 10:13
-$!
-$! Changes by Zoltan Arpadffy <zoli@polarhome.com>
-$!
-$! P1  root of the directory tree
-$! P2  "64" for 64-bit pointers.
-$!
-$!
-$! Announce/identify.
-$!
-$ proc = f$environment( "procedure")
-$ write sys$output "@@@ "+ -
-   f$parse( proc, , , "name")+ f$parse( proc, , , "type")
-$!
-$ on error then goto tidy
-$ on control_c then goto tidy
-$!
-$ if (p1 .eqs. "")
-$ then
-$   write sys$output "First argument missing."
-$   write sys$output -
-     "It should be the directory where you want things installed."
-$     exit
-$ endif
-$!
-$ if (f$getsyi( "cpu") .lt. 128)
-$ then
-$   arch = "VAX"
-$ else
-$   arch = f$edit( f$getsyi( "arch_name"), "upcase")
-$   if (arch .eqs. "") then arch = "UNK"
-$ endif
-$!
-$ archd = arch
-$ lib32 = "32"
-$ shr = "_SHR32"
-$!
-$ if (p2 .nes. "")
-$ then
-$   if (p2 .eqs. "64")
-$   then
-$     archd = arch+ "_64"
-$     lib32 = ""
-$     shr = "_SHR"
-$   else
-$     if (p2 .nes. "32")
-$     then
-$       write sys$output "Second argument invalid."
-$       write sys$output "It should be "32", "64", or nothing."
-$       exit
-$     endif
-$   endif
-$ endif
-$!
-$ root = f$parse( p1, "[]A.;0", , , "syntax_only, no_conceal") - "A.;0"
-$ root_dev = f$parse( root, , , "device", "syntax_only")
-$ root_dir = f$parse( root, , , "directory", "syntax_only") - -
-   "[000000." - "][" - "[" - "]"
-$ root = root_dev + "[" + root_dir
-$!
-$ define /nolog wrk_sslroot 'root'.] /trans=conc
-$ define /nolog wrk_sslinclude wrk_sslroot:[include]
-$ define /nolog wrk_sslxlib wrk_sslroot:['arch'_lib]
-$!
-$ if f$parse("wrk_sslroot:[000000]") .eqs. "" then -
-   create /directory /log wrk_sslroot:[000000]
-$ if f$parse("wrk_sslinclude:") .eqs. "" then -
-   create /directory /log wrk_sslinclude:
-$ if f$parse("wrk_sslxlib:") .eqs. "" then -
-   create /directory /log wrk_sslxlib:
-$!
-$ sdirs := , -
-   'archd', -
-   objects, -
-   md2, md4, md5, sha, mdc2, hmac, ripemd, whrlpool, -
-   des, aes, rc2, rc4, rc5, idea, bf, cast, camellia, seed, -
-   bn, ec, rsa, dsa, ecdsa, dh, ecdh, dso, engine, -
-   buffer, bio, stack, lhash, rand, err, -
-   evp, asn1, pem, x509, x509v3, conf, txt_db, pkcs7, pkcs12, comp, ocsp, -
-   ui, krb5, -
-   store, cms, pqueue, ts, jpake
-$!
-$ exheader_ := crypto.h, opensslv.h, ebcdic.h, symhacks.h, ossl_typ.h
-$ exheader_'archd' := opensslconf.h
-$ exheader_objects := objects.h, obj_mac.h
-$ exheader_md2 := md2.h
-$ exheader_md4 := md4.h
-$ exheader_md5 := md5.h
-$ exheader_sha := sha.h
-$ exheader_mdc2 := mdc2.h
-$ exheader_hmac := hmac.h
-$ exheader_ripemd := ripemd.h
-$ exheader_whrlpool := whrlpool.h
-$ exheader_des := des.h, des_old.h
-$ exheader_aes := aes.h
-$ exheader_rc2 := rc2.h
-$ exheader_rc4 := rc4.h
-$ exheader_rc5 := rc5.h
-$ exheader_idea := idea.h
-$ exheader_bf := blowfish.h
-$ exheader_cast := cast.h
-$ exheader_camellia := camellia.h
-$ exheader_seed := seed.h
-$ exheader_modes := modes.h
-$ exheader_bn := bn.h
-$ exheader_ec := ec.h
-$ exheader_rsa := rsa.h
-$ exheader_dsa := dsa.h
-$ exheader_ecdsa := ecdsa.h
-$ exheader_dh := dh.h
-$ exheader_ecdh := ecdh.h
-$ exheader_dso := dso.h
-$ exheader_engine := engine.h
-$ exheader_buffer := buffer.h
-$ exheader_bio := bio.h
-$ exheader_stack := stack.h, safestack.h
-$ exheader_lhash := lhash.h
-$ exheader_rand := rand.h
-$ exheader_err := err.h
-$ exheader_evp := evp.h
-$ exheader_asn1 := asn1.h, asn1_mac.h, asn1t.h
-$ exheader_pem := pem.h, pem2.h
-$ exheader_x509 := x509.h, x509_vfy.h
-$ exheader_x509v3 := x509v3.h
-$ exheader_conf := conf.h, conf_api.h
-$ exheader_txt_db := txt_db.h
-$ exheader_pkcs7 := pkcs7.h
-$ exheader_pkcs12 := pkcs12.h
-$ exheader_comp := comp.h
-$ exheader_ocsp := ocsp.h
-$ exheader_ui := ui.h, ui_compat.h
-$ exheader_krb5 := krb5_asn.h
-$! exheader_store := store.h, str_compat.h
-$ exheader_store := store.h
-$ exheader_cms := cms.h
-$ exheader_pqueue := pqueue.h
-$ exheader_ts := ts.h
-$ exheader_jpake := jpake.h
-$ libs := ssl_libcrypto
-$!
-$ exe_dir := [-.'archd'.exe.crypto]
-$!
-$! Header files.
-$!
-$ i = 0
-$ loop_sdirs: 
-$   d = f$edit( f$element( i, ",", sdirs), "trim")
-$   i = i + 1
-$   if d .eqs. "," then goto loop_sdirs_end
-$   tmp = exheader_'d'
-$   if (d .nes. "") then d = "."+ d
-$   copy /protection = w:re ['d']'tmp' wrk_sslinclude: /log
-$ goto loop_sdirs
-$ loop_sdirs_end:
-$!
-$! Object libraries, shareable images.
-$!
-$ i = 0
-$ loop_lib: 
-$   e = f$edit( f$element( i, ",", libs), "trim")
-$   i = i + 1
-$   if e .eqs. "," then goto loop_lib_end
-$   set noon
-$   file = exe_dir+ e+ lib32+ ".olb"
-$   if f$search( file) .nes. ""
-$   then
-$     copy /protection = w:re 'file' wrk_sslxlib: /log
-$   endif
-$!
-$   file = exe_dir+ e+ shr+ ".exe"
-$   if f$search( file) .nes. ""
-$   then
-$     copy /protection = w:re 'file' wrk_sslxlib: /log
-$   endif
-$   set on
-$ goto loop_lib
-$ loop_lib_end:
-$!
-$ tidy:
-$!
-$ call deass wrk_sslroot
-$ call deass wrk_sslinclude
-$ call deass wrk_sslxlib
-$!
-$ exit
-$!
-$ deass: subroutine
-$ if (f$trnlnm( p1, "LNM$PROCESS") .nes. "")
-$ then
-$   deassign /process 'p1'
-$ endif
-$ endsubroutine
-$!
diff --git a/src/lib/libssl/src/crypto/install.com b/src/lib/libssl/src/crypto/install.com
deleted file mode 100644
index ad3e4d48c7..0000000000
--- a/src/lib/libssl/src/crypto/install.com
+++ /dev/null
@@ -1,155 +0,0 @@
-$! INSTALL.COM -- Installs the files in a given directory tree
-$!
-$! Author: Richard Levitte <richard@levitte.org>
-$! Time of creation: 22-MAY-1998 10:13
-$!
-$! Changes by Zoltan Arpadffy <zoli@polarhome.com>
-$!
-$! P1   root of the directory tree
-$!
-$       IF P1 .EQS. ""
-$       THEN
-$           WRITE SYS$OUTPUT "First argument missing."
-$           WRITE SYS$OUTPUT -
-                  "It should be the directory where you want things installed."
-$           EXIT
-$       ENDIF
-$
-$       IF (F$GETSYI("CPU").LT.128)
-$       THEN
-$           ARCH := VAX
-$       ELSE
-$           ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
-$           IF (ARCH .EQS. "") THEN ARCH = "UNK"
-$       ENDIF
-$
-$       ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
-$       ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
-$       ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
-                   - "[000000." - "][" - "[" - "]"
-$       ROOT = ROOT_DEV + "[" + ROOT_DIR
-$
-$       DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
-$       DEFINE/NOLOG WRK_SSLLIB WRK_SSLROOT:['ARCH'_LIB]
-$       DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE]
-$
-$       IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
-           CREATE/DIR/LOG WRK_SSLROOT:[000000]
-$       IF F$PARSE("WRK_SSLLIB:") .EQS. "" THEN -
-           CREATE/DIR/LOG WRK_SSLLIB:
-$       IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN -
-           CREATE/DIR/LOG WRK_SSLINCLUDE:
-$
-$       SDIRS := ,-
-                 _'ARCH',-
-                 OBJECTS,-
-                 MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,WHRLPOOL,-
-                 DES,AES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,-
-                 BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,-
-                 BUFFER,BIO,STACK,LHASH,RAND,ERR,-
-                 EVP,ASN1,PEM,X509,X509V3,CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,-
-                 UI,KRB5,-
-                 STORE,CMS,PQUEUE,TS,JPAKE
-$       EXHEADER_ := crypto.h,opensslv.h,ebcdic.h,symhacks.h,ossl_typ.h
-$       EXHEADER__'ARCH' := opensslconf.h
-$       EXHEADER_OBJECTS := objects.h,obj_mac.h
-$       EXHEADER_MD2 := md2.h
-$       EXHEADER_MD4 := md4.h
-$       EXHEADER_MD5 := md5.h
-$       EXHEADER_SHA := sha.h
-$       EXHEADER_MDC2 := mdc2.h
-$       EXHEADER_HMAC := hmac.h
-$       EXHEADER_RIPEMD := ripemd.h
-$       EXHEADER_WHRLPOOL := whrlpool.h
-$       EXHEADER_DES := des.h,des_old.h
-$       EXHEADER_AES := aes.h
-$       EXHEADER_RC2 := rc2.h
-$       EXHEADER_RC4 := rc4.h
-$       EXHEADER_RC5 := rc5.h
-$       EXHEADER_IDEA := idea.h
-$       EXHEADER_BF := blowfish.h
-$       EXHEADER_CAST := cast.h
-$       EXHEADER_CAMELLIA := camellia.h
-$       EXHEADER_SEED := seed.h
-$       EXHEADER_MODES := modes.h
-$       EXHEADER_BN := bn.h
-$       EXHEADER_EC := ec.h
-$       EXHEADER_RSA := rsa.h
-$       EXHEADER_DSA := dsa.h
-$       EXHEADER_ECDSA := ecdsa.h
-$       EXHEADER_DH := dh.h
-$       EXHEADER_ECDH := ecdh.h
-$       EXHEADER_DSO := dso.h
-$       EXHEADER_ENGINE := engine.h
-$       EXHEADER_BUFFER := buffer.h
-$       EXHEADER_BIO := bio.h
-$       EXHEADER_STACK := stack.h,safestack.h
-$       EXHEADER_LHASH := lhash.h
-$       EXHEADER_RAND := rand.h
-$       EXHEADER_ERR := err.h
-$       EXHEADER_EVP := evp.h
-$       EXHEADER_ASN1 := asn1.h,asn1_mac.h,asn1t.h
-$       EXHEADER_PEM := pem.h,pem2.h
-$       EXHEADER_X509 := x509.h,x509_vfy.h
-$       EXHEADER_X509V3 := x509v3.h
-$       EXHEADER_CONF := conf.h,conf_api.h
-$       EXHEADER_TXT_DB := txt_db.h
-$       EXHEADER_PKCS7 := pkcs7.h
-$       EXHEADER_PKCS12 := pkcs12.h
-$       EXHEADER_COMP := comp.h
-$       EXHEADER_OCSP := ocsp.h
-$       EXHEADER_UI := ui.h,ui_compat.h
-$       EXHEADER_KRB5 := krb5_asn.h
-$!      EXHEADER_STORE := store.h,str_compat.h
-$       EXHEADER_STORE := store.h
-$       EXHEADER_CMS := cms.h
-$       EXHEADER_PQUEUE := pqueue.h
-$       EXHEADER_TS := ts.h
-$       EXHEADER_JPAKE := jpake.h
-$       LIBS := LIBCRYPTO
-$
-$       EXE_DIR := [-.'ARCH'.EXE.CRYPTO]
-$
-$       I = 0
-$ LOOP_SDIRS: 
-$       D = F$EDIT(F$ELEMENT(I, ",", SDIRS),"TRIM")
-$       I = I + 1
-$       IF D .EQS. "," THEN GOTO LOOP_SDIRS_END
-$       tmp = EXHEADER_'D'
-$       IF D .EQS. ""
-$       THEN
-$         COPY 'tmp' WRK_SSLINCLUDE: /LOG
-$       ELSE
-$         IF D .EQS. "_''ARCH'"
-$         THEN
-$           COPY [-.'ARCH'.CRYPTO]'tmp' WRK_SSLINCLUDE: /LOG
-$         ELSE
-$           COPY [.'D']'tmp' WRK_SSLINCLUDE: /LOG
-$         ENDIF
-$       ENDIF
-$       SET FILE/PROT=WORLD:RE WRK_SSLINCLUDE:'tmp'
-$       GOTO LOOP_SDIRS
-$ LOOP_SDIRS_END:
-$
-$       I = 0
-$ LOOP_LIB: 
-$       E = F$EDIT(F$ELEMENT(I, ",", LIBS),"TRIM")
-$       I = I + 1
-$       IF E .EQS. "," THEN GOTO LOOP_LIB_END
-$       SET NOON
-$       IF F$SEARCH(EXE_DIR+E+".OLB") .NES. ""
-$       THEN
-$         COPY 'EXE_DIR''E'.OLB WRK_SSLLIB:'E'.OLB/log
-$         SET FILE/PROT=W:RE WRK_SSLLIB:'E'.OLB
-$       ENDIF
-$       ! Preparing for the time when we have shareable images
-$       IF F$SEARCH(EXE_DIR+E+".EXE") .NES. ""
-$       THEN
-$         COPY 'EXE_DIR''E'.EXE WRK_SSLLIB:'E'.EXE/log
-$         SET FILE/PROT=W:RE WRK_SSLLIB:'E'.EXE
-$       ENDIF
-$       SET ON
-$       GOTO LOOP_LIB
-$ LOOP_LIB_END:
-$
-$       EXIT
diff --git a/src/lib/libssl/src/crypto/md4/md4_dgst.c b/src/lib/libssl/src/crypto/md4/md4_dgst.c
index 82c2cb2d98..b5b165b052 100644
--- a/src/lib/libssl/src/crypto/md4/md4_dgst.c
+++ b/src/lib/libssl/src/crypto/md4/md4_dgst.c
@@ -106,22 +106,23 @@ void md4_block_data_order (MD4_CTX *c, const void *data_, size_t num)
 
         for (;num--;)
                 {
-        HOST_c2l(data,l); X( 0)=l;              HOST_c2l(data,l); X( 1)=l;
+        (void)HOST_c2l(data,l); X( 0)=l;
+        (void)HOST_c2l(data,l); X( 1)=l;
         /* Round 0 */
-        R0(A,B,C,D,X( 0), 3,0); HOST_c2l(data,l); X( 2)=l;
-        R0(D,A,B,C,X( 1), 7,0); HOST_c2l(data,l); X( 3)=l;
-        R0(C,D,A,B,X( 2),11,0); HOST_c2l(data,l); X( 4)=l;
-        R0(B,C,D,A,X( 3),19,0); HOST_c2l(data,l); X( 5)=l;
-        R0(A,B,C,D,X( 4), 3,0); HOST_c2l(data,l); X( 6)=l;
-        R0(D,A,B,C,X( 5), 7,0); HOST_c2l(data,l); X( 7)=l;
-        R0(C,D,A,B,X( 6),11,0); HOST_c2l(data,l); X( 8)=l;
-        R0(B,C,D,A,X( 7),19,0); HOST_c2l(data,l); X( 9)=l;
-        R0(A,B,C,D,X( 8), 3,0); HOST_c2l(data,l); X(10)=l;
-        R0(D,A,B,C,X( 9), 7,0); HOST_c2l(data,l); X(11)=l;
-        R0(C,D,A,B,X(10),11,0); HOST_c2l(data,l); X(12)=l;
-        R0(B,C,D,A,X(11),19,0); HOST_c2l(data,l); X(13)=l;
-        R0(A,B,C,D,X(12), 3,0); HOST_c2l(data,l); X(14)=l;
-        R0(D,A,B,C,X(13), 7,0); HOST_c2l(data,l); X(15)=l;
+        R0(A,B,C,D,X( 0), 3,0); (void)HOST_c2l(data,l); X( 2)=l;
+        R0(D,A,B,C,X( 1), 7,0); (void)HOST_c2l(data,l); X( 3)=l;
+        R0(C,D,A,B,X( 2),11,0); (void)HOST_c2l(data,l); X( 4)=l;
+        R0(B,C,D,A,X( 3),19,0); (void)HOST_c2l(data,l); X( 5)=l;
+        R0(A,B,C,D,X( 4), 3,0); (void)HOST_c2l(data,l); X( 6)=l;
+        R0(D,A,B,C,X( 5), 7,0); (void)HOST_c2l(data,l); X( 7)=l;
+        R0(C,D,A,B,X( 6),11,0); (void)HOST_c2l(data,l); X( 8)=l;
+        R0(B,C,D,A,X( 7),19,0); (void)HOST_c2l(data,l); X( 9)=l;
+        R0(A,B,C,D,X( 8), 3,0); (void)HOST_c2l(data,l); X(10)=l;
+        R0(D,A,B,C,X( 9), 7,0); (void)HOST_c2l(data,l); X(11)=l;
+        R0(C,D,A,B,X(10),11,0); (void)HOST_c2l(data,l); X(12)=l;
+        R0(B,C,D,A,X(11),19,0); (void)HOST_c2l(data,l); X(13)=l;
+        R0(A,B,C,D,X(12), 3,0); (void)HOST_c2l(data,l); X(14)=l;
+        R0(D,A,B,C,X(13), 7,0); (void)HOST_c2l(data,l); X(15)=l;
         R0(C,D,A,B,X(14),11,0);
         R0(B,C,D,A,X(15),19,0);
         /* Round 1 */
diff --git a/src/lib/libssl/src/crypto/md4/md4_locl.h b/src/lib/libssl/src/crypto/md4/md4_locl.h
index c8085b0ead..99c3e5004c 100644
--- a/src/lib/libssl/src/crypto/md4/md4_locl.h
+++ b/src/lib/libssl/src/crypto/md4/md4_locl.h
@@ -77,10 +77,10 @@ void md4_block_data_order (MD4_CTX *c, const void *p,size_t num);
 #define HASH_FINAL              MD4_Final
 #define HASH_MAKE_STRING(c,s)   do {    \
         unsigned long ll;               \
-        ll=(c)->A; HOST_l2c(ll,(s));    \
-        ll=(c)->B; HOST_l2c(ll,(s));    \
-        ll=(c)->C; HOST_l2c(ll,(s));    \
-        ll=(c)->D; HOST_l2c(ll,(s));    \
+        ll=(c)->A; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->B; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->C; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->D; (void)HOST_l2c(ll,(s));      \
         } while (0)
 #define HASH_BLOCK_DATA_ORDER   md4_block_data_order
 
diff --git a/src/lib/libssl/src/crypto/md5/md5_locl.h b/src/lib/libssl/src/crypto/md5/md5_locl.h
index 968d577995..74d63d1f9c 100644
--- a/src/lib/libssl/src/crypto/md5/md5_locl.h
+++ b/src/lib/libssl/src/crypto/md5/md5_locl.h
@@ -86,10 +86,10 @@ void md5_block_data_order (MD5_CTX *c, const void *p,size_t num);
 #define HASH_FINAL              MD5_Final
 #define HASH_MAKE_STRING(c,s)   do {    \
         unsigned long ll;               \
-        ll=(c)->A; HOST_l2c(ll,(s));    \
-        ll=(c)->B; HOST_l2c(ll,(s));    \
-        ll=(c)->C; HOST_l2c(ll,(s));    \
-        ll=(c)->D; HOST_l2c(ll,(s));    \
+        ll=(c)->A; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->B; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->C; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->D; (void)HOST_l2c(ll,(s));      \
         } while (0)
 #define HASH_BLOCK_DATA_ORDER   md5_block_data_order
 
diff --git a/src/lib/libssl/src/crypto/mdc2/mdc2dgst.c b/src/lib/libssl/src/crypto/mdc2/mdc2dgst.c
index b74bb1a759..d66ed6a1c6 100644
--- a/src/lib/libssl/src/crypto/mdc2/mdc2dgst.c
+++ b/src/lib/libssl/src/crypto/mdc2/mdc2dgst.c
@@ -59,9 +59,9 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <openssl/crypto.h>
 #include <openssl/des.h>
 #include <openssl/mdc2.h>
-#include <openssl/crypto.h>
 
 #undef c2l
 #define c2l(c,l)        (l =((DES_LONG)(*((c)++)))    , \
diff --git a/src/lib/libssl/src/crypto/mem.c b/src/lib/libssl/src/crypto/mem.c
index 24ccf729ca..55e829dc92 100644
--- a/src/lib/libssl/src/crypto/mem.c
+++ b/src/lib/libssl/src/crypto/mem.c
@@ -121,10 +121,10 @@ static void (*set_debug_options_func)(long) = NULL;
 static long (*get_debug_options_func)(void) = NULL;
 #endif
 
-
 int CRYPTO_set_mem_functions(void *(*m)(size_t), void *(*r)(void *, size_t),
         void (*f)(void *))
         {
+        /* Dummy call just to ensure OPENSSL_init() gets linked in */
         OPENSSL_init();
         if (!allow_customize)
                 return 0;
diff --git a/src/lib/libssl/src/crypto/modes/Makefile b/src/lib/libssl/src/crypto/modes/Makefile
index 3d8bafd571..c825b12f25 100644
--- a/src/lib/libssl/src/crypto/modes/Makefile
+++ b/src/lib/libssl/src/crypto/modes/Makefile
@@ -53,10 +53,7 @@ ghash-x86_64.s:	asm/ghash-x86_64.pl
 ghash-sparcv9.s:        asm/ghash-sparcv9.pl
         $(PERL) asm/ghash-sparcv9.pl $@ $(CFLAGS)
 ghash-alpha.s:  asm/ghash-alpha.pl
-        (preproc=/tmp/$$$$.$@; trap "rm $$preproc" INT; \
-        $(PERL) asm/ghash-alpha.pl > $$preproc && \
-        $(CC) -E $$preproc > $@ && rm $$preproc)
-
+        $(PERL) $< | $(CC) -E - | tee $@ > /dev/null
 ghash-parisc.s: asm/ghash-parisc.pl
         $(PERL) asm/ghash-parisc.pl $(PERLASM_SCHEME) $@
 
diff --git a/src/lib/libssl/src/crypto/objects/o_names.c b/src/lib/libssl/src/crypto/objects/o_names.c
index 84380a96a9..4a548c2ed4 100644
--- a/src/lib/libssl/src/crypto/objects/o_names.c
+++ b/src/lib/libssl/src/crypto/objects/o_names.c
@@ -73,7 +73,7 @@ int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),
                 name_funcs_stack=sk_NAME_FUNCS_new_null();
                 MemCheck_on();
                 }
-        if ((name_funcs_stack == NULL))
+        if (name_funcs_stack == NULL)
                 {
                 /* ERROR */
                 return(0);
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_vfy.c b/src/lib/libssl/src/crypto/ocsp/ocsp_vfy.c
index 91a45c9133..276718304d 100644
--- a/src/lib/libssl/src/crypto/ocsp/ocsp_vfy.c
+++ b/src/lib/libssl/src/crypto/ocsp/ocsp_vfy.c
@@ -111,6 +111,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
                         init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs);
                 if(!init_res)
                         {
+                        ret = -1;
                         OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB);
                         goto end;
                         }
diff --git a/src/lib/libssl/src/crypto/opensslv.h b/src/lib/libssl/src/crypto/opensslv.h
index 71be3590af..ebe7180723 100644
--- a/src/lib/libssl/src/crypto/opensslv.h
+++ b/src/lib/libssl/src/crypto/opensslv.h
@@ -25,11 +25,11 @@
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-#define OPENSSL_VERSION_NUMBER  0x1000103fL
+#define OPENSSL_VERSION_NUMBER  0x1000107fL
 #ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.1c-fips 10 May 2012"
+#define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.1g-fips 7 Apr 2014"
 #else
-#define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.1c 10 May 2012"
+#define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.1g 7 Apr 2014"
 #endif
 #define OPENSSL_VERSION_PTEXT   " part of " OPENSSL_VERSION_TEXT
 
diff --git a/src/lib/libssl/src/crypto/pem/pem_all.c b/src/lib/libssl/src/crypto/pem/pem_all.c
index 3e7a6093ad..eac0460e3e 100644
--- a/src/lib/libssl/src/crypto/pem/pem_all.c
+++ b/src/lib/libssl/src/crypto/pem/pem_all.c
@@ -193,7 +193,61 @@ RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb,
 
 #endif
 
+#ifdef OPENSSL_FIPS
+
+int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+        if (FIPS_mode())
+                {
+                EVP_PKEY *k;
+                int ret;
+                k = EVP_PKEY_new();
+                if (!k)
+                        return 0;
+                EVP_PKEY_set1_RSA(k, x);
+
+                ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
+                EVP_PKEY_free(k);
+                return ret;
+                }
+        else
+                return PEM_ASN1_write_bio((i2d_of_void *)i2d_RSAPrivateKey,
+                                        PEM_STRING_RSA,bp,x,enc,kstr,klen,cb,u);
+}
+
+#ifndef OPENSSL_NO_FP_API
+int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+        if (FIPS_mode())
+                {
+                EVP_PKEY *k;
+                int ret;
+                k = EVP_PKEY_new();
+                if (!k)
+                        return 0;
+
+                EVP_PKEY_set1_RSA(k, x);
+
+                ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
+                EVP_PKEY_free(k);
+                return ret;
+                }
+        else
+                return PEM_ASN1_write((i2d_of_void *)i2d_RSAPrivateKey,
+                                        PEM_STRING_RSA,fp,x,enc,kstr,klen,cb,u);
+}
+#endif
+
+#else
+
 IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)
+
+#endif
+
 IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)
 IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)
 
@@ -223,7 +277,59 @@ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb,
         return pkey_get_dsa(pktmp, dsa);        /* will free pktmp */
 }
 
+#ifdef OPENSSL_FIPS
+
+int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+        if (FIPS_mode())
+                {
+                EVP_PKEY *k;
+                int ret;
+                k = EVP_PKEY_new();
+                if (!k)
+                        return 0;
+                EVP_PKEY_set1_DSA(k, x);
+
+                ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
+                EVP_PKEY_free(k);
+                return ret;
+                }
+        else
+                return PEM_ASN1_write_bio((i2d_of_void *)i2d_DSAPrivateKey,
+                                        PEM_STRING_DSA,bp,x,enc,kstr,klen,cb,u);
+}
+
+#ifndef OPENSSL_NO_FP_API
+int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+        if (FIPS_mode())
+                {
+                EVP_PKEY *k;
+                int ret;
+                k = EVP_PKEY_new();
+                if (!k)
+                        return 0;
+                EVP_PKEY_set1_DSA(k, x);
+                ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
+                EVP_PKEY_free(k);
+                return ret;
+                }
+        else
+                return PEM_ASN1_write((i2d_of_void *)i2d_DSAPrivateKey,
+                                        PEM_STRING_DSA,fp,x,enc,kstr,klen,cb,u);
+}
+#endif
+
+#else
+
 IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)
+
+#endif
+
 IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)
 
 #ifndef OPENSSL_NO_FP_API
@@ -269,8 +375,63 @@ EC_KEY *PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb,
 
 IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, ECPKParameters)
 
+
+
+#ifdef OPENSSL_FIPS
+
+int PEM_write_bio_ECPrivateKey(BIO *bp, EC_KEY *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+        if (FIPS_mode())
+                {
+                EVP_PKEY *k;
+                int ret;
+                k = EVP_PKEY_new();
+                if (!k)
+                        return 0;
+                EVP_PKEY_set1_EC_KEY(k, x);
+
+                ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
+                EVP_PKEY_free(k);
+                return ret;
+                }
+        else
+                return PEM_ASN1_write_bio((i2d_of_void *)i2d_ECPrivateKey,
+                                                PEM_STRING_ECPRIVATEKEY,
+                                                bp,x,enc,kstr,klen,cb,u);
+}
+
+#ifndef OPENSSL_NO_FP_API
+int PEM_write_ECPrivateKey(FILE *fp, EC_KEY *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+        if (FIPS_mode())
+                {
+                EVP_PKEY *k;
+                int ret;
+                k = EVP_PKEY_new();
+                if (!k)
+                        return 0;
+                EVP_PKEY_set1_EC_KEY(k, x);
+                ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
+                EVP_PKEY_free(k);
+                return ret;
+                }
+        else
+                return PEM_ASN1_write((i2d_of_void *)i2d_ECPrivateKey,
+                                                PEM_STRING_ECPRIVATEKEY,
+                                                fp,x,enc,kstr,klen,cb,u);
+}
+#endif
+
+#else
+
 IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ECPrivateKey)
 
+#endif
+
 IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY)
 
 #ifndef OPENSSL_NO_FP_API
diff --git a/src/lib/libssl/src/crypto/pem/pem_info.c b/src/lib/libssl/src/crypto/pem/pem_info.c
index 1b2be527ed..cc7f24a9c1 100644
--- a/src/lib/libssl/src/crypto/pem/pem_info.c
+++ b/src/lib/libssl/src/crypto/pem/pem_info.c
@@ -167,6 +167,7 @@ start:
 #ifndef OPENSSL_NO_RSA
                         if (strcmp(name,PEM_STRING_RSA) == 0)
                         {
+                        d2i=(D2I_OF(void))d2i_RSAPrivateKey;
                         if (xi->x_pkey != NULL) 
                                 {
                                 if (!sk_X509_INFO_push(ret,xi)) goto err;
diff --git a/src/lib/libssl/src/crypto/pem/pem_lib.c b/src/lib/libssl/src/crypto/pem/pem_lib.c
index cfc89a9921..5a421fc4b6 100644
--- a/src/lib/libssl/src/crypto/pem/pem_lib.c
+++ b/src/lib/libssl/src/crypto/pem/pem_lib.c
@@ -394,7 +394,8 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
                         goto err;
                 /* The 'iv' is used as the iv and as a salt.  It is
                  * NOT taken from the BytesToKey function */
-                EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);
+                if (!EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL))
+                        goto err;
 
                 if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE);
 
@@ -406,12 +407,15 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
                 /* k=strlen(buf); */
 
                 EVP_CIPHER_CTX_init(&ctx);
-                EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv);
-                EVP_EncryptUpdate(&ctx,data,&j,data,i);
-                EVP_EncryptFinal_ex(&ctx,&(data[j]),&i);
+                ret = 1;
+                if (!EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv)
+                        || !EVP_EncryptUpdate(&ctx,data,&j,data,i)
+                        || !EVP_EncryptFinal_ex(&ctx,&(data[j]),&i))
+                        ret = 0;
                 EVP_CIPHER_CTX_cleanup(&ctx);
+                if (ret == 0)
+                        goto err;
                 i+=j;
-                ret=1;
                 }
         else
                 {
@@ -459,14 +463,17 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
         ebcdic2ascii(buf, buf, klen);
 #endif
 
-        EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]),
-                (unsigned char *)buf,klen,1,key,NULL);
+        if (!EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]),
+                (unsigned char *)buf,klen,1,key,NULL))
+                return 0;
 
         j=(int)len;
         EVP_CIPHER_CTX_init(&ctx);
-        EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0]));
-        EVP_DecryptUpdate(&ctx,data,&i,data,j);
-        o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);
+        o = EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0]));
+        if (o)
+                o = EVP_DecryptUpdate(&ctx,data,&i,data,j);
+        if (o)
+                o = EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);
         EVP_CIPHER_CTX_cleanup(&ctx);
         OPENSSL_cleanse((char *)buf,sizeof(buf));
         OPENSSL_cleanse((char *)key,sizeof(key));
diff --git a/src/lib/libssl/src/crypto/pem/pem_seal.c b/src/lib/libssl/src/crypto/pem/pem_seal.c
index 59690b56ae..b6b4e13498 100644
--- a/src/lib/libssl/src/crypto/pem/pem_seal.c
+++ b/src/lib/libssl/src/crypto/pem/pem_seal.c
@@ -96,7 +96,8 @@ int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
         EVP_EncodeInit(&ctx->encode);
 
         EVP_MD_CTX_init(&ctx->md);
-        EVP_SignInit(&ctx->md,md_type);
+        if (!EVP_SignInit(&ctx->md,md_type))
+                goto err;
 
         EVP_CIPHER_CTX_init(&ctx->cipher);
         ret=EVP_SealInit(&ctx->cipher,type,ek,ekl,iv,pubk,npubk);
@@ -163,7 +164,8 @@ int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
                 goto err;
                 }
 
-        EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i);
+        if (!EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i))
+                goto err;
         EVP_EncodeUpdate(&ctx->encode,out,&j,s,i);
         *outl=j;
         out+=j;
diff --git a/src/lib/libssl/src/crypto/perlasm/cbc.pl b/src/lib/libssl/src/crypto/perlasm/cbc.pl
index 6fc2510905..24561e759a 100644
--- a/src/lib/libssl/src/crypto/perlasm/cbc.pl
+++ b/src/lib/libssl/src/crypto/perlasm/cbc.pl
@@ -150,7 +150,7 @@ sub cbc
 &set_label("PIC_point");
         &blindpop("edx");
         &lea("ecx",&DWP(&label("cbc_enc_jmp_table")."-".&label("PIC_point"),"edx"));
-        &mov($count,&DWP(0,"ecx",$count,4))
+        &mov($count,&DWP(0,"ecx",$count,4));
         &add($count,"edx");
         &xor("ecx","ecx");
         &xor("edx","edx");
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_crt.c b/src/lib/libssl/src/crypto/pkcs12/p12_crt.c
index 96b131defa..a34915d02d 100644
--- a/src/lib/libssl/src/crypto/pkcs12/p12_crt.c
+++ b/src/lib/libssl/src/crypto/pkcs12/p12_crt.c
@@ -90,7 +90,14 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
 
         /* Set defaults */
         if (!nid_cert)
+                {
+#ifdef OPENSSL_FIPS
+                if (FIPS_mode())
+                        nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+                else
+#endif
                 nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
+                }
         if (!nid_key)
                 nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
         if (!iter)
diff --git a/src/lib/libssl/src/crypto/pkcs12/p12_key.c b/src/lib/libssl/src/crypto/pkcs12/p12_key.c
index c55c7b60b3..61d58502fd 100644
--- a/src/lib/libssl/src/crypto/pkcs12/p12_key.c
+++ b/src/lib/libssl/src/crypto/pkcs12/p12_key.c
@@ -176,24 +176,32 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
                 out += u;
                 for (j = 0; j < v; j++) B[j] = Ai[j % u];
                 /* Work out B + 1 first then can use B as tmp space */
-                if (!BN_bin2bn (B, v, Bpl1)) goto err;
-                if (!BN_add_word (Bpl1, 1)) goto err;
+                if (!BN_bin2bn (B, v, Bpl1))
+                        goto err;
+                if (!BN_add_word (Bpl1, 1))
+                        goto err;
                 for (j = 0; j < Ilen ; j+=v) {
-                        if (!BN_bin2bn (I + j, v, Ij)) goto err;
-                        if (!BN_add (Ij, Ij, Bpl1)) goto err;
-                        BN_bn2bin (Ij, B);
+                        if (!BN_bin2bn(I + j, v, Ij))
+                                goto err;
+                        if (!BN_add(Ij, Ij, Bpl1))
+                                goto err;
+                        if (!BN_bn2bin(Ij, B))
+                                goto err;
                         Ijlen = BN_num_bytes (Ij);
                         /* If more than 2^(v*8) - 1 cut off MSB */
                         if (Ijlen > v) {
-                                BN_bn2bin (Ij, B);
+                                if (!BN_bn2bin (Ij, B))
+                                        goto err;
                                 memcpy (I + j, B + 1, v);
 #ifndef PKCS12_BROKEN_KEYGEN
                         /* If less than v bytes pad with zeroes */
                         } else if (Ijlen < v) {
                                 memset(I + j, 0, v - Ijlen);
-                                BN_bn2bin(Ij, I + j + v - Ijlen); 
+                                if (!BN_bn2bin(Ij, I + j + v - Ijlen))
+                                        goto err;
 #endif
-                        } else BN_bn2bin (Ij, I + j);
+                        } else if (!BN_bn2bin (Ij, I + j))
+                                goto err;
                 }
         }
 
diff --git a/src/lib/libssl/src/crypto/rand/md_rand.c b/src/lib/libssl/src/crypto/rand/md_rand.c
index fcdd3f2a84..aee1c30b0a 100644
--- a/src/lib/libssl/src/crypto/rand/md_rand.c
+++ b/src/lib/libssl/src/crypto/rand/md_rand.c
@@ -123,10 +123,10 @@
 
 #include "e_os.h"
 
+#include <openssl/crypto.h>
 #include <openssl/rand.h>
 #include "rand_lcl.h"
 
-#include <openssl/crypto.h>
 #include <openssl/err.h>
 
 #ifdef BN_DEBUG
@@ -198,6 +198,9 @@ static void ssleay_rand_add(const void *buf, int num, double add)
         EVP_MD_CTX m;
         int do_not_lock;
 
+        if (!num)
+                return;
+
         /*
          * (Based on the rand(3) manpage)
          *
@@ -380,8 +383,11 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
          * are fed into the hash function and the results are kept in the
          * global 'md'.
          */
-
-        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+#ifdef OPENSSL_FIPS
+        /* NB: in FIPS mode we are already under a lock */
+        if (!FIPS_mode())
+#endif
+                CRYPTO_w_lock(CRYPTO_LOCK_RAND);
 
         /* prevent ssleay_rand_bytes() from trying to obtain the lock again */
         CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
@@ -460,7 +466,10 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
 
         /* before unlocking, we must clear 'crypto_lock_rand' */
         crypto_lock_rand = 0;
-        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+#ifdef OPENSSL_FIPS
+        if (!FIPS_mode())
+#endif
+                CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
 
         while (num > 0)
                 {
@@ -512,10 +521,16 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
         MD_Init(&m);
         MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
         MD_Update(&m,local_md,MD_DIGEST_LENGTH);
-        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+#ifdef OPENSSL_FIPS
+        if (!FIPS_mode())
+#endif
+                CRYPTO_w_lock(CRYPTO_LOCK_RAND);
         MD_Update(&m,md,MD_DIGEST_LENGTH);
         MD_Final(&m,md);
-        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+#ifdef OPENSSL_FIPS
+        if (!FIPS_mode())
+#endif
+                CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
 
         EVP_MD_CTX_cleanup(&m);
         if (ok)
diff --git a/src/lib/libssl/src/crypto/rand/rand.h b/src/lib/libssl/src/crypto/rand/rand.h
index dc8fcf94c5..bb5520e80a 100644
--- a/src/lib/libssl/src/crypto/rand/rand.h
+++ b/src/lib/libssl/src/crypto/rand/rand.h
@@ -138,6 +138,7 @@ void ERR_load_RAND_strings(void);
 #define RAND_F_SSLEAY_RAND_BYTES                         100
 
 /* Reason codes. */
+#define RAND_R_DUAL_EC_DRBG_DISABLED                     104
 #define RAND_R_ERROR_INITIALISING_DRBG                   102
 #define RAND_R_ERROR_INSTANTIATING_DRBG                  103
 #define RAND_R_NO_FIPS_RANDOM_METHOD_SET                 101
diff --git a/src/lib/libssl/src/crypto/rand/rand_err.c b/src/lib/libssl/src/crypto/rand/rand_err.c
index b8586c8f4a..c4c80fc8cc 100644
--- a/src/lib/libssl/src/crypto/rand/rand_err.c
+++ b/src/lib/libssl/src/crypto/rand/rand_err.c
@@ -78,6 +78,7 @@ static ERR_STRING_DATA RAND_str_functs[]=
 
 static ERR_STRING_DATA RAND_str_reasons[]=
         {
+{ERR_REASON(RAND_R_DUAL_EC_DRBG_DISABLED),"dual ec drbg disabled"},
 {ERR_REASON(RAND_R_ERROR_INITIALISING_DRBG),"error initialising drbg"},
 {ERR_REASON(RAND_R_ERROR_INSTANTIATING_DRBG),"error instantiating drbg"},
 {ERR_REASON(RAND_R_NO_FIPS_RANDOM_METHOD_SET),"no fips random method set"},
diff --git a/src/lib/libssl/src/crypto/rand/rand_lib.c b/src/lib/libssl/src/crypto/rand/rand_lib.c
index daf1dab973..5ac0e14caf 100644
--- a/src/lib/libssl/src/crypto/rand/rand_lib.c
+++ b/src/lib/libssl/src/crypto/rand/rand_lib.c
@@ -210,8 +210,11 @@ static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout,
 
 static void drbg_free_entropy(DRBG_CTX *ctx, unsigned char *out, size_t olen)
         {
-        OPENSSL_cleanse(out, olen);
-        OPENSSL_free(out);
+        if (out)
+                {
+                OPENSSL_cleanse(out, olen);
+                OPENSSL_free(out);
+                }
         }
 
 /* Set "additional input" when generating random data. This uses the
@@ -266,6 +269,14 @@ int RAND_init_fips(void)
         DRBG_CTX *dctx;
         size_t plen;
         unsigned char pers[32], *p;
+#ifndef OPENSSL_ALLOW_DUAL_EC_DRBG
+        if (fips_drbg_type >> 16)
+                {
+                RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_DUAL_EC_DRBG_DISABLED);
+                return 0;
+                }
+#endif
+                
         dctx = FIPS_get_default_drbg();
         if (FIPS_drbg_init(dctx, fips_drbg_type, fips_drbg_flags) <= 0)
                 {
diff --git a/src/lib/libssl/src/crypto/rand/rand_win.c b/src/lib/libssl/src/crypto/rand/rand_win.c
index 5d134e186b..34ffcd23f9 100644
--- a/src/lib/libssl/src/crypto/rand/rand_win.c
+++ b/src/lib/libssl/src/crypto/rand/rand_win.c
@@ -750,7 +750,7 @@ static void readscreen(void)
   int           y;              /* y-coordinate of screen lines to grab */
   int           n = 16;         /* number of screen lines to grab at a time */
 
-  if (GetVersion() < 0x80000000 && OPENSSL_isservice()>0)
+  if (check_winnt() && OPENSSL_isservice()>0)
     return;
 
   /* Create a screen DC and a memory DC compatible to screen DC */
diff --git a/src/lib/libssl/src/crypto/rand/randfile.c b/src/lib/libssl/src/crypto/rand/randfile.c
index 030e07f418..7f1428072d 100644
--- a/src/lib/libssl/src/crypto/rand/randfile.c
+++ b/src/lib/libssl/src/crypto/rand/randfile.c
@@ -57,7 +57,9 @@
  */
 
 /* We need to define this to get macros like S_IFBLK and S_IFCHR */
+#if !defined(OPENSSL_SYS_VXWORKS)
 #define _XOPEN_SOURCE 500
+#endif
 
 #include <errno.h>
 #include <stdio.h>
diff --git a/src/lib/libssl/src/crypto/rc4/asm/rc4-x86_64.pl b/src/lib/libssl/src/crypto/rc4/asm/rc4-x86_64.pl
index d6eac205e9..75750dbf33 100755
--- a/src/lib/libssl/src/crypto/rc4/asm/rc4-x86_64.pl
+++ b/src/lib/libssl/src/crypto/rc4/asm/rc4-x86_64.pl
@@ -112,7 +112,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 
-open STDOUT,"| $^X $xlate $flavour $output";
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
 
 $dat="%rdi";        # arg1
 $len="%rsi";        # arg2
diff --git a/src/lib/libssl/src/crypto/rc4/rc4test.c b/src/lib/libssl/src/crypto/rc4/rc4test.c
index 633a79e758..4312605ccb 100644
--- a/src/lib/libssl/src/crypto/rc4/rc4test.c
+++ b/src/lib/libssl/src/crypto/rc4/rc4test.c
@@ -120,6 +120,12 @@ int main(int argc, char *argv[])
         RC4_KEY key;
         unsigned char obuf[512];
 
+#if !defined(OPENSSL_PIC)
+        void OPENSSL_cpuid_setup(void);
+
+        OPENSSL_cpuid_setup();
+#endif
+
         for (i=0; i<6; i++)
                 {
                 RC4_set_key(&key,keys[i][0],&(keys[i][1]));
diff --git a/src/lib/libssl/src/crypto/ripemd/rmd_dgst.c b/src/lib/libssl/src/crypto/ripemd/rmd_dgst.c
index 9ff1a0705e..d8e72da51b 100644
--- a/src/lib/libssl/src/crypto/ripemd/rmd_dgst.c
+++ b/src/lib/libssl/src/crypto/ripemd/rmd_dgst.c
@@ -88,7 +88,7 @@ fips_md_init(RIPEMD160)
 void ripemd160_block_data_order (RIPEMD160_CTX *ctx, const void *p, size_t num)
         {
         const unsigned char *data=p;
-        register volatile unsigned MD32_REG_T A,B,C,D,E;
+        register unsigned MD32_REG_T A,B,C,D,E;
         unsigned MD32_REG_T a,b,c,d,e,l;
 #ifndef MD32_XARRAY
         /* See comment in crypto/sha/sha_locl.h for details. */
@@ -105,21 +105,21 @@ void ripemd160_block_data_order (RIPEMD160_CTX *ctx, const void *p, size_t num)
 
         A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E;
 
-        HOST_c2l(data,l); X( 0)=l;      HOST_c2l(data,l); X( 1)=l;
-        RIP1(A,B,C,D,E,WL00,SL00);      HOST_c2l(data,l); X( 2)=l;
-        RIP1(E,A,B,C,D,WL01,SL01);      HOST_c2l(data,l); X( 3)=l;
-        RIP1(D,E,A,B,C,WL02,SL02);      HOST_c2l(data,l); X( 4)=l;
-        RIP1(C,D,E,A,B,WL03,SL03);      HOST_c2l(data,l); X( 5)=l;
-        RIP1(B,C,D,E,A,WL04,SL04);      HOST_c2l(data,l); X( 6)=l;
-        RIP1(A,B,C,D,E,WL05,SL05);      HOST_c2l(data,l); X( 7)=l;
-        RIP1(E,A,B,C,D,WL06,SL06);      HOST_c2l(data,l); X( 8)=l;
-        RIP1(D,E,A,B,C,WL07,SL07);      HOST_c2l(data,l); X( 9)=l;
-        RIP1(C,D,E,A,B,WL08,SL08);      HOST_c2l(data,l); X(10)=l;
-        RIP1(B,C,D,E,A,WL09,SL09);      HOST_c2l(data,l); X(11)=l;
-        RIP1(A,B,C,D,E,WL10,SL10);      HOST_c2l(data,l); X(12)=l;
-        RIP1(E,A,B,C,D,WL11,SL11);      HOST_c2l(data,l); X(13)=l;
-        RIP1(D,E,A,B,C,WL12,SL12);      HOST_c2l(data,l); X(14)=l;
-        RIP1(C,D,E,A,B,WL13,SL13);      HOST_c2l(data,l); X(15)=l;
+        (void)HOST_c2l(data,l); X( 0)=l;(void)HOST_c2l(data,l); X( 1)=l;
+        RIP1(A,B,C,D,E,WL00,SL00);      (void)HOST_c2l(data,l); X( 2)=l;
+        RIP1(E,A,B,C,D,WL01,SL01);      (void)HOST_c2l(data,l); X( 3)=l;
+        RIP1(D,E,A,B,C,WL02,SL02);      (void)HOST_c2l(data,l); X( 4)=l;
+        RIP1(C,D,E,A,B,WL03,SL03);      (void)HOST_c2l(data,l); X( 5)=l;
+        RIP1(B,C,D,E,A,WL04,SL04);      (void)HOST_c2l(data,l); X( 6)=l;
+        RIP1(A,B,C,D,E,WL05,SL05);      (void)HOST_c2l(data,l); X( 7)=l;
+        RIP1(E,A,B,C,D,WL06,SL06);      (void)HOST_c2l(data,l); X( 8)=l;
+        RIP1(D,E,A,B,C,WL07,SL07);      (void)HOST_c2l(data,l); X( 9)=l;
+        RIP1(C,D,E,A,B,WL08,SL08);      (void)HOST_c2l(data,l); X(10)=l;
+        RIP1(B,C,D,E,A,WL09,SL09);      (void)HOST_c2l(data,l); X(11)=l;
+        RIP1(A,B,C,D,E,WL10,SL10);      (void)HOST_c2l(data,l); X(12)=l;
+        RIP1(E,A,B,C,D,WL11,SL11);      (void)HOST_c2l(data,l); X(13)=l;
+        RIP1(D,E,A,B,C,WL12,SL12);      (void)HOST_c2l(data,l); X(14)=l;
+        RIP1(C,D,E,A,B,WL13,SL13);      (void)HOST_c2l(data,l); X(15)=l;
         RIP1(B,C,D,E,A,WL14,SL14);
         RIP1(A,B,C,D,E,WL15,SL15);
 
diff --git a/src/lib/libssl/src/crypto/ripemd/rmd_locl.h b/src/lib/libssl/src/crypto/ripemd/rmd_locl.h
index f14b346e66..2bd8957d14 100644
--- a/src/lib/libssl/src/crypto/ripemd/rmd_locl.h
+++ b/src/lib/libssl/src/crypto/ripemd/rmd_locl.h
@@ -88,11 +88,11 @@ void ripemd160_block_data_order (RIPEMD160_CTX *c, const void *p,size_t num);
 #define HASH_FINAL              RIPEMD160_Final
 #define HASH_MAKE_STRING(c,s)   do {    \
         unsigned long ll;               \
-        ll=(c)->A; HOST_l2c(ll,(s));    \
-        ll=(c)->B; HOST_l2c(ll,(s));    \
-        ll=(c)->C; HOST_l2c(ll,(s));    \
-        ll=(c)->D; HOST_l2c(ll,(s));    \
-        ll=(c)->E; HOST_l2c(ll,(s));    \
+        ll=(c)->A; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->B; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->C; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->D; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->E; (void)HOST_l2c(ll,(s));      \
         } while (0)
 #define HASH_BLOCK_DATA_ORDER   ripemd160_block_data_order
 
diff --git a/src/lib/libssl/src/crypto/rsa/rsa.h b/src/lib/libssl/src/crypto/rsa/rsa.h
index 4814a2fc15..5f269e577a 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa.h
+++ b/src/lib/libssl/src/crypto/rsa/rsa.h
@@ -280,7 +280,7 @@ struct rsa_st
 
 RSA *   RSA_new(void);
 RSA *   RSA_new_method(ENGINE *engine);
-int     RSA_size(const RSA *);
+int     RSA_size(const RSA *rsa);
 
 /* Deprecated version */
 #ifndef OPENSSL_NO_DEPRECATED
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_chk.c b/src/lib/libssl/src/crypto/rsa/rsa_chk.c
index 9d848db8c6..cc30e77132 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_chk.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_chk.c
@@ -59,6 +59,12 @@ int RSA_check_key(const RSA *key)
         BN_CTX *ctx;
         int r;
         int ret=1;
+
+        if (!key->p || !key->q || !key->n || !key->e || !key->d)
+                {
+                RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_VALUE_MISSING);
+                return 0;
+                }
         
         i = BN_new();
         j = BN_new();
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_eay.c b/src/lib/libssl/src/crypto/rsa/rsa_eay.c
index 2e1ddd48d3..88ee2cb557 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_eay.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_eay.c
@@ -847,12 +847,12 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
         if (!BN_mod(r0,pr1,rsa->p,ctx)) goto err;
 
         /* If p < q it is occasionally possible for the correction of
-         * adding 'p' if r0 is negative above to leave the result still
+         * adding 'p' if r0 is negative above to leave the result still
          * negative. This can break the private key operations: the following
          * second correction should *always* correct this rare occurrence.
          * This will *never* happen with OpenSSL generated keys because
-         * they ensure p > q [steve]
-         */
+         * they ensure p > q [steve]
+         */
         if (BN_is_negative(r0))
                 if (!BN_add(r0,r0,rsa->p)) goto err;
         if (!BN_mul(r1,r0,rsa->q,ctx)) goto err;
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_oaep.c b/src/lib/libssl/src/crypto/rsa/rsa_oaep.c
index e08ac151ff..af4d24a56e 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_oaep.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_oaep.c
@@ -149,7 +149,7 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
         if (!EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL))
                 return -1;
 
-        if (timingsafe_bcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)
+        if (CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)
                 goto decoding_err;
         else
                 {
diff --git a/src/lib/libssl/src/crypto/sha/Makefile b/src/lib/libssl/src/crypto/sha/Makefile
index 2eb2b7af99..6d191d3936 100644
--- a/src/lib/libssl/src/crypto/sha/Makefile
+++ b/src/lib/libssl/src/crypto/sha/Makefile
@@ -60,9 +60,7 @@ sha256-armv4.S: asm/sha256-armv4.pl
         $(PERL) $< $(PERLASM_SCHEME) $@
 
 sha1-alpha.s:   asm/sha1-alpha.pl
-        (preproc=/tmp/$$$$.$@; trap "rm $$preproc" INT; \
-        $(PERL) asm/sha1-alpha.pl > $$preproc && \
-        $(CC) -E $$preproc > $@ && rm $$preproc)
+        $(PERL) $< | $(CC) -E - | tee $@ > /dev/null
 
 # Solaris make has to be explicitly told
 sha1-x86_64.s:  asm/sha1-x86_64.pl;     $(PERL) asm/sha1-x86_64.pl $(PERLASM_SCHEME) > $@
diff --git a/src/lib/libssl/src/crypto/sha/sha1_one.c b/src/lib/libssl/src/crypto/sha/sha1_one.c
index 7c65b60276..c56ec94020 100644
--- a/src/lib/libssl/src/crypto/sha/sha1_one.c
+++ b/src/lib/libssl/src/crypto/sha/sha1_one.c
@@ -58,8 +58,8 @@
 
 #include <stdio.h>
 #include <string.h>
-#include <openssl/sha.h>
 #include <openssl/crypto.h>
+#include <openssl/sha.h>
 
 #ifndef OPENSSL_NO_SHA1
 unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md)
diff --git a/src/lib/libssl/src/crypto/sha/sha1dgst.c b/src/lib/libssl/src/crypto/sha/sha1dgst.c
index 81219af088..a98690225f 100644
--- a/src/lib/libssl/src/crypto/sha/sha1dgst.c
+++ b/src/lib/libssl/src/crypto/sha/sha1dgst.c
@@ -56,8 +56,8 @@
  * [including the GNU Public Licence.]
  */
 
-#include <openssl/opensslconf.h>
 #include <openssl/crypto.h>
+#include <openssl/opensslconf.h>
 #if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA)
 
 #undef  SHA_0
diff --git a/src/lib/libssl/src/crypto/sha/sha_dgst.c b/src/lib/libssl/src/crypto/sha/sha_dgst.c
index c946ad827d..fb63b17ff2 100644
--- a/src/lib/libssl/src/crypto/sha/sha_dgst.c
+++ b/src/lib/libssl/src/crypto/sha/sha_dgst.c
@@ -56,8 +56,8 @@
  * [including the GNU Public Licence.]
  */
 
-#include <openssl/opensslconf.h>
 #include <openssl/crypto.h>
+#include <openssl/opensslconf.h>
 #if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA)
 
 #undef  SHA_1
diff --git a/src/lib/libssl/src/crypto/sha/sha_locl.h b/src/lib/libssl/src/crypto/sha/sha_locl.h
index 7a0c3ca8d8..d673255f78 100644
--- a/src/lib/libssl/src/crypto/sha/sha_locl.h
+++ b/src/lib/libssl/src/crypto/sha/sha_locl.h
@@ -69,11 +69,11 @@
 #define HASH_CBLOCK             SHA_CBLOCK
 #define HASH_MAKE_STRING(c,s)   do {    \
         unsigned long ll;               \
-        ll=(c)->h0; HOST_l2c(ll,(s));   \
-        ll=(c)->h1; HOST_l2c(ll,(s));   \
-        ll=(c)->h2; HOST_l2c(ll,(s));   \
-        ll=(c)->h3; HOST_l2c(ll,(s));   \
-        ll=(c)->h4; HOST_l2c(ll,(s));   \
+        ll=(c)->h0; (void)HOST_l2c(ll,(s));     \
+        ll=(c)->h1; (void)HOST_l2c(ll,(s));     \
+        ll=(c)->h2; (void)HOST_l2c(ll,(s));     \
+        ll=(c)->h3; (void)HOST_l2c(ll,(s));     \
+        ll=(c)->h4; (void)HOST_l2c(ll,(s));     \
         } while (0)
 
 #if defined(SHA_0)
@@ -256,21 +256,21 @@ static void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num)
                 }
         else
                 {
-                HOST_c2l(data,l); X( 0)=l;              HOST_c2l(data,l); X( 1)=l;
-                BODY_00_15( 0,A,B,C,D,E,T,X( 0));       HOST_c2l(data,l); X( 2)=l;
-                BODY_00_15( 1,T,A,B,C,D,E,X( 1));       HOST_c2l(data,l); X( 3)=l;
-                BODY_00_15( 2,E,T,A,B,C,D,X( 2));       HOST_c2l(data,l); X( 4)=l;
-                BODY_00_15( 3,D,E,T,A,B,C,X( 3));       HOST_c2l(data,l); X( 5)=l;
-                BODY_00_15( 4,C,D,E,T,A,B,X( 4));       HOST_c2l(data,l); X( 6)=l;
-                BODY_00_15( 5,B,C,D,E,T,A,X( 5));       HOST_c2l(data,l); X( 7)=l;
-                BODY_00_15( 6,A,B,C,D,E,T,X( 6));       HOST_c2l(data,l); X( 8)=l;
-                BODY_00_15( 7,T,A,B,C,D,E,X( 7));       HOST_c2l(data,l); X( 9)=l;
-                BODY_00_15( 8,E,T,A,B,C,D,X( 8));       HOST_c2l(data,l); X(10)=l;
-                BODY_00_15( 9,D,E,T,A,B,C,X( 9));       HOST_c2l(data,l); X(11)=l;
-                BODY_00_15(10,C,D,E,T,A,B,X(10));       HOST_c2l(data,l); X(12)=l;
-                BODY_00_15(11,B,C,D,E,T,A,X(11));       HOST_c2l(data,l); X(13)=l;
-                BODY_00_15(12,A,B,C,D,E,T,X(12));       HOST_c2l(data,l); X(14)=l;
-                BODY_00_15(13,T,A,B,C,D,E,X(13));       HOST_c2l(data,l); X(15)=l;
+                (void)HOST_c2l(data,l); X( 0)=l;        (void)HOST_c2l(data,l); X( 1)=l;
+                BODY_00_15( 0,A,B,C,D,E,T,X( 0));       (void)HOST_c2l(data,l); X( 2)=l;
+                BODY_00_15( 1,T,A,B,C,D,E,X( 1));       (void)HOST_c2l(data,l); X( 3)=l;
+                BODY_00_15( 2,E,T,A,B,C,D,X( 2));       (void)HOST_c2l(data,l); X( 4)=l;
+                BODY_00_15( 3,D,E,T,A,B,C,X( 3));       (void)HOST_c2l(data,l); X( 5)=l;
+                BODY_00_15( 4,C,D,E,T,A,B,X( 4));       (void)HOST_c2l(data,l); X( 6)=l;
+                BODY_00_15( 5,B,C,D,E,T,A,X( 5));       (void)HOST_c2l(data,l); X( 7)=l;
+                BODY_00_15( 6,A,B,C,D,E,T,X( 6));       (void)HOST_c2l(data,l); X( 8)=l;
+                BODY_00_15( 7,T,A,B,C,D,E,X( 7));       (void)HOST_c2l(data,l); X( 9)=l;
+                BODY_00_15( 8,E,T,A,B,C,D,X( 8));       (void)HOST_c2l(data,l); X(10)=l;
+                BODY_00_15( 9,D,E,T,A,B,C,X( 9));       (void)HOST_c2l(data,l); X(11)=l;
+                BODY_00_15(10,C,D,E,T,A,B,X(10));       (void)HOST_c2l(data,l); X(12)=l;
+                BODY_00_15(11,B,C,D,E,T,A,X(11));       (void)HOST_c2l(data,l); X(13)=l;
+                BODY_00_15(12,A,B,C,D,E,T,X(12));       (void)HOST_c2l(data,l); X(14)=l;
+                BODY_00_15(13,T,A,B,C,D,E,X(13));       (void)HOST_c2l(data,l); X(15)=l;
                 BODY_00_15(14,E,T,A,B,C,D,X(14));
                 BODY_00_15(15,D,E,T,A,B,C,X(15));
                 }
diff --git a/src/lib/libssl/src/crypto/symhacks.h b/src/lib/libssl/src/crypto/symhacks.h
index 403f592dcd..bd2f000d59 100644
--- a/src/lib/libssl/src/crypto/symhacks.h
+++ b/src/lib/libssl/src/crypto/symhacks.h
@@ -193,17 +193,23 @@
 #undef SSL_CTX_set_srp_username_callback
 #define SSL_CTX_set_srp_username_callback       SSL_CTX_set_srp_un_cb
 #undef ssl_add_clienthello_use_srtp_ext
-#define ssl_add_clienthello_use_srtp_ext ssl_add_clihello_use_srtp_ext
+#define ssl_add_clienthello_use_srtp_ext        ssl_add_clihello_use_srtp_ext
 #undef ssl_add_serverhello_use_srtp_ext
-#define ssl_add_serverhello_use_srtp_ext ssl_add_serhello_use_srtp_ext
+#define ssl_add_serverhello_use_srtp_ext        ssl_add_serhello_use_srtp_ext
 #undef ssl_parse_clienthello_use_srtp_ext
-#define ssl_parse_clienthello_use_srtp_ext ssl_parse_clihello_use_srtp_ext
+#define ssl_parse_clienthello_use_srtp_ext      ssl_parse_clihello_use_srtp_ext
 #undef ssl_parse_serverhello_use_srtp_ext
-#define ssl_parse_serverhello_use_srtp_ext ssl_parse_serhello_use_srtp_ext
+#define ssl_parse_serverhello_use_srtp_ext      ssl_parse_serhello_use_srtp_ext
 #undef SSL_CTX_set_next_protos_advertised_cb
-#define SSL_CTX_set_next_protos_advertised_cb SSL_CTX_set_next_protos_adv_cb
+#define SSL_CTX_set_next_protos_advertised_cb   SSL_CTX_set_next_protos_adv_cb
 #undef SSL_CTX_set_next_proto_select_cb
-#define SSL_CTX_set_next_proto_select_cb SSL_CTX_set_next_proto_sel_cb
+#define SSL_CTX_set_next_proto_select_cb        SSL_CTX_set_next_proto_sel_cb
+#undef ssl3_cbc_record_digest_supported
+#define ssl3_cbc_record_digest_supported        ssl3_cbc_record_digest_support
+#undef ssl_check_clienthello_tlsext_late
+#define ssl_check_clienthello_tlsext_late       ssl_check_clihello_tlsext_late
+#undef ssl_check_clienthello_tlsext_early
+#define ssl_check_clienthello_tlsext_early      ssl_check_clihello_tlsext_early
 
 /* Hack some long ENGINE names */
 #undef ENGINE_get_default_BN_mod_exp_crt
@@ -316,8 +322,6 @@
 #define ec_GFp_simple_point_set_to_infinity     ec_GFp_simple_pt_set_to_inf
 #undef ec_GFp_simple_points_make_affine
 #define ec_GFp_simple_points_make_affine        ec_GFp_simple_pts_make_affine
-#undef ec_GFp_simple_group_get_curve_GFp
-#define ec_GFp_simple_group_get_curve_GFp       ec_GFp_simple_grp_get_curve_GFp
 #undef ec_GFp_simple_set_Jprojective_coordinates_GFp
 #define ec_GFp_simple_set_Jprojective_coordinates_GFp \
                                                 ec_GFp_smp_set_Jproj_coords_GFp
diff --git a/src/lib/libssl/src/crypto/threads/pthreads-vms.com b/src/lib/libssl/src/crypto/threads/pthreads-vms.com
deleted file mode 100644
index 1cf92bdf57..0000000000
--- a/src/lib/libssl/src/crypto/threads/pthreads-vms.com
+++ /dev/null
@@ -1,14 +0,0 @@
-$! To compile mttest on VMS.
-$!
-$! WARNING: only tested with DEC C so far.
-$
-$ if (f$getsyi("cpu").lt.128)
-$ then
-$     arch := VAX
-$ else
-$     arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$     if (arch .eqs. "") then arch = "UNK"
-$ endif
-$ define/user openssl [--.include.openssl]
-$ cc/def=PTHREADS mttest.c
-$ link mttest,[--.'arch'.exe.ssl]libssl/lib,[--.'arch'.exe.crypto]libcrypto/lib
diff --git a/src/lib/libssl/src/crypto/ui/ui_openssl.c b/src/lib/libssl/src/crypto/ui/ui_openssl.c
index e319faa47b..a38c7581e6 100644
--- a/src/lib/libssl/src/crypto/ui/ui_openssl.c
+++ b/src/lib/libssl/src/crypto/ui/ui_openssl.c
@@ -122,9 +122,15 @@
  * sigaction and fileno included. -pedantic would be more appropriate for
  * the intended purposes, but we can't prevent users from adding -ansi.
  */
+#if defined(OPENSSL_SYSNAME_VXWORKS)
+#include <sys/types.h>
+#endif
+
 #if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
+#ifndef _POSIX_C_SOURCE
 #define _POSIX_C_SOURCE 2
 #endif
+#endif
 #include <signal.h>
 #include <stdio.h>
 #include <string.h>
@@ -398,8 +404,8 @@ static int read_till_nl(FILE *in)
         char buf[SIZE+1];
 
         do      {
-                if (fgets(buf,sizeof(buf),in) == NULL)
-                        break;
+                if (!fgets(buf,SIZE,in))
+                        return 0;
                 } while (strchr(buf,'\n') == NULL);
         return 1;
         }
diff --git a/src/lib/libssl/src/crypto/x509/by_dir.c b/src/lib/libssl/src/crypto/x509/by_dir.c
index 27ca5150c1..c6602dae4f 100644
--- a/src/lib/libssl/src/crypto/x509/by_dir.c
+++ b/src/lib/libssl/src/crypto/x509/by_dir.c
@@ -218,7 +218,7 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
 
         s=dir;
         p=s;
-        for (;;p++)
+        do
                 {
                 if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0'))
                         {
@@ -264,9 +264,7 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
                                 return 0;
                                 }
                         }
-                if (*p == '\0')
-                        break;
-                }
+                } while (*p++ != '\0');
         return 1;
         }
 
diff --git a/src/lib/libssl/src/crypto/x509/x509_cmp.c b/src/lib/libssl/src/crypto/x509/x509_cmp.c
index 7c2aaee2e9..352aa37434 100644
--- a/src/lib/libssl/src/crypto/x509/x509_cmp.c
+++ b/src/lib/libssl/src/crypto/x509/x509_cmp.c
@@ -86,10 +86,9 @@ unsigned long X509_issuer_and_serial_hash(X509 *a)
 
         EVP_MD_CTX_init(&ctx);
         f=X509_NAME_oneline(a->cert_info->issuer,NULL,0);
-        ret=strlen(f);
         if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL))
                 goto err;
-        if (!EVP_DigestUpdate(&ctx,(unsigned char *)f,ret))
+        if (!EVP_DigestUpdate(&ctx,(unsigned char *)f,strlen(f)))
                 goto err;
         OPENSSL_free(f);
         if(!EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
@@ -249,14 +248,14 @@ unsigned long X509_NAME_hash_old(X509_NAME *x)
         i2d_X509_NAME(x,NULL);
         EVP_MD_CTX_init(&md_ctx);
         EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-        EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL);
-        EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length);
-        EVP_DigestFinal_ex(&md_ctx,md,NULL);
+        if (EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL)
+            && EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length)
+            && EVP_DigestFinal_ex(&md_ctx,md,NULL))
+                ret=(((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
+                     ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
+                     )&0xffffffffL;
         EVP_MD_CTX_cleanup(&md_ctx);
 
-        ret=(   ((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
-                ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
-                )&0xffffffffL;
         return(ret);
         }
 #endif
diff --git a/src/lib/libssl/src/crypto/x509/x509_vfy.c b/src/lib/libssl/src/crypto/x509/x509_vfy.c
index b0779db023..920066aeba 100644
--- a/src/lib/libssl/src/crypto/x509/x509_vfy.c
+++ b/src/lib/libssl/src/crypto/x509/x509_vfy.c
@@ -694,6 +694,7 @@ static int check_cert(X509_STORE_CTX *ctx)
         X509_CRL *crl = NULL, *dcrl = NULL;
         X509 *x;
         int ok, cnum;
+        unsigned int last_reasons;
         cnum = ctx->error_depth;
         x = sk_X509_value(ctx->chain, cnum);
         ctx->current_cert = x;
@@ -702,6 +703,7 @@ static int check_cert(X509_STORE_CTX *ctx)
         ctx->current_reasons = 0;
         while (ctx->current_reasons != CRLDP_ALL_REASONS)
                 {
+                last_reasons = ctx->current_reasons;
                 /* Try to retrieve relevant CRL */
                 if (ctx->get_crl)
                         ok = ctx->get_crl(ctx, &crl, x);
@@ -745,6 +747,15 @@ static int check_cert(X509_STORE_CTX *ctx)
                 X509_CRL_free(dcrl);
                 crl = NULL;
                 dcrl = NULL;
+                /* If reasons not updated we wont get anywhere by
+                 * another iteration, so exit loop.
+                 */
+                if (last_reasons == ctx->current_reasons)
+                        {
+                        ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
+                        ok = ctx->verify_cb(0, ctx);
+                        goto err;
+                        }
                 }
         err:
         X509_CRL_free(crl);
@@ -872,7 +883,7 @@ static int crl_extension_match(X509_CRL *a, X509_CRL *b, int nid)
         {
         ASN1_OCTET_STRING *exta, *extb;
         int i;
-        i = X509_CRL_get_ext_by_NID(a, nid, 0);
+        i = X509_CRL_get_ext_by_NID(a, nid, -1);
         if (i >= 0)
                 {
                 /* Can't have multiple occurrences */
@@ -883,7 +894,7 @@ static int crl_extension_match(X509_CRL *a, X509_CRL *b, int nid)
         else
                 exta = NULL;
 
-        i = X509_CRL_get_ext_by_NID(b, nid, 0);
+        i = X509_CRL_get_ext_by_NID(b, nid, -1);
 
         if (i >= 0)
                 {
@@ -1451,10 +1462,9 @@ static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
          * a certificate was revoked. This has since been changed since 
          * critical extension can change the meaning of CRL entries.
          */
-        if (crl->flags & EXFLAG_CRITICAL)
+        if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
+                && (crl->flags & EXFLAG_CRITICAL))
                 {
-                if (ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
-                        return 1;
                 ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
                 ok = ctx->verify_cb(0, ctx);
                 if(!ok)
diff --git a/src/lib/libssl/src/crypto/x509/x_all.c b/src/lib/libssl/src/crypto/x509/x_all.c
index b94aeeb873..e06602d65a 100644
--- a/src/lib/libssl/src/crypto/x509/x_all.c
+++ b/src/lib/libssl/src/crypto/x509/x_all.c
@@ -97,6 +97,7 @@ int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
 
 int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx)
         {
+        x->cert_info->enc.modified = 1;
         return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF),
                 x->cert_info->signature,
                 x->sig_alg, x->signature, x->cert_info, ctx);
@@ -123,6 +124,7 @@ int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
 
 int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx)
         {
+        x->crl->enc.modified = 1;
         return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO),
                 x->crl->sig_alg, x->sig_alg, x->signature, x->crl, ctx);
         }
diff --git a/src/lib/libssl/src/crypto/x509v3/v3_purp.c b/src/lib/libssl/src/crypto/x509v3/v3_purp.c
index 181bd34979..ad688657e0 100644
--- a/src/lib/libssl/src/crypto/x509v3/v3_purp.c
+++ b/src/lib/libssl/src/crypto/x509v3/v3_purp.c
@@ -474,11 +474,11 @@ static void x509v3_cache_extensions(X509 *x)
         for (i = 0; i < X509_get_ext_count(x); i++)
                 {
                 ex = X509_get_ext(x, i);
-                if (!X509_EXTENSION_get_critical(ex))
-                        continue;
                 if (OBJ_obj2nid(X509_EXTENSION_get_object(ex))
                                         == NID_freshest_crl)
                         x->ex_flags |= EXFLAG_FRESHEST;
+                if (!X509_EXTENSION_get_critical(ex))
+                        continue;
                 if (!X509_supported_extension(ex))
                         {
                         x->ex_flags |= EXFLAG_CRITICAL;
diff --git a/src/lib/libssl/src/crypto/x86_64cpuid.pl b/src/lib/libssl/src/crypto/x86_64cpuid.pl
index 7b7b93b223..6ebfd017ea 100644
--- a/src/lib/libssl/src/crypto/x86_64cpuid.pl
+++ b/src/lib/libssl/src/crypto/x86_64cpuid.pl
@@ -11,7 +11,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 
-open STDOUT,"| $^X $xlate $flavour $output";
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
 
 ($arg1,$arg2,$arg3,$arg4)=$win64?("%rcx","%rdx","%r8", "%r9") : # Win64 order
                                  ("%rdi","%rsi","%rdx","%rcx"); # Unix order
diff --git a/src/lib/libssl/src/demos/easy_tls/Makefile b/src/lib/libssl/src/demos/easy_tls/Makefile
index f65760670c..ea457a4110 100644
--- a/src/lib/libssl/src/demos/easy_tls/Makefile
+++ b/src/lib/libssl/src/demos/easy_tls/Makefile
@@ -1,5 +1,5 @@
 # Makefile for easy-tls example application (rudimentary client and server)
-# $Id: Makefile,v 1.4 2010/10/01 22:58:57 djm Exp $
+# $Id: Makefile,v 1.5 2014/04/13 15:25:34 miod Exp $
 
 SOLARIS_CFLAGS=-Wall -pedantic -g -O2
 SOLARIS_LIBS=-lxnet
diff --git a/src/lib/libssl/src/demos/easy_tls/cacerts.pem b/src/lib/libssl/src/demos/easy_tls/cacerts.pem
index 2b11eb3b8a..c23d49bba7 100644
--- a/src/lib/libssl/src/demos/easy_tls/cacerts.pem
+++ b/src/lib/libssl/src/demos/easy_tls/cacerts.pem
@@ -1,4 +1,4 @@
-$Id: cacerts.pem,v 1.4 2010/10/01 22:58:57 djm Exp $
+$Id: cacerts.pem,v 1.5 2014/04/13 15:25:34 miod Exp $
 
 issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
 subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
diff --git a/src/lib/libssl/src/demos/easy_tls/cert.pem b/src/lib/libssl/src/demos/easy_tls/cert.pem
index 0daca86ba2..6613c2df44 100644
--- a/src/lib/libssl/src/demos/easy_tls/cert.pem
+++ b/src/lib/libssl/src/demos/easy_tls/cert.pem
@@ -1,4 +1,4 @@
-$Id: cert.pem,v 1.4 2010/10/01 22:58:57 djm Exp $
+$Id: cert.pem,v 1.5 2014/04/13 15:25:34 miod Exp $
 
 Example certificate and key.
 
diff --git a/src/lib/libssl/src/demos/easy_tls/easy-tls.c b/src/lib/libssl/src/demos/easy_tls/easy-tls.c
index cfae4b07cb..72047b3e80 100644
--- a/src/lib/libssl/src/demos/easy_tls/easy-tls.c
+++ b/src/lib/libssl/src/demos/easy_tls/easy-tls.c
@@ -1,7 +1,7 @@
 /* -*- Mode: C; c-file-style: "bsd" -*- */
 /*
  * easy-tls.c -- generic TLS proxy.
- * $Id: easy-tls.c,v 1.5 2010/10/01 22:58:57 djm Exp $
+ * $Id: easy-tls.c,v 1.6 2014/04/13 15:25:34 miod Exp $
  */
 /*
  (c) Copyright 1999 Bodo Moeller.  All rights reserved.
@@ -73,7 +73,7 @@
  */
 
 static char const rcsid[] =
-"$Id: easy-tls.c,v 1.5 2010/10/01 22:58:57 djm Exp $";
+"$Id: easy-tls.c,v 1.6 2014/04/13 15:25:34 miod Exp $";
 
 #include <assert.h>
 #include <errno.h>
diff --git a/src/lib/libssl/src/demos/easy_tls/easy-tls.h b/src/lib/libssl/src/demos/easy_tls/easy-tls.h
index 29af27a6e7..844a5874b9 100644
--- a/src/lib/libssl/src/demos/easy_tls/easy-tls.h
+++ b/src/lib/libssl/src/demos/easy_tls/easy-tls.h
@@ -1,7 +1,7 @@
 /* -*- Mode: C; c-file-style: "bsd" -*- */
 /*
  * easy-tls.h -- generic TLS proxy.
- * $Id: easy-tls.h,v 1.4 2010/10/01 22:58:57 djm Exp $
+ * $Id: easy-tls.h,v 1.5 2014/04/13 15:25:34 miod Exp $
  */
 /*
  * (c) Copyright 1999 Bodo Moeller.  All rights reserved.
diff --git a/src/lib/libssl/src/demos/easy_tls/test.c b/src/lib/libssl/src/demos/easy_tls/test.c
index 4e40cb91c4..4e884c4851 100644
--- a/src/lib/libssl/src/demos/easy_tls/test.c
+++ b/src/lib/libssl/src/demos/easy_tls/test.c
@@ -1,5 +1,5 @@
 /* test.c */
-/* $Id: test.c,v 1.4 2010/10/01 22:58:57 djm Exp $ */
+/* $Id: test.c,v 1.5 2014/04/13 15:25:34 miod Exp $ */
 
 #define L_PORT 9999
 #define C_PORT 443
diff --git a/src/lib/libssl/src/demos/easy_tls/test.h b/src/lib/libssl/src/demos/easy_tls/test.h
index ebee2c5db5..b88d569fe8 100644
--- a/src/lib/libssl/src/demos/easy_tls/test.h
+++ b/src/lib/libssl/src/demos/easy_tls/test.h
@@ -1,5 +1,5 @@
 /* test.h */
-/* $Id: test.h,v 1.4 2010/10/01 22:58:57 djm Exp $ */
+/* $Id: test.h,v 1.5 2014/04/13 15:25:34 miod Exp $ */
 
 
 void test_process_init(int fd, int client_p, void *apparg);
diff --git a/src/lib/libssl/src/demos/engines/rsaref/build.com b/src/lib/libssl/src/demos/engines/rsaref/build.com
deleted file mode 100644
index 72b013d45e..0000000000
--- a/src/lib/libssl/src/demos/engines/rsaref/build.com
+++ /dev/null
@@ -1,105 +0,0 @@
-$! BUILD.COM -- Building procedure for the RSAref engine
-$
-$       if f$search("source.dir") .eqs. "" -
-           .or. f$search("install.dir") .eqs. ""
-$       then
-$           write sys$error "RSAref 2.0 hasn't been properly extracted."
-$           exit
-$       endif
-$
-$       if (f$getsyi("cpu").lt.128)
-$       then
-$           arch := vax
-$       else
-$           arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$           if (arch .eqs. "") then arch = "UNK"
-$       endif
-$
-$       _save_default = f$environment("default")
-$       set default [.install]
-$       files := desc,digit,md2c,md5c,nn,prime,-
-                rsa,r_encode,r_dh,r_enhanc,r_keygen,r_random,-
-                r_stdlib
-$       delete rsaref.olb;*
-$       library/create/object rsaref.olb
-$       files_i = 0
-$ rsaref_loop:
-$       files_e = f$edit(f$element(files_i,",",files),"trim")
-$       files_i = files_i + 1
-$       if files_e .eqs. "," then goto rsaref_loop_end
-$       cc/include=([-.source],[])/define=PROTOTYPES=1/object=[]'files_e'.obj -
-                [-.source]'files_e'.c
-$       library/replace/object rsaref.olb 'files_e'.obj
-$       goto rsaref_loop
-$ rsaref_loop_end:
-$
-$       set default [-]
-$       define/user openssl [---.include.openssl]
-$       cc/define=ENGINE_DYNAMIC_SUPPORT rsaref.c
-$
-$       if arch .eqs. "VAX"
-$       then
-$           macro/object=rsaref_vec.obj sys$input:
-;
-; Transfer vector for VAX shareable image
-;
-        .TITLE librsaref
-;
-; Define macro to assist in building transfer vector entries.  Each entry
-; should take no more than 8 bytes.
-;
-        .MACRO FTRANSFER_ENTRY routine
-        .ALIGN QUAD
-        .TRANSFER routine
-        .MASK   routine
-        JMP     routine+2
-        .ENDM FTRANSFER_ENTRY
-;
-; Place entries in own program section.
-;
-        .PSECT $$LIBRSAREF,QUAD,PIC,USR,CON,REL,LCL,SHR,EXE,RD,NOWRT
-
-LIBRSAREF_xfer:
-        FTRANSFER_ENTRY bind_engine
-        FTRANSFER_ENTRY v_check
-
-;
-; Allocate extra storage at end of vector to allow for expansion.
-;
-        .BLKB 512-<.-LIBRSAREF_xfer>    ; 1 page.
-        .END
-$           link/share=librsaref.exe sys$input:/option
-!
-! Ensure transfer vector is at beginning of image
-!
-CLUSTER=FIRST
-COLLECT=FIRST,$$LIBRSAREF
-!
-! make psects nonshareable so image can be installed.
-!
-PSECT_ATTR=$CHAR_STRING_CONSTANTS,NOWRT
-[]rsaref_vec.obj
-[]rsaref.obj
-[.install]rsaref.olb/lib
-[---.vax.exe.crypto]libcrypto.olb/lib
-$       else
-$           if arch_name .eqs. "ALPHA"
-$           then
-$               link/share=librsaref.exe sys$input:/option
-[]rsaref.obj
-[.install]rsaref.olb/lib
-[---.alpha.exe.crypto]libcrypto.olb/lib
-symbol_vector=(bind_engine=procedure,v_check=procedure)
-$           else
-$               if arch_name .eqs. "IA64"
-$               then
-$                   link /shareable=librsaref.exe sys$input: /options
-[]rsaref.obj
-[.install]rsaref.olb/lib
-[---.ia64.exe.crypto]libcrypto.olb/lib
-symbol_vector=(bind_engine=procedure,v_check=procedure)
-$               endif
-$           endif
-$       endif
-$
-$       set default '_save_default'
diff --git a/src/lib/libssl/src/demos/x509/mkreq.c b/src/lib/libssl/src/demos/x509/mkreq.c
index d17e4ade94..d1cba9dc5a 100644
--- a/src/lib/libssl/src/demos/x509/mkreq.c
+++ b/src/lib/libssl/src/demos/x509/mkreq.c
@@ -7,13 +7,14 @@
 
 #include <openssl/pem.h>
 #include <openssl/conf.h>
+#include <openssl/x509.h>
 #include <openssl/x509v3.h>
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
 
 int mkreq(X509_REQ **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days);
-int add_ext(STACK_OF(X509_REQUEST) *sk, int nid, char *value);
+int add_ext(STACK_OF(X509_EXTENSION) *sk, int nid, char *value);
 
 int main(int argc, char **argv)
         {
@@ -148,7 +149,7 @@ err:
  * because we wont reference any other sections.
  */
 
-int add_ext(STACK_OF(X509_REQUEST) *sk, int nid, char *value)
+int add_ext(STACK_OF(X509_EXTENSION) *sk, int nid, char *value)
         {
         X509_EXTENSION *ex;
         ex = X509V3_EXT_conf_nid(NULL, NULL, nid, value);
diff --git a/src/lib/libssl/src/doc/apps/CA.pl.pod b/src/lib/libssl/src/doc/apps/CA.pl.pod
index ed69952f37..d326101cde 100644
--- a/src/lib/libssl/src/doc/apps/CA.pl.pod
+++ b/src/lib/libssl/src/doc/apps/CA.pl.pod
@@ -39,13 +39,13 @@ prints a usage message.
 
 =item B<-newcert>
 
-creates a new self signed certificate. The private key and certificate are
-written to the file "newreq.pem".
+creates a new self signed certificate. The private key is written to the file
+"newkey.pem" and the request written to the file "newreq.pem".
 
 =item B<-newreq>
 
-creates a new certificate request. The private key and request are
-written to the file "newreq.pem".
+creates a new certificate request. The private key is written to the file
+"newkey.pem" and the request written to the file "newreq.pem".
 
 =item B<-newreq-nodes>
 
diff --git a/src/lib/libssl/src/doc/apps/config.pod b/src/lib/libssl/src/doc/apps/config.pod
index ace34b62bd..25c5381b9d 100644
--- a/src/lib/libssl/src/doc/apps/config.pod
+++ b/src/lib/libssl/src/doc/apps/config.pod
@@ -119,7 +119,7 @@ variable points to a section containing further ENGINE configuration
 information.
 
 The section pointed to by B<engines> is a table of engine names (though see
-B<engine_id> below) and further sections containing configuration informations
+B<engine_id> below) and further sections containing configuration information
 specific to each ENGINE.
 
 Each ENGINE specific section is used to set default algorithms, load
diff --git a/src/lib/libssl/src/doc/apps/crl.pod b/src/lib/libssl/src/doc/apps/crl.pod
index a40c873b95..1ad76a5f8c 100644
--- a/src/lib/libssl/src/doc/apps/crl.pod
+++ b/src/lib/libssl/src/doc/apps/crl.pod
@@ -62,6 +62,11 @@ don't output the encoded version of the CRL.
 output a hash of the issuer name. This can be use to lookup CRLs in
 a directory by issuer name.
 
+=item B<-hash_old>
+
+outputs the "hash" of the CRL issuer name using the older algorithm
+as used by OpenSSL versions before 1.0.0.
+
 =item B<-issuer>
 
 output the issuer name.
diff --git a/src/lib/libssl/src/doc/apps/pkcs12.pod b/src/lib/libssl/src/doc/apps/pkcs12.pod
index f69a5c5a4c..8e0d91798a 100644
--- a/src/lib/libssl/src/doc/apps/pkcs12.pod
+++ b/src/lib/libssl/src/doc/apps/pkcs12.pod
@@ -67,7 +67,7 @@ by default.
 The filename to write certificates and private keys to, standard output by
 default.  They are all written in PEM format.
 
-=item B<-pass arg>, B<-passin arg>
+=item B<-passin arg>
 
 the PKCS#12 file (i.e. input file) password source. For more information about
 the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
@@ -75,10 +75,15 @@ L<openssl(1)|openssl(1)>.
 
 =item B<-passout arg>
 
-pass phrase source to encrypt any outputed private keys with. For more
+pass phrase source to encrypt any outputted private keys with. For more
 information about the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section
 in L<openssl(1)|openssl(1)>.
 
+=item B<-password arg>
+
+With -export, -password is equivalent to -passout.
+Otherwise, -password is equivalent to -passin.
+
 =item B<-noout>
 
 this option inhibits output of the keys and certificates to the output file
diff --git a/src/lib/libssl/src/doc/apps/req.pod b/src/lib/libssl/src/doc/apps/req.pod
index ff48bbdf28..0730d117b3 100644
--- a/src/lib/libssl/src/doc/apps/req.pod
+++ b/src/lib/libssl/src/doc/apps/req.pod
@@ -303,7 +303,7 @@ Reverses effect of B<-asn1-kludge>
 
 =item B<-newhdr>
 
-Adds the word B<NEW> to the PEM file header and footer lines on the outputed
+Adds the word B<NEW> to the PEM file header and footer lines on the outputted
 request. Some software (Netscape certificate server) and some CAs need this.
 
 =item B<-batch>
diff --git a/src/lib/libssl/src/doc/apps/rsa.pod b/src/lib/libssl/src/doc/apps/rsa.pod
index 69b2bef82c..d7d784d52b 100644
--- a/src/lib/libssl/src/doc/apps/rsa.pod
+++ b/src/lib/libssl/src/doc/apps/rsa.pod
@@ -24,6 +24,8 @@ B<openssl> B<rsa>
 [B<-check>]
 [B<-pubin>]
 [B<-pubout>]
+[B<-RSAPublicKey_in>]
+[B<-RSAPublicKey_out>]
 [B<-engine id>]
 
 =head1 DESCRIPTION
@@ -118,6 +120,10 @@ by default a private key is output: with this option a public
 key will be output instead. This option is automatically set if
 the input is a public key.
 
+=item B<-RSAPublicKey_in>, B<-RSAPublicKey_out>
+
+like B<-pubin> and B<-pubout> except B<RSAPublicKey> format is used instead.
+
 =item B<-engine id>
 
 specifying an engine (by its unique B<id> string) will cause B<rsa>
@@ -139,6 +145,11 @@ The PEM public key format uses the header and footer lines:
  -----BEGIN PUBLIC KEY-----
  -----END PUBLIC KEY-----
 
+The PEM B<RSAPublicKey> format uses the header and footer lines:
+
+ -----BEGIN RSA PUBLIC KEY-----
+ -----END RSA PUBLIC KEY-----
+
 The B<NET> form is a format compatible with older Netscape servers
 and Microsoft IIS .key files, this uses unsalted RC4 for its encryption.
 It is not very secure and so should only be used when necessary.
@@ -173,6 +184,10 @@ To just output the public part of a private key:
 
  openssl rsa -in key.pem -pubout -out pubkey.pem
 
+Output the public part of a private key in B<RSAPublicKey> format:
+
+ openssl rsa -in key.pem -RSAPublicKey_out -out pubkey.pem
+
 =head1 BUGS
 
 The command line password arguments don't currently work with
diff --git a/src/lib/libssl/src/doc/apps/s_client.pod b/src/lib/libssl/src/doc/apps/s_client.pod
index 4ebf7b5854..3215b2e8c9 100644
--- a/src/lib/libssl/src/doc/apps/s_client.pod
+++ b/src/lib/libssl/src/doc/apps/s_client.pod
@@ -10,6 +10,7 @@ s_client - SSL/TLS client program
 B<openssl> B<s_client>
 [B<-connect host:port>]
 [B<-verify depth>]
+[B<-verify_return_error>]
 [B<-cert filename>]
 [B<-certform DER|PEM>]
 [B<-key filename>]
@@ -90,6 +91,11 @@ Currently the verify operation continues after errors so all the problems
 with a certificate chain can be seen. As a side effect the connection
 will never fail due to a server certificate verify failure.
 
+=item B<-verify_return_error>
+
+Return verification errors instead of continuing. This will typically
+abort the handshake with a fatal error.
+
 =item B<-CApath directory>
 
 The directory to use for server certificate verification. This directory
@@ -286,6 +292,13 @@ Since the SSLv23 client hello cannot include compression methods or extensions
 these will only be supported if its use is disabled, for example by using the
 B<-no_sslv2> option.
 
+The B<s_client> utility is a test tool and is designed to continue the
+handshake after any certificate verification errors. As a result it will
+accept any certificate chain (trusted or not) sent by the peer. None test
+applications should B<not> do this as it makes them vulnerable to a MITM
+attack. This behaviour can be changed by with the B<-verify_return_error>
+option: any verify errors are then returned aborting the handshake.
+
 =head1 BUGS
 
 Because this program has a lot of options and also because some of
@@ -293,9 +306,6 @@ the techniques used are rather old, the C source of s_client is rather
 hard to read and not a model of how things should be done. A typical
 SSL client program would be much simpler.
 
-The B<-verify> option should really exit if the server verification
-fails.
-
 The B<-prexit> option is a bit of a hack. We should really report
 information whenever a session is renegotiated.
 
diff --git a/src/lib/libssl/src/doc/apps/s_server.pod b/src/lib/libssl/src/doc/apps/s_server.pod
index 3e503e17e1..6758ba3080 100644
--- a/src/lib/libssl/src/doc/apps/s_server.pod
+++ b/src/lib/libssl/src/doc/apps/s_server.pod
@@ -111,7 +111,7 @@ by using an appropriate certificate.
 
 =item B<-dcertform format>, B<-dkeyform format>, B<-dpass arg>
 
-addtional certificate and private key format and passphrase respectively.
+additional certificate and private key format and passphrase respectively.
 
 =item B<-nocert>
 
diff --git a/src/lib/libssl/src/doc/apps/verify.pod b/src/lib/libssl/src/doc/apps/verify.pod
index 336098f1e3..da683004bd 100644
--- a/src/lib/libssl/src/doc/apps/verify.pod
+++ b/src/lib/libssl/src/doc/apps/verify.pod
@@ -54,35 +54,37 @@ in PEM format concatenated together.
 =item B<-untrusted file>
 
 A file of untrusted certificates. The file should contain multiple certificates
+in PEM format concatenated together.
 
 =item B<-purpose purpose>
 
-the intended use for the certificate. Without this option no chain verification
-will be done. Currently accepted uses are B<sslclient>, B<sslserver>,
-B<nssslserver>, B<smimesign>, B<smimeencrypt>. See the B<VERIFY OPERATION>
-section for more information.
+The intended use for the certificate. If this option is not specified,
+B<verify> will not consider certificate purpose during chain verification.
+Currently accepted uses are B<sslclient>, B<sslserver>, B<nssslserver>,
+B<smimesign>, B<smimeencrypt>. See the B<VERIFY OPERATION> section for more
+information.
 
 =item B<-help>
 
-prints out a usage message.
+Print out a usage message.
 
 =item B<-verbose>
 
-print extra information about the operations being performed.
+Print extra information about the operations being performed.
 
 =item B<-issuer_checks>
 
-print out diagnostics relating to searches for the issuer certificate
-of the current certificate. This shows why each candidate issuer
-certificate was rejected. However the presence of rejection messages
-does not itself imply that anything is wrong: during the normal
-verify process several rejections may take place.
+Print out diagnostics relating to searches for the issuer certificate of the
+current certificate. This shows why each candidate issuer certificate was
+rejected. The presence of rejection messages does not itself imply that
+anything is wrong; during the normal verification process, several
+rejections may take place.
 
 =item B<-policy arg>
 
-Enable policy processing and add B<arg> to the user-initial-policy-set
-(see RFC3280 et al). The policy B<arg> can be an object name an OID in numeric
-form. This argument can appear more than once.
+Enable policy processing and add B<arg> to the user-initial-policy-set (see
+RFC5280). The policy B<arg> can be an object name an OID in numeric form.
+This argument can appear more than once.
 
 =item B<-policy_check>
 
@@ -90,41 +92,40 @@ Enables certificate policy processing.
 
 =item B<-explicit_policy>
 
-Set policy variable require-explicit-policy (see RFC3280 et al).
+Set policy variable require-explicit-policy (see RFC5280).
 
 =item B<-inhibit_any>
 
-Set policy variable inhibit-any-policy (see RFC3280 et al).
+Set policy variable inhibit-any-policy (see RFC5280).
 
 =item B<-inhibit_map>
 
-Set policy variable inhibit-policy-mapping (see RFC3280 et al).
+Set policy variable inhibit-policy-mapping (see RFC5280).
 
 =item B<-policy_print>
 
-Print out diagnostics, related to policy checking
+Print out diagnostics related to policy processing.
 
 =item B<-crl_check>
 
-Checks end entity certificate validity by attempting to lookup a valid CRL.
+Checks end entity certificate validity by attempting to look up a valid CRL.
 If a valid CRL cannot be found an error occurs. 
 
 =item B<-crl_check_all>
 
 Checks the validity of B<all> certificates in the chain by attempting
-to lookup valid CRLs.
+to look up valid CRLs.
 
 =item B<-ignore_critical>
 
 Normally if an unhandled critical extension is present which is not
-supported by OpenSSL the certificate is rejected (as required by
-RFC3280 et al). If this option is set critical extensions are
-ignored.
+supported by OpenSSL the certificate is rejected (as required by RFC5280).
+If this option is set critical extensions are ignored.
 
 =item B<-x509_strict>
 
-Disable workarounds for broken certificates which have to be disabled
-for strict X.509 compliance.
+For strict X.509 compliance, disable non-compliant workarounds for broken
+certificates.
 
 =item B<-extended_crl>
 
@@ -142,16 +143,15 @@ because it doesn't add any security.
 
 =item B<->
 
-marks the last option. All arguments following this are assumed to be
+Indicates the last option. All arguments following this are assumed to be
 certificate files. This is useful if the first certificate filename begins
 with a B<->.
 
 =item B<certificates>
 
-one or more certificates to verify. If no certificate filenames are included
-then an attempt is made to read a certificate from standard input. They should
-all be in PEM format.
-
+One or more certificates to verify. If no certificates are given, B<verify>
+will attempt to read a certificate from standard input. Certificates must be
+in PEM format.
 
 =back
 
diff --git a/src/lib/libssl/src/doc/apps/x509.pod b/src/lib/libssl/src/doc/apps/x509.pod
index 3002b08123..d2d9eb812a 100644
--- a/src/lib/libssl/src/doc/apps/x509.pod
+++ b/src/lib/libssl/src/doc/apps/x509.pod
@@ -29,6 +29,7 @@ B<openssl> B<x509>
 [B<-purpose>]
 [B<-dates>]
 [B<-modulus>]
+[B<-pubkey>]
 [B<-fingerprint>]
 [B<-alias>]
 [B<-noout>]
@@ -135,6 +136,10 @@ section for more information.
 
 this option prevents output of the encoded version of the request.
 
+=item B<-pubkey>
+
+outputs the the certificate's SubjectPublicKeyInfo block in PEM format.
+
 =item B<-modulus>
 
 this option prints out the value of the modulus of the public key
diff --git a/src/lib/libssl/src/doc/crypto/ERR_get_error.pod b/src/lib/libssl/src/doc/crypto/ERR_get_error.pod
index 34443045fc..828ecf529b 100644
--- a/src/lib/libssl/src/doc/crypto/ERR_get_error.pod
+++ b/src/lib/libssl/src/doc/crypto/ERR_get_error.pod
@@ -52,8 +52,11 @@ ERR_get_error_line_data(), ERR_peek_error_line_data() and
 ERR_get_last_error_line_data() store additional data and flags
 associated with the error code in *B<data>
 and *B<flags>, unless these are B<NULL>. *B<data> contains a string
-if *B<flags>&B<ERR_TXT_STRING>. If it has been allocated by OPENSSL_malloc(),
-*B<flags>&B<ERR_TXT_MALLOCED> is true.
+if *B<flags>&B<ERR_TXT_STRING> is true. 
+
+An application B<MUST NOT> free the *B<data> pointer (or any other pointers
+returned by these functions) with OPENSSL_free() as freeing is handled
+automatically by the error library.
 
 =head1 RETURN VALUES
 
diff --git a/src/lib/libssl/src/doc/crypto/EVP_BytesToKey.pod b/src/lib/libssl/src/doc/crypto/EVP_BytesToKey.pod
index d375c46e03..0ea7d55c0f 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_BytesToKey.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_BytesToKey.pod
@@ -17,7 +17,7 @@ EVP_BytesToKey - password based encryption routine
 
 EVP_BytesToKey() derives a key and IV from various parameters. B<type> is
 the cipher to derive the key and IV for. B<md> is the message digest to use.
-The B<salt> paramter is used as a salt in the derivation: it should point to
+The B<salt> parameter is used as a salt in the derivation: it should point to
 an 8 byte buffer or NULL if no salt is used. B<data> is a buffer containing
 B<datal> bytes which is used to derive the keying data. B<count> is the
 iteration count to use. The derived key and IV will be written to B<key>
diff --git a/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod b/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod
index 1aa15acb61..367691cc7a 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_DigestInit.pod
@@ -252,9 +252,9 @@ digest name passed on the command line.
 
 =head1 SEE ALSO
 
-L<evp(3)|evp(3)>, L<HMAC(3)|HMAC(3)>, L<MD2(3)|MD2(3)>,
-L<MD5(3)|MD5(3)>, L<MDC2(3)|MDC2(3)>, L<RIPEMD160(3)|RIPEMD160(3)>,
-L<SHA1(3)|SHA1(3)>
+L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
+L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
 
 =head1 HISTORY
 
diff --git a/src/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod b/src/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod
index 8271d3dfc4..1c4bf184a1 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_EncryptInit.pod
@@ -152,7 +152,7 @@ does not remain in memory.
 
 EVP_EncryptInit(), EVP_DecryptInit() and EVP_CipherInit() behave in a
 similar way to EVP_EncryptInit_ex(), EVP_DecryptInit_ex and
-EVP_CipherInit_ex() except the B<ctx> paramter does not need to be
+EVP_CipherInit_ex() except the B<ctx> parameter does not need to be
 initialized and they always use the default cipher implementation.
 
 EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() behave in a
diff --git a/src/lib/libssl/src/doc/crypto/EVP_PKEY_verifyrecover.pod b/src/lib/libssl/src/doc/crypto/EVP_PKEY_verifyrecover.pod
deleted file mode 100644
index f3605eb826..0000000000
--- a/src/lib/libssl/src/doc/crypto/EVP_PKEY_verifyrecover.pod
+++ /dev/null
@@ -1,103 +0,0 @@
-=pod
-
-=head1 NAME
-
-EVP_PKEY_verifyrecover_init, EVP_PKEY_verifyrecover - recover signature using a public key algorithm
-
-=head1 SYNOPSIS
-
- #include <openssl/evp.h>
-
- int EVP_PKEY_verifyrecover_init(EVP_PKEY_CTX *ctx);
- int EVP_PKEY_verifyrecover(EVP_PKEY_CTX *ctx,
-                        unsigned char *rout, size_t *routlen,
-                        const unsigned char *sig, size_t siglen);
-
-=head1 DESCRIPTION
-
-The EVP_PKEY_verifyrecover_init() function initializes a public key algorithm
-context using key B<pkey> for a verify recover operation.
-
-The EVP_PKEY_verifyrecover() function recovers signed data
-using B<ctx>. The signature is specified using the B<sig> and
-B<siglen> parameters. If B<rout> is B<NULL> then the maximum size of the output
-buffer is written to the B<routlen> parameter. If B<rout> is not B<NULL> then
-before the call the B<routlen> parameter should contain the length of the
-B<rout> buffer, if the call is successful recovered data is written to
-B<rout> and the amount of data written to B<routlen>.
-
-=head1 NOTES
-
-Normally an application is only interested in whether a signature verification
-operation is successful in those cases the EVP_verify() function should be 
-used.
-
-Sometimes however it is useful to obtain the data originally signed using a
-signing operation. Only certain public key algorithms can recover a signature
-in this way (for example RSA in PKCS padding mode).
-
-After the call to EVP_PKEY_verifyrecover_init() algorithm specific control
-operations can be performed to set any appropriate parameters for the
-operation.
-
-The function EVP_PKEY_verifyrecover() can be called more than once on the same
-context if several operations are performed using the same parameters.
-
-=head1 RETURN VALUES
-
-EVP_PKEY_verifyrecover_init() and EVP_PKEY_verifyrecover() return 1 for success
-and 0 or a negative value for failure. In particular a return value of -2
-indicates the operation is not supported by the public key algorithm.
-
-=head1 EXAMPLE
-
-Recover digest originally signed using PKCS#1 and SHA256 digest:
-
- #include <openssl/evp.h>
- #include <openssl/rsa.h>
-
- EVP_PKEY_CTX *ctx;
- unsigned char *rout, *sig;
- size_t routlen, siglen; 
- EVP_PKEY *verify_key;
- /* NB: assumes verify_key, sig and siglen are already set up
-  * and that verify_key is an RSA public key
-  */
- ctx = EVP_PKEY_CTX_new(verify_key);
- if (!ctx)
-        /* Error occurred */
- if (EVP_PKEY_verifyrecover_init(ctx) <= 0)
-        /* Error */
- if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
-        /* Error */
- if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0)
-        /* Error */
-
- /* Determine buffer length */
- if (EVP_PKEY_verifyrecover(ctx, NULL, &routlen, sig, siglen) <= 0)
-        /* Error */
-
- rout = OPENSSL_malloc(routlen);
-
- if (!rout)
-        /* malloc failure */
- 
- if (EVP_PKEY_verifyrecover(ctx, rout, &routlen, sig, siglen) <= 0)
-        /* Error */
-
- /* Recovered data is routlen bytes written to buffer rout */
-
-=head1 SEE ALSO
-
-L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
-L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
-L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
-L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
-L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
-L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
-
-=head1 HISTORY
-
-These functions were first added to OpenSSL 1.0.0.
-
-=cut
diff --git a/src/lib/libssl/src/doc/crypto/EVP_SignInit.pod b/src/lib/libssl/src/doc/crypto/EVP_SignInit.pod
index 781d43e401..620a623ab6 100644
--- a/src/lib/libssl/src/doc/crypto/EVP_SignInit.pod
+++ b/src/lib/libssl/src/doc/crypto/EVP_SignInit.pod
@@ -89,10 +89,10 @@ The previous two bugs are fixed in the newer EVP_SignDigest*() function.
 =head1 SEE ALSO
 
 L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>,
-L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
-L<evp(3)|evp(3)>, L<HMAC(3)|HMAC(3)>, L<MD2(3)|MD2(3)>,
-L<MD5(3)|MD5(3)>, L<MDC2(3)|MDC2(3)>, L<RIPEMD(3)|RIPEMD(3)>,
-L<SHA1(3)|SHA1(3)>, L<digest(1)|digest(1)>
+L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
+L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
+L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
 
 =head1 HISTORY
 
diff --git a/src/lib/libssl/src/doc/crypto/des_modes.pod b/src/lib/libssl/src/doc/crypto/des_modes.pod
index 0ad01eafe2..e883ca8fde 100644
--- a/src/lib/libssl/src/doc/crypto/des_modes.pod
+++ b/src/lib/libssl/src/doc/crypto/des_modes.pod
@@ -248,7 +248,8 @@ it to:
 
 =head1 SEE ALSO
 
-L<blowfish(3)|blowfish(3)>
+L<blowfish(3)|blowfish(3)>, L<des(3)|des(3)>, L<idea(3)|idea(3)>,
+L<rc2(3)|rc2(3)>
 
 =cut
 
diff --git a/src/lib/libssl/src/doc/crypto/dsa.pod b/src/lib/libssl/src/doc/crypto/dsa.pod
index ae2e5d81f9..da07d2b930 100644
--- a/src/lib/libssl/src/doc/crypto/dsa.pod
+++ b/src/lib/libssl/src/doc/crypto/dsa.pod
@@ -101,7 +101,8 @@ Standard, DSS), ANSI X9.30
 =head1 SEE ALSO
 
 L<bn(3)|bn(3)>, L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
-L<rsa(3)|rsa(3)>, L<SHA1(3)|SHA1(3)>, L<DSA_new(3)|DSA_new(3)>,
+L<rsa(3)|rsa(3)>, L<sha(3)|sha(3)>, L<engine(3)|engine(3)>,
+L<DSA_new(3)|DSA_new(3)>,
 L<DSA_size(3)|DSA_size(3)>,
 L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>,
 L<DSA_dup_DH(3)|DSA_dup_DH(3)>,
diff --git a/src/lib/libssl/src/doc/crypto/hmac.pod b/src/lib/libssl/src/doc/crypto/hmac.pod
index 5e3921a0d8..d92138d273 100644
--- a/src/lib/libssl/src/doc/crypto/hmac.pod
+++ b/src/lib/libssl/src/doc/crypto/hmac.pod
@@ -90,7 +90,7 @@ RFC 2104
 
 =head1 SEE ALSO
 
-L<SHA1(3)|SHA1(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>
+L<sha(3)|sha(3)>, L<evp(3)|evp(3)>
 
 =head1 HISTORY
 
diff --git a/src/lib/libssl/src/doc/crypto/mdc2.pod b/src/lib/libssl/src/doc/crypto/mdc2.pod
index 2fab9a9871..41f648af36 100644
--- a/src/lib/libssl/src/doc/crypto/mdc2.pod
+++ b/src/lib/libssl/src/doc/crypto/mdc2.pod
@@ -54,7 +54,7 @@ ISO/IEC 10118-2, with DES
 
 =head1 SEE ALSO
 
-L<SHA1(3)|SHA1(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>
+L<sha(3)|sha(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>
 
 =head1 HISTORY
 
diff --git a/src/lib/libssl/src/doc/crypto/pem.pod b/src/lib/libssl/src/doc/crypto/pem.pod
index d5b1896119..54414a3f6f 100644
--- a/src/lib/libssl/src/doc/crypto/pem.pod
+++ b/src/lib/libssl/src/doc/crypto/pem.pod
@@ -201,7 +201,7 @@ handle PKCS#8 format encrypted and unencrypted keys too.
 PEM_write_bio_PKCS8PrivateKey() and PEM_write_PKCS8PrivateKey()
 write a private key in an EVP_PKEY structure in PKCS#8
 EncryptedPrivateKeyInfo format using PKCS#5 v2.0 password based encryption
-algorithms. The B<cipher> argument specifies the encryption algoritm to
+algorithms. The B<cipher> argument specifies the encryption algorithm to
 use: unlike all other PEM routines the encryption is applied at the
 PKCS#8 level and not in the PEM headers. If B<cipher> is NULL then no
 encryption is used and a PKCS#8 PrivateKeyInfo structure is used instead.
diff --git a/src/lib/libssl/src/doc/crypto/ripemd.pod b/src/lib/libssl/src/doc/crypto/ripemd.pod
index 348ef7c961..264bb99ae7 100644
--- a/src/lib/libssl/src/doc/crypto/ripemd.pod
+++ b/src/lib/libssl/src/doc/crypto/ripemd.pod
@@ -56,7 +56,7 @@ ISO/IEC 10118-3 (draft) (??)
 
 =head1 SEE ALSO
 
-L<SHA1(3)|SHA1(3)>, L<HMAC(3)|HMAC(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>
+L<sha(3)|sha(3)>, L<hmac(3)|hmac(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>
 
 =head1 HISTORY
 
diff --git a/src/lib/libssl/src/doc/crypto/sha.pod b/src/lib/libssl/src/doc/crypto/sha.pod
index d7a56accd3..94ab7bc724 100644
--- a/src/lib/libssl/src/doc/crypto/sha.pod
+++ b/src/lib/libssl/src/doc/crypto/sha.pod
@@ -60,7 +60,7 @@ ANSI X9.30
 
 =head1 SEE ALSO
 
-L<RIPEMD160(3)|RIPEMD160(3)>, L<HMAC(3)|HMAC(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>
+L<ripemd(3)|ripemd(3)>, L<hmac(3)|hmac(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>
 
 =head1 HISTORY
 
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_client_CA_list.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_client_CA_list.pod
index 04d0a3c9a8..bcf35dc85b 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_client_CA_list.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_client_CA_list.pod
@@ -66,16 +66,16 @@ values:
 
 =over 4
 
-=item C<1>
-
-The operation succeeded.
-
 =item C<0>
 
 A failure while manipulating the STACK_OF(X509_NAME) object occurred or
 the X509_NAME could not be extracted from B<cacert>. Check the error stack
 to find out the reason.
 
+=item C<1>
+
+The operation succeeded.
+
 =back
 
 =head1 EXAMPLES
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod
index cc588f3a78..fded0601b5 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod
@@ -88,9 +88,10 @@ As of OpenSSL 0.9.8q and 1.0.0c, this option has no effect.
 
 ...
 
-=item SSL_OP_MSIE_SSLV2_RSA_PADDING
+=item SSL_OP_SAFARI_ECDHE_ECDSA_BUG
 
-As of OpenSSL 0.9.7h and 0.9.8a, this option has no effect.
+Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X.
+OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
 
 =item SSL_OP_SSLEAY_080_CLIENT_DH_BUG
 
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_verify.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_verify.pod
index 81566839d3..6fd6c03215 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_verify.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_verify.pod
@@ -169,8 +169,8 @@ that will always continue the TLS/SSL handshake regardless of verification
 failure, if wished. The callback realizes a verification depth limit with
 more informational output.
 
-All verification errors are printed, informations about the certificate chain
-are printed on request.
+All verification errors are printed; information about the certificate chain
+is printed on request.
 The example is realized for a server that does allow but not require client
 certificates.
 
diff --git a/src/lib/libssl/src/doc/ssl/SSL_accept.pod b/src/lib/libssl/src/doc/ssl/SSL_accept.pod
index 17f504b89b..288203f8af 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_accept.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_accept.pod
@@ -44,18 +44,18 @@ The following return values can occur:
 
 =over 4
 
-=item C<1>
-
-The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
-established.
-
 =item C<0>
 
 The TLS/SSL handshake was not successful but was shut down controlled and
 by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
 return value B<ret> to find out the reason.
 
-=item C<E<lt>0>
+=item C<1>
+
+The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
+established.
+
+=item E<lt>0
 
 The TLS/SSL handshake was not successful because a fatal error occurred either
 at the protocol level or a connection failure occurred. The shutdown was
diff --git a/src/lib/libssl/src/doc/ssl/SSL_connect.pod b/src/lib/libssl/src/doc/ssl/SSL_connect.pod
index 413af361e1..0087f6b3e1 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_connect.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_connect.pod
@@ -41,17 +41,17 @@ The following return values can occur:
 
 =over 4
 
-=item C<1>
-
-The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
-established.
-
 =item C<0>
 
 The TLS/SSL handshake was not successful but was shut down controlled and
 by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
 return value B<ret> to find out the reason.
 
+=item C<1>
+
+The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
+established.
+
 =item C<E<lt>0>
 
 The TLS/SSL handshake was not successful, because a fatal error occurred either
diff --git a/src/lib/libssl/src/doc/ssl/SSL_do_handshake.pod b/src/lib/libssl/src/doc/ssl/SSL_do_handshake.pod
index e9d4119c72..1ca18d4723 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_do_handshake.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_do_handshake.pod
@@ -45,17 +45,17 @@ The following return values can occur:
 
 =over 4
 
-=item C<1>
-
-The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
-established.
-
 =item C<0>
 
 The TLS/SSL handshake was not successful but was shut down controlled and
 by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
 return value B<ret> to find out the reason.
 
+=item C<1>
+
+The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
+established.
+
 =item C<E<lt>0>
 
 The TLS/SSL handshake was not successful because a fatal error occurred either
diff --git a/src/lib/libssl/src/doc/ssl/SSL_set_shutdown.pod b/src/lib/libssl/src/doc/ssl/SSL_set_shutdown.pod
index 011a022a12..fe013085d3 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_set_shutdown.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_set_shutdown.pod
@@ -24,7 +24,7 @@ The shutdown state of an ssl connection is a bitmask of:
 
 =over 4
 
-=item 0
+=item Z<>0
 
 No shutdown setting, yet.
 
diff --git a/src/lib/libssl/src/doc/ssl/SSL_shutdown.pod b/src/lib/libssl/src/doc/ssl/SSL_shutdown.pod
index 69ad31e80b..d86ac7cb13 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_shutdown.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_shutdown.pod
@@ -92,11 +92,6 @@ The following return values can occur:
 
 =over 4
 
-=item C<1>
-
-The shutdown was successfully completed. The "close notify" alert was sent
-and the peer's "close notify" alert was received.
-
 =item C<0>
 
 The shutdown is not yet finished. Call SSL_shutdown() for a second time,
@@ -104,6 +99,11 @@ if a bidirectional shutdown shall be performed.
 The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an
 erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.
 
+=item C<1>
+
+The shutdown was successfully completed. The "close notify" alert was sent
+and the peer's "close notify" alert was received.
+
 =item C<-1>
 
 The shutdown was not successful because a fatal error occurred either
diff --git a/src/lib/libssl/src/doc/ssl/ssl.pod b/src/lib/libssl/src/doc/ssl/ssl.pod
index 88aaebf3f6..6d3ee24e4e 100644
--- a/src/lib/libssl/src/doc/ssl/ssl.pod
+++ b/src/lib/libssl/src/doc/ssl/ssl.pod
@@ -3,7 +3,7 @@
 
 =head1 NAME
 
-ssl - OpenSSL SSL/TLS library
+SSL - OpenSSL SSL/TLS library
 
 =head1 SYNOPSIS
 
diff --git a/src/lib/libssl/src/e_os.h b/src/lib/libssl/src/e_os.h
index 79c1392573..6a0aad1de7 100644
--- a/src/lib/libssl/src/e_os.h
+++ b/src/lib/libssl/src/e_os.h
@@ -368,6 +368,13 @@ static unsigned int _strlen31(const char *str)
 #    define DEFAULT_HOME  "C:"
 #  endif
 
+/* Avoid Windows 8 SDK GetVersion deprecated problems */
+#if defined(_MSC_VER) && _MSC_VER>=1800
+#  define check_winnt() (1)
+#else
+#  define check_winnt() (GetVersion() < 0x80000000)
+#endif 
+
 #else /* The non-microsoft world */
 
 #  ifdef OPENSSL_SYS_VMS
diff --git a/src/lib/libssl/src/engines/e_capi.c b/src/lib/libssl/src/engines/e_capi.c
index bfedde0eb0..c1085b56cd 100644
--- a/src/lib/libssl/src/engines/e_capi.c
+++ b/src/lib/libssl/src/engines/e_capi.c
@@ -1432,10 +1432,13 @@ static PCCERT_CONTEXT capi_find_cert(CAPI_CTX *ctx, const char *id, HCERTSTORE h
 static CAPI_KEY *capi_get_key(CAPI_CTX *ctx, const char *contname, char *provname, DWORD ptype, DWORD keyspec)
         {
         CAPI_KEY *key;
+    DWORD dwFlags = 0; 
         key = OPENSSL_malloc(sizeof(CAPI_KEY));
         CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n", 
                                                 contname, provname, ptype);
-        if (!CryptAcquireContextA(&key->hprov, contname, provname, ptype, 0))
+    if(ctx->store_flags & CERT_SYSTEM_STORE_LOCAL_MACHINE)
+        dwFlags = CRYPT_MACHINE_KEYSET;
+    if (!CryptAcquireContextA(&key->hprov, contname, provname, ptype, dwFlags)) 
                 {
                 CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
                 capi_addlasterror();
diff --git a/src/lib/libssl/src/engines/makeengines.com b/src/lib/libssl/src/engines/makeengines.com
deleted file mode 100644
index 6329fbbf03..0000000000
--- a/src/lib/libssl/src/engines/makeengines.com
+++ /dev/null
@@ -1,1125 +0,0 @@
-$!
-$!  MAKEENGINES.COM
-$!  Written By:  Richard Levitte
-$!               richard@levitte.org
-$!
-$!  This command file compiles and creates the various engines in form
-$!  of shared images.  They are placed in [.xxx.EXE.ENGINES], where "xxx"
-$!  is ALPHA, IA64 or VAX, depending on your hardware.
-$!
-$!  P1  if this is ENGINES or ALL, the engines will build, otherwise not.
-$!
-$!  P2  DEBUG or NODEBUG to compile with or without debugger information.
-$!
-$!  P3  VAXC            for VAX C
-$!      DECC            for DEC C
-$!      GNUC            for GNU C (untested)
-$!
-$!  P4  if defined, sets the TCP/IP libraries to use.  UCX or TCPIP is
-$!      used by default since most other implementations come with a
-$!      compatibility library.  The value must be one of the following:
-$!
-$!      UCX             for UCX
-$!      SOCKETSHR       for SOCKETSHR+NETLIB
-$!      TCPIP           for TCPIP (post UCX)
-$!
-$!  P5  if defined, tells the compiler not to use special threads.
-$!
-$!  P6  if defined, denotes which engines to build.  If not defined,
-$!      all available engines are built.
-$!
-$!  P7, if defined, specifies the C pointer size.  Ignored on VAX.
-$!      ("64=ARGV" gives more efficient code with HP C V7.3 or newer.)
-$!      Supported values are:
-$!
-$!      ""      Compile with default (/NOPOINTER_SIZE)
-$!      32      Compile with /POINTER_SIZE=32 (SHORT)
-$!      64      Compile with /POINTER_SIZE=64[=ARGV] (LONG[=ARGV])
-$!               (Automatically select ARGV if compiler supports it.)
-$!      64=      Compile with /POINTER_SIZE=64 (LONG).
-$!      64=ARGV  Compile with /POINTER_SIZE=64=ARGV (LONG=ARGV).
-$!
-$!  P8, if defined, specifies a directory where ZLIB files (zlib.h,
-$!  libz.olb) may be found.  Optionally, a non-default object library
-$!  name may be included ("dev:[dir]libz_64.olb", for example).
-$!
-$!-----------------------------------------------------------------------------
-$!
-$! Announce/identify.
-$!
-$ proc = f$environment( "procedure")
-$ write sys$output "@@@ "+ -
-   f$parse( proc, , , "name")+ f$parse( proc, , , "type")
-$!
-$ on control_c then goto exit
-$!
-$! Set the default TCP/IP library to link against if needed
-$!
-$ TCPIP_LIB = ""
-$ ZLIB_LIB = ""
-$!
-$! Check What Architecture We Are Using.
-$!
-$ IF (F$GETSYI("CPU").LT.128)
-$ THEN
-$!
-$!  The Architecture Is VAX.
-$!
-$   ARCH = "VAX"
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$!  The Architecture Is Alpha, IA64 or whatever comes in the future.
-$!
-$   ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
-$   IF (ARCH .EQS. "") THEN ARCH = "UNK"
-$!
-$! End The Architecture Check.
-$!
-$ ENDIF
-$!
-$ ARCHD = ARCH
-$ LIB32 = "32"
-$ OPT_FILE = ""
-$ POINTER_SIZE = ""
-$!
-$! Set the names of the engines we want to build
-$! NOTE: Some might think this list ugly.  However, it's made this way to
-$! reflect the LIBNAMES variable in Makefile as closely as possible,
-$! thereby making it fairly easy to verify that the lists are the same.
-$! NOTE: gmp isn't built, as it's mostly a test engine and brings in another
-$! library that isn't necessarely ported to VMS.
-$!
-$ ENGINES = "," + P6
-$ IF ENGINES .EQS. "," THEN -
-        ENGINES = ",4758cca,aep,atalla,cswift,chil,nuron,sureware,ubsec,padlock,"
-$!
-$! GOST requires a 64-bit integer type, unavailable on VAX.
-$!
-$ IF (ARCH .NES. "VAX") THEN -
-       ENGINES = ENGINES+ ",ccgost"
-$!
-$! Check options.
-$!
-$ OPT_PHASE = P1
-$ ACCEPT_PHASE = "ALL,ENGINES"
-$ OPT_DEBUG = P2
-$ OPT_COMPILER = P3
-$ OPT_TCPIP_LIB = P4
-$ OPT_SPECIAL_THREADS = P5
-$ OPT_POINTER_SIZE = P7
-$ ZLIB = P8
-$
-$ GOSUB CHECK_OPTIONS
-$!
-$! Set the goal directories, and create them if necessary
-$!
-$ OBJ_DIR := SYS$DISK:[-.'ARCHD'.OBJ.ENGINES]
-$ EXE_DIR := SYS$DISK:[-.'ARCHD'.EXE.ENGINES]
-$ IF F$PARSE(OBJ_DIR) .EQS. "" THEN CREATE/DIRECTORY 'OBJ_DIR'
-$ IF F$PARSE(EXE_DIR) .EQS. "" THEN CREATE/DIRECTORY 'EXE_DIR'
-$!
-$! Set the goal files, and create them if necessary
-$!
-$ CRYPTO_LIB := SYS$DISK:[-.'ARCHD'.EXE.CRYPTO]SSL_LIBCRYPTO'LIB32'.OLB
-$ IF F$SEARCH(CRYPTO_LIB) .EQS. "" THEN LIBRARY/CREATE/OBJECT 'CRYPTO_LIB'
-$!
-$! Specify the destination directory in any /MAP option.
-$!
-$ if (LINKMAP .eqs. "MAP")
-$ then
-$   LINKMAP = LINKMAP+ "=''EXE_DIR'"
-$ endif
-$!
-$! Add the location prefix to the linker options file name.
-$!
-$ if (OPT_FILE .nes. "")
-$ then
-$   OPT_FILE = EXE_DIR+ OPT_FILE
-$ endif
-$!
-$! Initialise.
-$!
-$ GOSUB INITIALISE
-$ GOSUB CHECK_OPT_FILE
-$!
-$! Define what goes into each engine.  VAX includes a transfer vector.
-$!
-$ ENGINE_ = ""
-$ TV_OBJ = ""
-$ IF ARCH .EQS. "VAX"
-$ THEN
-$   ENGINE_ = "engine_vector.mar"
-$   TV_OBJ_NAME = OBJ_DIR + F$PARSE(ENGINE_,,,"NAME","SYNTAX_ONLY") + ".OBJ"
-$   TV_OBJ = ",''TV_OBJ_NAME'"
-$ ENDIF
-$ ENGINE_4758CCA = "e_4758cca"
-$ ENGINE_aep = "e_aep"
-$ ENGINE_atalla = "e_atalla"
-$ ENGINE_cswift = "e_cswift"
-$ ENGINE_chil = "e_chil"
-$ ENGINE_nuron = "e_nuron"
-$ ENGINE_sureware = "e_sureware"
-$ ENGINE_ubsec = "e_ubsec"
-$ ENGINE_padlock = "e_padlock"
-$
-$ ENGINE_ccgost_SUBDIR = "ccgost"
-$ ENGINE_ccgost = "e_gost_err,gost2001_keyx,gost2001,gost89,gost94_keyx,"+ -
-                  "gost_ameth,gost_asn1,gost_crypt,gost_ctl,gost_eng,"+ -
-                  "gosthash,gost_keywrap,gost_md,gost_params,gost_pmeth,"+ -
-                  "gost_sign"
-$!
-$! Define which programs need to be linked with a TCP/IP library
-$!
-$ TCPIP_ENGINES = ",,"
-$ IF COMPILER .EQS. "VAXC" THEN -
-     TCPIP_ENGINES = ",,"
-$!
-$! Set up two loops, one that keeps track of the engines,
-$! and one that keeps track of all the files going into
-$! the current engine.
-$!
-$! Here's the start of the engine loop.
-$!
-$ ENGINE_COUNTER = 0
-$ ENGINE_NEXT:
-$!
-$! Extract the current engine name, and if we've reached the end, stop
-$!
-$ ENGINE_NAME = F$ELEMENT(ENGINE_COUNTER,",",ENGINES)
-$ IF (ENGINE_NAME.EQS.",") THEN GOTO ENGINE_DONE
-$!
-$ ENGINE_COUNTER = ENGINE_COUNTER + 1
-$!
-$! Set up the engine library names.
-$!
-$ LIB_ENGINE = "ENGINE_" + ENGINE_NAME
-$!
-$! Check if the library module name actually is defined
-$!
-$ IF F$TYPE('LIB_ENGINE') .EQS. ""
-$ THEN
-$   WRITE SYS$ERROR ""
-$   WRITE SYS$ERROR "The module ",ENGINE_NAME," does not exist.  Continuing..."
-$   WRITE SYS$ERROR ""
-$   GOTO ENGINE_NEXT
-$ ENDIF
-$!
-$! Talk to the user
-$!
-$ IF ENGINE_NAME .NES. ""
-$ THEN
-$   WRITE SYS$OUTPUT "Compiling The ",ENGINE_NAME," Library Files. (",BUILDALL,")"
-$ ELSE
-$   WRITE SYS$OUTPUT "Compiling Support Files. (",BUILDALL,")"
-$ ENDIF
-$!
-$! Create a .OPT file for the object files (for a real engine name).
-$!
-$ IF ENGINE_NAME .NES. ""
-$ THEN
-$   OPEN /WRITE OBJECTS 'EXE_DIR''ENGINE_NAME'.OPT
-$ ENDIF
-$!
-$! Here's the start of per-engine module loop.
-$!
-$ FILE_COUNTER = 0
-$ FILE_NEXT:
-$!
-$! Extract the file name from the file list, and if we've reached the end, stop
-$!
-$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",'LIB_ENGINE')
-$ IF (FILE_NAME.EQS.",") THEN GOTO FILE_DONE
-$!
-$ FILE_COUNTER = FILE_COUNTER + 1
-$!
-$ IF FILE_NAME .EQS. "" THEN GOTO FILE_NEXT
-$!
-$! Set up the source and object reference
-$!
-$ IF F$TYPE('LIB_ENGINE'_SUBDIR) .EQS. ""
-$ THEN
-$     SOURCE_FILE = F$PARSE(FILE_NAME,"SYS$DISK:[].C",,,"SYNTAX_ONLY")
-$ ELSE
-$     SOURCE_FILE = F$PARSE(FILE_NAME,"SYS$DISK:[."+'LIB_ENGINE'_SUBDIR+"].C",,,"SYNTAX_ONLY")
-$ ENDIF
-$ OBJECT_FILE = OBJ_DIR + F$PARSE(FILE_NAME,,,"NAME","SYNTAX_ONLY") + ".OBJ"
-$!
-$! If we get some problem, we just go on trying to build the next module.
-$ ON WARNING THEN GOTO FILE_NEXT
-$!
-$! Check if the module we want to compile is actually there.
-$!
-$ IF F$SEARCH(SOURCE_FILE) .EQS. ""
-$ THEN
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Doesn't Exist."
-$   WRITE SYS$OUTPUT ""
-$   GOTO EXIT
-$ ENDIF
-$!
-$! Talk to the user.
-$!
-$ WRITE SYS$OUTPUT "    ",FILE_NAME,""
-$!
-$! Do the dirty work.
-$!
-$ ON ERROR THEN GOTO FILE_NEXT
-$ IF F$EDIT(F$PARSE(SOURCE_FILE,,,"TYPE","SYNTAX_ONLY"),"UPCASE") .EQS. ".MAR"
-$ THEN
-$   MACRO/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
-$ ELSE
-$   CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
-$ ENDIF
-$!
-$! Write the entry to the .OPT file (for a real engine name).
-$!
-$ IF ENGINE_NAME .NES. ""
-$ THEN
-$   WRITE OBJECTS OBJECT_FILE
-$ ENDIF
-$!
-$! Next file
-$!
-$ GOTO FILE_NEXT
-$!
-$ FILE_DONE:
-$!
-$! Do not link the support files.
-$!
-$ IF ENGINE_NAME .EQS. "" THEN GOTO ENGINE_NEXT
-$!
-$! Close the linker options file (for a real engine name).
-$!
-$ CLOSE OBJECTS
-$!
-$! Now, there are two ways to handle this.  We can either build 
-$! shareable images or stick the engine object file into libcrypto.
-$! For now, the latter is NOT supported.
-$!
-$!!!!! LIBRARY/REPLACE 'CRYPTO_LIB' 'OBJECT_FILE'
-$!
-$! For shareable libraries, we need to do things a little differently
-$! depending on if we link with a TCP/IP library or not.
-$!
-$ ENGINE_OPT := SYS$DISK:[]'ARCH'.OPT
-$ LINK /'DEBUGGER' /'LINKMAP' /'TRACEBACK' /SHARE='EXE_DIR''ENGINE_NAME'.EXE -
-   'EXE_DIR''ENGINE_NAME'.OPT /OPTIONS -
-   'TV_OBJ', -
-   'CRYPTO_LIB' /LIBRARY, -
-   'ENGINE_OPT' /OPTIONS -
-   'TCPIP_LIB' -
-   'ZLIB_LIB' -
-   ,'OPT_FILE' /OPTIONS
-$!
-$! Next engine
-$!
-$ GOTO ENGINE_NEXT
-$!
-$ ENGINE_DONE:
-$!
-$! Talk to the user
-$!
-$ WRITE SYS$OUTPUT "All Done..."
-$ EXIT:
-$ GOSUB CLEANUP
-$ EXIT
-$!
-$! Check For The Link Option FIle.
-$!
-$ CHECK_OPT_FILE:
-$!
-$! Check To See If We Need To Make A VAX C Option File.
-$!
-$ IF (COMPILER.EQS."VAXC")
-$ THEN
-$!
-$!  Check To See If We Already Have A VAX C Linker Option File.
-$!
-$   IF (F$SEARCH(OPT_FILE).EQS."")
-$   THEN
-$!
-$!    We Need A VAX C Linker Option File.
-$!
-$     CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File To Link Against 
-! The Sharable VAX C Runtime Library.
-!
-SYS$SHARE:VAXCRTL.EXE/SHARE
-$EOD
-$!
-$!  End The Option File Check.
-$!
-$   ENDIF
-$!
-$! End The VAXC Check.
-$!
-$ ENDIF
-$!
-$! Check To See If We Need A GNU C Option File.
-$!
-$ IF (COMPILER.EQS."GNUC")
-$ THEN
-$!
-$!  Check To See If We Already Have A GNU C Linker Option File.
-$!
-$   IF (F$SEARCH(OPT_FILE).EQS."")
-$   THEN
-$!
-$!    We Need A GNU C Linker Option File.
-$!
-$     CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File To Link Against 
-! The Sharable C Runtime Library.
-!
-GNU_CC:[000000]GCCLIB/LIBRARY
-SYS$SHARE:VAXCRTL/SHARE
-$EOD
-$!
-$!  End The Option File Check.
-$!
-$   ENDIF
-$!
-$! End The GNU C Check.
-$!
-$ ENDIF
-$!
-$! Check To See If We Need A DEC C Option File.
-$!
-$ IF (COMPILER.EQS."DECC")
-$ THEN
-$!
-$!  Check To See If We Already Have A DEC C Linker Option File.
-$!
-$   IF (F$SEARCH(OPT_FILE).EQS."")
-$   THEN
-$!
-$!    Figure Out If We Need A non-VAX Or A VAX Linker Option File.
-$!
-$     IF ARCH .EQS. "VAX"
-$     THEN
-$!
-$!      We Need A DEC C Linker Option File For VAX.
-$!
-$       CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File To Link Against 
-! The Sharable DEC C Runtime Library.
-!
-SYS$SHARE:DECC$SHR.EXE/SHARE
-$EOD
-$!
-$!    Else...
-$!
-$     ELSE
-$!
-$!      Create The non-VAX Linker Option File.
-$!
-$       CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File For non-VAX To Link Against 
-! The Sharable C Runtime Library.
-!
-SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
-SYS$SHARE:CMA$OPEN_RTL/SHARE
-$EOD
-$!
-$!    End The DEC C Option File Check.
-$!
-$     ENDIF
-$!
-$!  End The Option File Search.
-$!
-$   ENDIF
-$!
-$! End The DEC C Check.
-$!
-$ ENDIF
-$!
-$!  Tell The User What Linker Option File We Are Using.
-$!
-$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"."     
-$!
-$! Time To RETURN.
-$!
-$ RETURN
-$!
-$! Check The User's Options.
-$!
-$ CHECK_OPTIONS:
-$!
-$! Check To See If OPT_PHASE Is Blank.
-$!
-$ IF (OPT_PHASE.EQS."ALL")
-$ THEN
-$!
-$!   OPT_PHASE Is Blank, So Build Everything.
-$!
-$    BUILDALL = "ALL"
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$!  Else, Check To See If OPT_PHASE Has A Valid Argument.
-$!
-$   IF ("," + ACCEPT_PHASE + ",") - ("," + OPT_PHASE + ",") -
-       .NES. ("," + ACCEPT_PHASE + ",")
-$   THEN
-$!
-$!    A Valid Argument.
-$!
-$     BUILDALL = OPT_PHASE
-$!
-$!  Else...
-$!
-$   ELSE
-$!
-$!    Tell The User We Don't Know What They Want.
-$!
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "The option ",OPT_PHASE," is invalid.  The valid options are:"
-$     WRITE SYS$OUTPUT ""
-$     IF ("," + ACCEPT_PHASE + ",") - ",ALL," -
-        .NES. ("," + ACCEPT_PHASE + ",") THEN -
-        WRITE SYS$OUTPUT "    ALL      :  just build everything."
-$     IF ("," + ACCEPT_PHASE + ",") - ",ENGINES," -
-        .NES. ("," + ACCEPT_PHASE + ",") THEN -
-        WRITE SYS$OUTPUT "    ENGINES  :  to compile just the [.xxx.EXE.ENGINES]*.EXE hareable images."
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT " where 'xxx' stands for:"
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "    ALPHA[64]:  Alpha architecture."
-$     WRITE SYS$OUTPUT "    IA64[64] :  IA64 architecture."
-$     WRITE SYS$OUTPUT "    VAX      :  VAX architecture."
-$     WRITE SYS$OUTPUT ""
-$!
-$!    Time To EXIT.
-$!
-$     EXIT
-$!
-$!  End The Valid Argument Check.
-$!
-$   ENDIF
-$!
-$! End The OPT_PHASE Check.
-$!
-$ ENDIF
-$!
-$! Check To See If OPT_DEBUG Is Blank.
-$!
-$ IF (OPT_DEBUG.EQS."NODEBUG")
-$ THEN
-$!
-$!  OPT_DEBUG Is NODEBUG, So Compile Without The Debugger Information.
-$!
-$   DEBUGGER = "NODEBUG"
-$   LINKMAP = "NOMAP"
-$   TRACEBACK = "NOTRACEBACK" 
-$   GCC_OPTIMIZE = "OPTIMIZE"
-$   CC_OPTIMIZE = "OPTIMIZE"
-$   MACRO_OPTIMIZE = "OPTIMIZE"
-$   WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
-$   WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
-$ ELSE
-$!
-$!  Check To See If We Are To Compile With Debugger Information.
-$!
-$   IF (OPT_DEBUG.EQS."DEBUG")
-$   THEN
-$!
-$!    Compile With Debugger Information.
-$!
-$     DEBUGGER = "DEBUG"
-$     LINKMAP = "MAP"
-$     TRACEBACK = "TRACEBACK"
-$     GCC_OPTIMIZE = "NOOPTIMIZE"
-$     CC_OPTIMIZE = "NOOPTIMIZE"
-$     MACRO_OPTIMIZE = "NOOPTIMIZE"
-$     WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile."
-$     WRITE SYS$OUTPUT "Compiling Without Compiler Optimization."
-$   ELSE 
-$!
-$!    They Entered An Invalid Option.
-$!
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "The Option ",OPT_DEBUG," Is Invalid.  The Valid Options Are:"
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "     DEBUG   :  Compile With The Debugger Information."
-$     WRITE SYS$OUTPUT "     NODEBUG :  Compile Without The Debugger Information."
-$     WRITE SYS$OUTPUT ""
-$!
-$!    Time To EXIT.
-$!
-$     EXIT
-$!
-$!  End The Valid Argument Check.
-$!
-$   ENDIF
-$!
-$! End The OPT_DEBUG Check.
-$!
-$ ENDIF
-$!
-$! Special Threads For OpenVMS v7.1 Or Later
-$!
-$! Written By:  Richard Levitte
-$!              richard@levitte.org
-$!
-$!
-$! Check To See If We Have A Option For OPT_SPECIAL_THREADS.
-$!
-$ IF (OPT_SPECIAL_THREADS.EQS."")
-$ THEN
-$!
-$!  Get The Version Of VMS We Are Using.
-$!
-$   ISSEVEN :=
-$   TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION")))
-$   TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP))
-$!
-$!  Check To See If The VMS Version Is v7.1 Or Later.
-$!
-$   IF (TMP.GE.71)
-$   THEN
-$!
-$!    We Have OpenVMS v7.1 Or Later, So Use The Special Threads.
-$!
-$     ISSEVEN := ,PTHREAD_USE_D4
-$!
-$!  End The VMS Version Check.
-$!
-$   ENDIF
-$!
-$! End The OPT_SPECIAL_THREADS Check.
-$!
-$ ENDIF
-$!
-$! Check OPT_POINTER_SIZE (P7).
-$!
-$ IF (OPT_POINTER_SIZE .NES. "") .AND. (ARCH .NES. "VAX")
-$ THEN
-$!
-$   IF (OPT_POINTER_SIZE .EQS. "32")
-$   THEN
-$     POINTER_SIZE = " /POINTER_SIZE=32"
-$   ELSE
-$     POINTER_SIZE = F$EDIT( OPT_POINTER_SIZE, "COLLAPSE, UPCASE")
-$     IF ((POINTER_SIZE .EQS. "64") .OR. -
-       (POINTER_SIZE .EQS. "64=") .OR. -
-       (POINTER_SIZE .EQS. "64=ARGV"))
-$     THEN
-$       ARCHD = ARCH+ "_64"
-$       LIB32 = ""
-$       POINTER_SIZE = " /POINTER_SIZE=64"
-$     ELSE
-$!
-$!      Tell The User Entered An Invalid Option.
-$!
-$       WRITE SYS$OUTPUT ""
-$       WRITE SYS$OUTPUT "The Option ", OPT_POINTER_SIZE, -
-         " Is Invalid.  The Valid Options Are:"
-$       WRITE SYS$OUTPUT ""
-$       WRITE SYS$OUTPUT -
-         "    """"       :  Compile with default (short) pointers."
-$       WRITE SYS$OUTPUT -
-         "    32       :  Compile with 32-bit (short) pointers."
-$       WRITE SYS$OUTPUT -
-         "    64       :  Compile with 64-bit (long) pointers (auto ARGV)."
-$       WRITE SYS$OUTPUT -
-         "    64=      :  Compile with 64-bit (long) pointers (no ARGV)."
-$       WRITE SYS$OUTPUT -
-         "    64=ARGV  :  Compile with 64-bit (long) pointers (ARGV)."
-$       WRITE SYS$OUTPUT ""
-$! 
-$!      Time To EXIT.
-$!
-$       EXIT
-$!
-$     ENDIF
-$!
-$   ENDIF
-$!
-$! End The OPT_POINTER_SIZE Check.
-$!
-$ ENDIF
-$!
-$! Set basic C compiler /INCLUDE directories.
-$!
-$ CC_INCLUDES = "SYS$DISK:[],SYS$DISK:[.VENDOR_DEFNS]"
-$!
-$! Check To See If OPT_COMPILER Is Blank.
-$!
-$ IF (OPT_COMPILER.EQS."")
-$ THEN
-$!
-$!  O.K., The User Didn't Specify A Compiler, Let's Try To
-$!  Find Out Which One To Use.
-$!
-$!  Check To See If We Have GNU C.
-$!
-$   IF (F$TRNLNM("GNU_CC").NES."")
-$   THEN
-$!
-$!    Looks Like GNUC, Set To Use GNUC.
-$!
-$     OPT_COMPILER = "GNUC"
-$!
-$!  Else...
-$!
-$   ELSE
-$!
-$!    Check To See If We Have VAXC Or DECC.
-$!
-$     IF (ARCH.NES."VAX").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
-$     THEN 
-$!
-$!      Looks Like DECC, Set To Use DECC.
-$!
-$       OPT_COMPILER = "DECC"
-$!
-$!    Else...
-$!
-$     ELSE
-$!
-$!      Looks Like VAXC, Set To Use VAXC.
-$!
-$       OPT_COMPILER = "VAXC"
-$!
-$!    End The VAXC Compiler Check.
-$!
-$     ENDIF
-$!
-$!  End The DECC & VAXC Compiler Check.
-$!
-$   ENDIF
-$!
-$!  End The Compiler Check.
-$!
-$ ENDIF
-$!
-$! Check To See If We Have A Option For OPT_TCPIP_LIB.
-$!
-$ IF (OPT_TCPIP_LIB.EQS."")
-$ THEN
-$!
-$!  Find out what socket library we have available
-$!
-$   IF F$PARSE("SOCKETSHR:") .NES. ""
-$   THEN
-$!
-$!    We have SOCKETSHR, and it is my opinion that it's the best to use.
-$!
-$     OPT_TCPIP_LIB = "SOCKETSHR"
-$!
-$!    Tell the user
-$!
-$     WRITE SYS$OUTPUT "Using SOCKETSHR for TCP/IP"
-$!
-$!    Else, let's look for something else
-$!
-$   ELSE
-$!
-$!    Like UCX (the reason to do this before Multinet is that the UCX
-$!    emulation is easier to use...)
-$!
-$     IF F$TRNLNM("UCX$IPC_SHR") .NES. "" -
-         .OR. F$PARSE("SYS$SHARE:UCX$IPC_SHR.EXE") .NES. "" -
-         .OR. F$PARSE("SYS$LIBRARY:UCX$IPC.OLB") .NES. ""
-$     THEN
-$!
-$!      Last resort: a UCX or UCX-compatible library
-$!
-$       OPT_TCPIP_LIB = "UCX"
-$!
-$!      Tell the user
-$!
-$       WRITE SYS$OUTPUT "Using UCX or an emulation thereof for TCP/IP"
-$!
-$!      That was all...
-$!
-$     ENDIF
-$   ENDIF
-$ ENDIF
-$!
-$! Set Up Initial CC Definitions, Possibly With User Ones
-$!
-$ CCDEFS = "TCPIP_TYPE_''OPT_TCPIP_LIB',DSO_VMS"
-$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
-$ CCEXTRAFLAGS = ""
-$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = "" !!! "LONGLONGTYPE,LONGLONGSUFX"
-$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
-        CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
-$!
-$! Check To See If We Have A ZLIB Option.
-$!
-$ IF (ZLIB .NES. "")
-$ THEN
-$!
-$!  Check for expected ZLIB files.
-$!
-$   err = 0
-$   file1 = f$parse( "zlib.h", ZLIB, , , "SYNTAX_ONLY")
-$   if (f$search( file1) .eqs. "")
-$   then
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid."
-$     WRITE SYS$OUTPUT "    Can't find header: ''file1'"
-$     err = 1
-$   endif
-$   file1 = f$parse( "A.;", ZLIB)- "A.;"
-$!
-$   file2 = f$parse( ZLIB, "libz.olb", , , "SYNTAX_ONLY")
-$   if (f$search( file2) .eqs. "")
-$   then
-$     if (err .eq. 0)
-$     then
-$       WRITE SYS$OUTPUT ""
-$       WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid."
-$     endif
-$     WRITE SYS$OUTPUT "    Can't find library: ''file2'"
-$     WRITE SYS$OUTPUT ""
-$     err = err+ 2
-$   endif
-$   if (err .eq. 1)
-$   then
-$     WRITE SYS$OUTPUT ""
-$   endif
-$!
-$   if (err .ne. 0)
-$   then
-$     EXIT
-$   endif
-$!
-$   CCDEFS = """ZLIB=1"", "+ CCDEFS
-$   CC_INCLUDES = CC_INCLUDES+ ", "+ file1
-$   ZLIB_LIB = ", ''file2' /library"
-$!
-$!  Print info
-$!
-$   WRITE SYS$OUTPUT "ZLIB library spec: ", file2
-$!
-$! End The ZLIB Check.
-$!
-$ ENDIF
-$!
-$!  Check To See If The User Entered A Valid Parameter.
-$!
-$ IF (OPT_COMPILER.EQS."VAXC").OR.(OPT_COMPILER.EQS."DECC").OR.(OPT_COMPILER.EQS."GNUC")
-$ THEN
-$!
-$!    Check To See If The User Wanted DECC.
-$!
-$   IF (OPT_COMPILER.EQS."DECC")
-$   THEN
-$!
-$!    Looks Like DECC, Set To Use DECC.
-$!
-$     COMPILER = "DECC"
-$!
-$!    Tell The User We Are Using DECC.
-$!
-$     WRITE SYS$OUTPUT "Using DECC 'C' Compiler."
-$!
-$!    Use DECC...
-$!
-$     CC = "CC"
-$     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
-         THEN CC = "CC/DECC"
-$     CC = CC + " /''CC_OPTIMIZE' /''DEBUGGER' /STANDARD=RELAXED"+ -
-       "''POINTER_SIZE' /NOLIST /PREFIX=ALL" + -
-       " /INCLUDE=(''CC_INCLUDES') " + -
-       CCEXTRAFLAGS
-$!
-$!    Define The Linker Options File Name.
-$!
-$     OPT_FILE = "VAX_DECC_OPTIONS.OPT"
-$!
-$!  End DECC Check.
-$!
-$   ENDIF
-$!
-$!  Check To See If We Are To Use VAXC.
-$!
-$   IF (OPT_COMPILER.EQS."VAXC")
-$   THEN
-$!
-$!    Looks Like VAXC, Set To Use VAXC.
-$!
-$     COMPILER = "VAXC"
-$!
-$!    Tell The User We Are Using VAX C.
-$!
-$     WRITE SYS$OUTPUT "Using VAXC 'C' Compiler."
-$!
-$!    Compile Using VAXC.
-$!
-$     CC = "CC"
-$     IF ARCH.NES."VAX"
-$     THEN
-$       WRITE SYS$OUTPUT "There is no VAX C on Alpha!"
-$       EXIT
-$     ENDIF
-$     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
-$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-           "/INCLUDE=(''CC_INCLUDES')" + -
-           CCEXTRAFLAGS
-$     CCDEFS = """VAXC""," + CCDEFS
-$!
-$!    Define <sys> As SYS$COMMON:[SYSLIB]
-$!
-$     DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
-$!
-$!    Define The Linker Options File Name.
-$!
-$     OPT_FILE = "VAX_VAXC_OPTIONS.OPT"
-$!
-$!  End VAXC Check
-$!
-$   ENDIF
-$!
-$!  Check To See If We Are To Use GNU C.
-$!
-$   IF (OPT_COMPILER.EQS."GNUC")
-$   THEN
-$!
-$!    Looks Like GNUC, Set To Use GNUC.
-$!
-$     COMPILER = "GNUC"
-$!
-$!    Tell The User We Are Using GNUC.
-$!
-$     WRITE SYS$OUTPUT "Using GNU 'C' Compiler."
-$!
-$!    Use GNU C...
-$!
-$     CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-           "/INCLUDE=(''CC_INCLUDES')" + -
-           CCEXTRAFLAGS
-$!
-$!    Define The Linker Options File Name.
-$!
-$     OPT_FILE = "VAX_GNUC_OPTIONS.OPT"
-$!
-$!  End The GNU C Check.
-$!
-$   ENDIF
-$!
-$!  Set up default defines
-$!
-$   CCDEFS = """FLAT_INC=1""," + CCDEFS
-$!
-$!  Finish up the definition of CC.
-$!
-$   IF COMPILER .EQS. "DECC"
-$   THEN
-$     IF CCDISABLEWARNINGS .NES. ""
-$     THEN
-$       CCDISABLEWARNINGS = " /WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
-$     ENDIF
-$   ELSE
-$     CCDISABLEWARNINGS = ""
-$   ENDIF
-$   CC = CC + " /DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
-$!
-$!  Show user the result
-$!
-$   WRITE/SYMBOL SYS$OUTPUT "Main C Compiling Command: ",CC
-$!
-$!  Else The User Entered An Invalid Argument.
-$!
-$ ELSE
-$!
-$!  Tell The User We Don't Know What They Want.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The Option ",OPT_COMPILER," Is Invalid.  The Valid Options Are:"
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "    VAXC  :  To Compile With VAX C."
-$   WRITE SYS$OUTPUT "    DECC  :  To Compile With DEC C."
-$   WRITE SYS$OUTPUT "    GNUC  :  To Compile With GNU C."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Time To EXIT.
-$!
-$   EXIT
-$!
-$! End The Valid Argument Check.
-$!
-$ ENDIF
-$!
-$! Build a MACRO command for the architecture at hand
-$!
-$ IF ARCH .EQS. "VAX"
-$ THEN
-$   MACRO = "MACRO/''DEBUGGER'"
-$ ELSE
-$   MACRO = "MACRO/MIGRATION/''DEBUGGER'/''MACRO_OPTIMIZE'"
-$ ENDIF
-$!
-$!  Show user the result
-$!
-$ WRITE/SYMBOL SYS$OUTPUT "Main MACRO Compiling Command: ",MACRO
-$!
-$! Time to check the contents, and to make sure we get the correct library.
-$!
-$ IF OPT_TCPIP_LIB.EQS."SOCKETSHR" .OR. OPT_TCPIP_LIB.EQS."MULTINET" -
-     .OR. OPT_TCPIP_LIB.EQS."UCX" .OR. OPT_TCPIP_LIB.EQS."TCPIP" -
-     .OR. OPT_TCPIP_LIB.EQS."NONE"
-$ THEN
-$!
-$!  Check to see if SOCKETSHR was chosen
-$!
-$   IF OPT_TCPIP_LIB.EQS."SOCKETSHR"
-$   THEN
-$!
-$!    Set the library to use SOCKETSHR
-$!
-$     TCPIP_LIB = ",SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT /OPTIONS"
-$!
-$!    Done with SOCKETSHR
-$!
-$   ENDIF
-$!
-$!  Check to see if MULTINET was chosen
-$!
-$   IF OPT_TCPIP_LIB.EQS."MULTINET"
-$   THEN
-$!
-$!    Set the library to use UCX emulation.
-$!
-$     OPT_TCPIP_LIB = "UCX"
-$!
-$!    Done with MULTINET
-$!
-$   ENDIF
-$!
-$!  Check to see if UCX was chosen
-$!
-$   IF OPT_TCPIP_LIB.EQS."UCX"
-$   THEN
-$!
-$!    Set the library to use UCX.
-$!
-$     TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT /OPTIONS"
-$     IF F$TRNLNM("UCX$IPC_SHR") .NES. ""
-$     THEN
-$       TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT /OPTIONS"
-$     ELSE
-$       IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN -
-          TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT /OPTIONS"
-$     ENDIF
-$!
-$!    Done with UCX
-$!
-$   ENDIF
-$!
-$!  Check to see if TCPIP was chosen
-$!
-$   IF OPT_TCPIP_LIB.EQS."TCPIP"
-$   THEN
-$!
-$!    Set the library to use TCPIP (post UCX).
-$!
-$     TCPIP_LIB = ",SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT /OPTIONS"
-$!
-$!    Done with TCPIP
-$!
-$   ENDIF
-$!
-$!  Check to see if NONE was chosen
-$!
-$   IF OPT_TCPIP_LIB.EQS."NONE"
-$   THEN
-$!
-$!    Do not use a TCPIP library.
-$!
-$     TCPIP_LIB = ""
-$!
-$!    Done with TCPIP
-$!
-$   ENDIF
-$!
-$!  Print info
-$!
-$   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB- ","
-$!
-$!  Else The User Entered An Invalid Argument.
-$!
-$ ELSE
-$!
-$!  Tell The User We Don't Know What They Want.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The Option ",OPT_TCPIP_LIB," Is Invalid.  The Valid Options Are:"
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "    SOCKETSHR  :  To link with SOCKETSHR TCP/IP library."
-$   WRITE SYS$OUTPUT "    UCX        :  To link with UCX TCP/IP library."
-$   WRITE SYS$OUTPUT "    TCPIP      :  To link with TCPIP (post UCX) TCP/IP library."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Time To EXIT.
-$!
-$   EXIT
-$!
-$!  Done with TCP/IP libraries
-$!
-$ ENDIF
-$!
-$!  Time To RETURN...
-$!
-$ RETURN
-$!
-$ INITIALISE:
-$!
-$! Save old value of the logical name OPENSSL
-$!
-$ __SAVE_OPENSSL = F$TRNLNM("OPENSSL","LNM$PROCESS_TABLE")
-$!
-$! Save directory information
-$!
-$ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A.;"
-$ __HERE = F$EDIT(__HERE,"UPCASE")
-$ __TOP = __HERE - "ENGINES]"
-$ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
-$!
-$! Set up the logical name OPENSSL to point at the include directory
-$!
-$ DEFINE OPENSSL /NOLOG '__INCLUDE'
-$!
-$! Done
-$!
-$ RETURN
-$!
-$ CLEANUP:
-$!
-$! Restore the saved logical name OPENSSL, if it had a value.
-$!
-$ if (f$type( __SAVE_OPENSSL) .nes. "")
-$ then
-$   IF __SAVE_OPENSSL .EQS. ""
-$   THEN
-$     DEASSIGN OPENSSL
-$   ELSE
-$     DEFINE /NOLOG OPENSSL '__SAVE_OPENSSL'
-$   ENDIF
-$ endif
-$!
-$! Close any open files.
-$!
-$ if (f$trnlnm( "objects", "LNM$PROCESS", 0, "SUPERVISOR") .nes. "") then -
-   close objects
-$!
-$! Done
-$!
-$ RETURN
-$!
diff --git a/src/lib/libssl/src/engines/vendor_defns/hwcryptohook.h b/src/lib/libssl/src/engines/vendor_defns/hwcryptohook.h
index e62d1fb066..3e8dc7e2eb 100644
--- a/src/lib/libssl/src/engines/vendor_defns/hwcryptohook.h
+++ b/src/lib/libssl/src/engines/vendor_defns/hwcryptohook.h
@@ -65,7 +65,7 @@
  * please contact nCipher.
  *
  *
- * $Id: hwcryptohook.h,v 1.2 2010/10/01 22:58:58 djm Exp $
+ * $Id: hwcryptohook.h,v 1.3 2014/04/13 15:25:34 miod Exp $
  */
 
 #ifndef HWCRYPTOHOOK_H
diff --git a/src/lib/libssl/src/install.com b/src/lib/libssl/src/install.com
deleted file mode 100644
index 6a0ea2d4de..0000000000
--- a/src/lib/libssl/src/install.com
+++ /dev/null
@@ -1,136 +0,0 @@
-$! INSTALL.COM -- Installs the files in a given directory tree
-$!
-$! Author: Richard Levitte <richard@levitte.org>
-$! Time of creation: 22-MAY-1998 10:13
-$!
-$! P1  root of the directory tree
-$! P2  "64" for 64-bit pointers.
-$!
-$!
-$! Announce/identify.
-$!
-$ proc = f$environment( "procedure")
-$ write sys$output "@@@ "+ -
-   f$parse( proc, , , "name")+ f$parse( proc, , , "type")
-$!
-$ def_orig = f$environment( "default")
-$ on error then goto tidy
-$ on control_c then goto tidy
-$!
-$ if (p1 .eqs. "")
-$ then
-$   write sys$output "First argument missing."
-$   write sys$output -
-     "It should be the directory where you want things installed."
-$   exit
-$ endif
-$!
-$ if (f$getsyi("cpu") .lt. 128)
-$ then
-$   arch = "VAX"
-$ else
-$   arch = f$edit( f$getsyi( "arch_name"), "upcase")
-$   if (arch .eqs. "") then arch = "UNK"
-$ endif
-$!
-$ archd = arch
-$!
-$ if (p2 .nes. "")
-$ then
-$   if (p2 .eqs. "64")
-$   then
-$     archd = arch+ "_64"
-$   else
-$     if (p2 .nes. "32")
-$     then
-$       write sys$output "Second argument invalid."
-$       write sys$output "It should be "32", "64", or nothing."
-$       exit
-$     endif
-$   endif
-$ endif
-$!
-$ root = f$parse( p1, "[]A.;0", , , "syntax_only, no_conceal") - "A.;0"
-$ root_dev = f$parse( root, , , "device", "syntax_only")
-$ root_dir = f$parse( root, , , "directory", "syntax_only") -
-                   - ".][000000" - "[000000." - "][" - "[" - "]"
-$ root = root_dev + "[" + root_dir
-$!
-$ define /nolog wrk_sslroot 'root'.] /trans=conc
-$ define /nolog wrk_sslcerts wrk_sslroot:[certs]
-$ define /nolog wrk_sslinclude wrk_sslroot:[include]
-$ define /nolog wrk_ssllib wrk_sslroot:[lib]
-$ define /nolog wrk_sslprivate wrk_sslroot:[private]
-$ define /nolog wrk_sslxexe wrk_sslroot:['archd'_exe]
-$ define /nolog wrk_sslxlib wrk_sslroot:['arch'_lib]
-$!
-$! Exhibit the destination directory.
-$!
-$ write sys$output "   Installing to (WRK_SSLROOT) ="
-$ write sys$output "    ''f$trnlnm( "wrk_sslroot")'"
-$ write sys$output ""
-$!
-$ if f$parse("wrk_sslroot:[000000]") .eqs. "" then -
-   create /directory /log wrk_sslroot:[000000]
-$ if f$parse("wrk_sslxexe:") .eqs. "" then -
-   create /directory /log wrk_sslxexe:
-$ if f$parse("wrk_sslxlib:") .eqs. "" then -
-   create /directory /log wrk_sslxlib:
-$ if f$parse("wrk_ssllib:") .eqs. "" then -
-   create /directory /log wrk_ssllib:
-$ if f$parse("wrk_sslinclude:") .eqs. "" then -
-   create /directory /log wrk_sslinclude:
-$ if f$parse("wrk_sslcerts:") .eqs. "" then -
-   create /directory /log wrk_sslcerts:
-$ if f$parse("wrk_sslprivate:") .eqs. "" then -
-   create /directory /log wrk_sslprivate:
-$ if f$parse("wrk_sslroot:[VMS]") .EQS. "" THEN -
-   create /directory /log wrk_sslroot:[VMS]
-$!
-$ sdirs := CRYPTO, SSL, APPS, VMS !!!, RSAREF, TEST, TOOLS
-$ exheader := e_os2.h
-$!
-$ copy /protection = w:re 'exheader' wrk_sslinclude: /log
-$!
-$ i = 0
-$ loop_sdirs: 
-$   d = f$edit( f$element(i, ",", sdirs), "trim")
-$   i = i + 1
-$   if d .eqs. "," then goto loop_sdirs_end
-$   write sys$output "Installing ", d, " files."
-$   set default [.'d']
-$   @ install-'d'.com 'root'] 'p2'
-$   set default 'def_orig'
-$ goto loop_sdirs
-$ loop_sdirs_end:
-$!
-$ write sys$output ""
-$ write sys$output "    Installation done!"
-$ write sys$output ""
-$ if (f$search( root+ "...]*.*;-1") .nes. "")
-$ then
-$   write sys$output "  You might want to purge ", root, "...]"
-$   write sys$output ""
-$ endif
-$!
-$ tidy:
-$!
-$ set default 'def_orig'
-$!
-$ call deass wrk_sslroot
-$ call deass wrk_sslcerts
-$ call deass wrk_sslinclude
-$ call deass wrk_ssllib
-$ call deass wrk_sslprivate
-$ call deass wrk_sslxexe
-$ call deass wrk_sslxlib
-$!
-$ exit
-$!
-$ deass: subroutine
-$ if (f$trnlnm( p1, "LNM$PROCESS") .nes. "")
-$ then
-$   deassign /process 'p1'
-$ endif
-$ endsubroutine
-$!
diff --git a/src/lib/libssl/src/makevms.com b/src/lib/libssl/src/makevms.com
deleted file mode 100644
index de1dbd9058..0000000000
--- a/src/lib/libssl/src/makevms.com
+++ /dev/null
@@ -1,1543 +0,0 @@
-$!
-$! MAKEVMS.COM
-$! Original Author:  UNKNOWN
-$! Rewritten By:  Robert Byer
-$!                Vice-President
-$!                A-Com Computing, Inc.
-$!                byer@mail.all-net.net
-$!
-$! Changes by Richard Levitte <richard@levitte.org>
-$!            Zoltan Arpadffy <zoli@polarhome.com>
-$!
-$! This procedure creates the SSL libraries of "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB"
-$! "[.xxx.EXE.SSL]LIBSSL.OLB"
-$! The "xxx" denotes the machine architecture of ALPHA, IA64 or VAX.
-$!
-$! This procedures accepts two command line options listed below.
-$!
-$! P1 specifies one of the following build options:
-$!
-$!      ALL       Just build "everything".
-$!      CONFIG    Just build the "[.CRYPTO._xxx]OPENSSLCONF.H" file.
-$!      BUILDINF  Just build the "[.CRYPTO._xxx]BUILDINF.H" file.
-$!      SOFTLINKS Just fix the Unix soft links.
-$!      BUILDALL  Same as ALL, except CONFIG, BUILDINF and SOFTILNKS aren't done.
-$!      CRYPTO    Just build the "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" library.
-$!      CRYPTO/x  Just build the x part of the
-$!                "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" library.
-$!      SSL       Just build the "[.xxx.EXE.SSL]LIBSSL.OLB" library.
-$!      SSL_TASK  Just build the "[.xxx.EXE.SSL]SSL_TASK.EXE" program.
-$!      TEST      Just build the "[.xxx.EXE.TEST]" test programs for OpenSSL.
-$!      APPS      Just build the "[.xxx.EXE.APPS]" application programs for OpenSSL.
-$!      ENGINES   Just build the "[.xxx.EXE.ENGINES]" application programs for OpenSSL.
-$!
-$! P2, if defined, specifies the C pointer size.  Ignored on VAX.
-$!      ("64=ARGV" gives more efficient code with HP C V7.3 or newer.)
-$!      Supported values are:
-$!
-$!      ""       Compile with default (/NOPOINTER_SIZE).
-$!      32       Compile with /POINTER_SIZE=32 (SHORT).
-$!      64       Compile with /POINTER_SIZE=64[=ARGV] (LONG[=ARGV]).
-$!               (Automatically select ARGV if compiler supports it.)
-$!      64=      Compile with /POINTER_SIZE=64 (LONG).
-$!      64=ARGV  Compile with /POINTER_SIZE=64=ARGV (LONG=ARGV).
-$!
-$! P3 specifies DEBUG or NODEBUG, to compile with or without debugging
-$!    information.
-$!
-$! P4 specifies which compiler to try to compile under.
-$!
-$!        VAXC   For VAX C.
-$!        DECC   For DEC C.
-$!        GNUC   For GNU C.
-$!        LINK   To only link the programs from existing object files.
-$!               (not yet implemented)
-$!
-$! If you don't specify a compiler, it will try to determine which
-$! "C" compiler to use.
-$!
-$! P5, if defined, sets a TCP/IP library to use, through one of the following
-$! keywords:
-$!
-$!      UCX             for UCX or UCX emulation
-$!      TCPIP           for TCP/IP Services or TCP/IP Services emulation
-$!                      (this is prefered over UCX)
-$!      SOCKETSHR       for SOCKETSHR+NETLIB
-$!      NONE            to avoid specifying which TCP/IP implementation to
-$!                      use at build time (this works with DEC C).  This is
-$!                      the default.
-$!
-$! P6, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up).
-$!
-$! P7, if defined, specifies a directory where ZLIB files (zlib.h,
-$! libz.olb) may be found.  Optionally, a non-default object library
-$! name may be included ("dev:[dir]libz_64.olb", for example).
-$!
-$!
-$! Announce/identify.
-$!
-$ proc = f$environment( "procedure")
-$ write sys$output "@@@ "+ -
-   f$parse( proc, , , "name")+ f$parse( proc, , , "type")
-$!
-$ DEF_ORIG = F$ENVIRONMENT( "DEFAULT")
-$ ON ERROR THEN GOTO TIDY
-$ ON CONTROL_C THEN GOTO TIDY
-$!
-$! Check if we're in a batch job, and make sure we get to 
-$! the directory this script is in
-$!
-$ IF F$MODE() .EQS. "BATCH"
-$ THEN
-$   COMNAME=F$ENVIRONMENT("PROCEDURE")
-$   COMPATH=F$PARSE("A.;",COMNAME) - "A.;"
-$   SET DEF 'COMPATH'
-$ ENDIF
-$!
-$! Check What Architecture We Are Using.
-$!
-$ IF (F$GETSYI("CPU").LT.128)
-$ THEN
-$!
-$!  The Architecture Is VAX.
-$!
-$   ARCH = "VAX"
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$!  The Architecture Is Alpha, IA64 or whatever comes in the future.
-$!
-$   ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
-$   IF (ARCH .EQS. "") THEN ARCH = "UNK"
-$!
-$! End The Architecture Check.
-$!
-$ ENDIF
-$!
-$ ARCHD = ARCH
-$ LIB32 = "32"
-$ POINTER_SIZE = ""
-$!
-$! Get VMS version.
-$!
-$ VMS_VERSION = f$edit( f$getsyi( "VERSION"), "TRIM")
-$!
-$! Check To Make Sure We Have Valid Command Line Parameters.
-$!
-$ GOSUB CHECK_OPTIONS
-$!
-$! Check To See What We Are To Do.
-$!
-$ IF (BUILDCOMMAND.EQS."ALL")
-$ THEN
-$!
-$!  Start with building the OpenSSL configuration file.
-$!
-$   GOSUB CONFIG
-$!
-$!  Create The "BUILDINF.H" Include File.
-$!
-$   GOSUB BUILDINF
-$!
-$!  Fix The Unix Softlinks.
-$!
-$   GOSUB SOFTLINKS
-$!
-$ ENDIF
-$!
-$ IF (BUILDCOMMAND.EQS."ALL".OR.BUILDCOMMAND.EQS."BUILDALL")
-$ THEN
-$!
-$!  Build The [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library.
-$!
-$   GOSUB CRYPTO
-$!
-$!  Build The [.xxx.EXE.SSL]LIBSSL.OLB Library.
-$!
-$   GOSUB SSL
-$!
-$!  Build The [.xxx.EXE.SSL]SSL_TASK.EXE DECNet SSL Engine.
-$!
-$   GOSUB SSL_TASK
-$!
-$!  Build The [.xxx.EXE.TEST] OpenSSL Test Utilities.
-$!
-$   GOSUB TEST
-$!
-$!  Build The [.xxx.EXE.APPS] OpenSSL Application Utilities.
-$!
-$   GOSUB APPS
-$!
-$!  Build The [.xxx.EXE.ENGINES] OpenSSL Shareable Engines.
-$!
-$   GOSUB ENGINES
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$!    Build Just What The User Wants Us To Build.
-$!
-$     GOSUB 'BUILDCOMMAND'
-$!
-$ ENDIF
-$!
-$! Time To EXIT.
-$!
-$ GOTO TIDY
-$!
-$! Rebuild The [.CRYPTO._xxx]OPENSSLCONF.H" file.
-$!
-$ CONFIG:
-$!
-$! Tell The User We Are Creating The [.CRYPTO._xxx]OPENSSLCONF.H File.
-$!
-$ WRITE SYS$OUTPUT "Creating [.CRYPTO.''ARCHD']OPENSSLCONF.H Include File."
-$!
-$! First, make sure the directory exists.
-$!
-$ IF F$PARSE("SYS$DISK:[.CRYPTO.''ARCHD']") .EQS. "" THEN -
-     CREATE/DIRECTORY SYS$DISK:[.CRYPTO.'ARCHD']
-$!
-$! Different tar/UnZip versions/option may have named the file differently
-$ IF F$SEARCH("[.crypto]opensslconf.h_in") .NES. ""
-$ THEN
-$   OPENSSLCONF_H_IN = "[.crypto]opensslconf.h_in"
-$ ELSE
-$   IF F$SEARCH( "[.crypto]opensslconf_h.in") .NES. ""
-$   THEN
-$     OPENSSLCONF_H_IN = "[.crypto]opensslconf_h.in"
-$   ELSE
-$     ! For ODS-5
-$     IF F$SEARCH( "[.crypto]opensslconf.h.in") .NES. ""
-$     THEN
-$       OPENSSLCONF_H_IN = "[.crypto]opensslconf.h.in"
-$     ELSE
-$       WRITE SYS$ERROR "Couldn't find a [.crypto]opensslconf.h.in.  Exiting!"
-$       $STATUS = %X00018294 ! "%RMS-F-FNF, file not found".
-$       GOTO TIDY
-$     ENDIF
-$   ENDIF
-$ ENDIF
-$!
-$! Create The [.CRYPTO._xxx]OPENSSLCONF.H File.
-$! Make sure it has the right format.
-$!
-$ OSCH_NAME = "SYS$DISK:[.CRYPTO.''ARCHD']OPENSSLCONF.H"
-$ CREATE /FDL=SYS$INPUT: 'OSCH_NAME'
-RECORD
-        FORMAT stream_lf
-$ OPEN /APPEND H_FILE 'OSCH_NAME'
-$!
-$! Write The [.CRYPTO._xxx]OPENSSLCONF.H File.
-$!
-$ WRITE H_FILE "/* This file was automatically built using makevms.com */"
-$ WRITE H_FILE "/* and ''OPENSSLCONF_H_IN' */"
-$!
-$! Write a few macros that indicate how this system was built.
-$!
-$ WRITE H_FILE ""
-$ WRITE H_FILE "#ifndef OPENSSL_SYS_VMS"
-$ WRITE H_FILE "# define OPENSSL_SYS_VMS"
-$ WRITE H_FILE "#endif"
-$
-$! One of the best way to figure out what the list should be is to do
-$! the following on a Unix system:
-$!   grep OPENSSL_NO_ crypto/*/*.h ssl/*.h engines/*.h engines/*/*.h|grep ':# *if'|sed -e 's/^.*def //'|sort|uniq
-$! For that reason, the list will also always end up in alphabetical order
-$ CONFIG_LOGICALS := AES,-
-                     ASM,INLINE_ASM,-
-                     BF,-
-                     BIO,-
-                     BUFFER,-
-                     BUF_FREELISTS,-
-                     CAMELLIA,-
-                     CAST,-
-                     CMS,-
-                     COMP,-
-                     DEPRECATED,-
-                     DES,-
-                     DGRAM,-
-                     DH,-
-                     DSA,-
-                     EC,-
-                     EC2M,-
-                     ECDH,-
-                     ECDSA,-
-                     EC_NISTP_64_GCC_128,-
-                     ENGINE,-
-                     ERR,-
-                     EVP,-
-                     FP_API,-
-                     GMP,-
-                     GOST,-
-                     HASH_COMP,-
-                     HMAC,-
-                     IDEA,-
-                     JPAKE,-
-                     KRB5,-
-                     LHASH,-
-                     MD2,-
-                     MD4,-
-                     MD5,-
-                     MDC2,-
-                     OCSP,-
-                     PSK,-
-                     RC2,-
-                     RC4,-
-                     RC5,-
-                     RFC3779,-
-                     RIPEMD,-
-                     RSA,-
-                     SEED,-
-                     SHA,-
-                     SHA0,-
-                     SHA1,-
-                     SHA256,-
-                     SHA512,-
-                     SOCK,-
-                     SRP,-
-                     SSL2,-
-                     SSL_INTERN,-
-                     STACK,-
-                     STATIC_ENGINE,-
-                     STDIO,-
-                     STORE,-
-                     TLSEXT,-
-                     WHIRLPOOL,-
-                     X509
-$! Add a few that we know about
-$ CONFIG_LOGICALS := 'CONFIG_LOGICALS',-
-                     THREADS
-$! The following rules, which dictate how some algorithm choices affect
-$! others, are picked from Configure.
-$! Quick syntax:
-$!  list = item[ ; list]
-$!  item = algos / dependents
-$!  algos = algo [, algos]
-$!  dependents = dependent [, dependents]
-$! When a list of algos is specified in one item, it means that they must
-$! all be disabled for the rule to apply.
-$! When a list of dependents is specified in one item, it means that they
-$! will all be disabled if the rule applies.
-$! Rules are checked sequentially.  If a rule disables an algorithm, it will
-$! affect all following rules that depend on that algorithm being disabled.
-$! To force something to be enabled or disabled, have no algorithms in the
-$! algos part.
-$ CONFIG_DISABLE_RULES := RIJNDAEL/AES;-
-                          DES/MDC2;-
-                          EC/ECDSA,ECDH;-
-                          MD5/SSL2,SSL3,TLS1;-
-                          SHA/SSL3,TLS1;-
-                          RSA/SSL2;-
-                          RSA,DSA/SSL2;-
-                          DH/SSL3,TLS1;-
-                          TLS1/TLSEXT;-
-                          EC/GOST;-
-                          DSA/GOST;-
-                          DH/GOST;-
-                          /STATIC_ENGINE;-
-                          /KRB5;-
-                          /EC_NISTP_64_GCC_128
-$ CONFIG_ENABLE_RULES := ZLIB_DYNAMIC/ZLIB;-
-                         /THREADS
-$
-$! Architecture specific rule addtions
-$ IF ARCH .EQS. "VAX"
-$ THEN
-$   ! Disable algorithms that require 64-bit integers in C
-$   CONFIG_DISABLE_RULES = CONFIG_DISABLE_RULES + -
-                           ";/GOST" + -
-                           ";/WHIRLPOOL"
-$ ENDIF
-$
-$ CONFIG_LOG_I = 0
-$ CONFIG_LOG_LOOP1:
-$   CONFIG_LOG_E = F$EDIT(F$ELEMENT(CONFIG_LOG_I,",",CONFIG_LOGICALS),"TRIM")
-$   CONFIG_LOG_I = CONFIG_LOG_I + 1
-$   IF CONFIG_LOG_E .EQS. "" THEN GOTO CONFIG_LOG_LOOP1
-$   IF CONFIG_LOG_E .EQS. "," THEN GOTO CONFIG_LOG_LOOP1_END
-$   IF F$TRNLNM("OPENSSL_NO_"+CONFIG_LOG_E)
-$   THEN
-$       CONFIG_DISABLED_'CONFIG_LOG_E' := YES
-$       CONFIG_ENABLED_'CONFIG_LOG_E' := NO
-$       CONFIG_CHANGED_'CONFIG_LOG_E' := YES
-$   ELSE
-$       CONFIG_DISABLED_'CONFIG_LOG_E' := NO
-$       CONFIG_ENABLED_'CONFIG_LOG_E' := YES
-$       ! Because all algorithms are assumed enabled by default
-$       CONFIG_CHANGED_'CONFIG_LOG_E' := NO
-$   ENDIF
-$   GOTO CONFIG_LOG_LOOP1
-$ CONFIG_LOG_LOOP1_END:
-$
-$! Apply cascading disable rules
-$ CONFIG_DISABLE_I = 0
-$ CONFIG_DISABLE_LOOP0:
-$   CONFIG_DISABLE_E = F$EDIT(F$ELEMENT(CONFIG_DISABLE_I,";", -
-     CONFIG_DISABLE_RULES),"TRIM")
-$   CONFIG_DISABLE_I = CONFIG_DISABLE_I + 1
-$   IF CONFIG_DISABLE_E .EQS. "" THEN GOTO CONFIG_DISABLE_LOOP0
-$   IF CONFIG_DISABLE_E .EQS. ";" THEN GOTO CONFIG_DISABLE_LOOP0_END
-$
-$   CONFIG_DISABLE_ALGOS = F$EDIT(F$ELEMENT(0,"/",CONFIG_DISABLE_E),"TRIM")
-$   CONFIG_DISABLE_DEPENDENTS = F$EDIT(F$ELEMENT(1,"/",CONFIG_DISABLE_E),"TRIM")
-$   TO_DISABLE := YES
-$   CONFIG_ALGO_I = 0
-$   CONFIG_DISABLE_LOOP1:
-$     CONFIG_ALGO_E = F$EDIT(F$ELEMENT(CONFIG_ALGO_I,",", -
-       CONFIG_DISABLE_ALGOS),"TRIM")
-$     CONFIG_ALGO_I = CONFIG_ALGO_I + 1
-$     IF CONFIG_ALGO_E .EQS. "" THEN GOTO CONFIG_DISABLE_LOOP1
-$     IF CONFIG_ALGO_E .EQS. "," THEN GOTO CONFIG_DISABLE_LOOP1_END
-$     IF F$TYPE(CONFIG_DISABLED_'CONFIG_ALGO_E') .EQS. ""
-$     THEN
-$       TO_DISABLE := NO
-$     ELSE
-$       IF .NOT. CONFIG_DISABLED_'CONFIG_ALGO_E' THEN TO_DISABLE := NO
-$     ENDIF
-$     GOTO CONFIG_DISABLE_LOOP1
-$   CONFIG_DISABLE_LOOP1_END:
-$
-$   IF TO_DISABLE
-$   THEN
-$     CONFIG_DEPENDENT_I = 0
-$     CONFIG_DISABLE_LOOP2:
-$       CONFIG_DEPENDENT_E = F$EDIT(F$ELEMENT(CONFIG_DEPENDENT_I,",", -
-         CONFIG_DISABLE_DEPENDENTS),"TRIM")
-$       CONFIG_DEPENDENT_I = CONFIG_DEPENDENT_I + 1
-$       IF CONFIG_DEPENDENT_E .EQS. "" THEN GOTO CONFIG_DISABLE_LOOP2
-$       IF CONFIG_DEPENDENT_E .EQS. "," THEN GOTO CONFIG_DISABLE_LOOP2_END
-$       CONFIG_DISABLED_'CONFIG_DEPENDENT_E' := YES
-$       CONFIG_ENABLED_'CONFIG_DEPENDENT_E' := NO
-$       ! Better not to assume defaults at this point...
-$       CONFIG_CHANGED_'CONFIG_DEPENDENT_E' := YES
-$       WRITE SYS$ERROR -
-         "''CONFIG_DEPENDENT_E' disabled by rule ''CONFIG_DISABLE_E'"
-$       GOTO CONFIG_DISABLE_LOOP2
-$     CONFIG_DISABLE_LOOP2_END:
-$   ENDIF
-$   GOTO CONFIG_DISABLE_LOOP0
-$ CONFIG_DISABLE_LOOP0_END:
-$       
-$! Apply cascading enable rules
-$ CONFIG_ENABLE_I = 0
-$ CONFIG_ENABLE_LOOP0:
-$   CONFIG_ENABLE_E = F$EDIT(F$ELEMENT(CONFIG_ENABLE_I,";", -
-     CONFIG_ENABLE_RULES),"TRIM")
-$   CONFIG_ENABLE_I = CONFIG_ENABLE_I + 1
-$   IF CONFIG_ENABLE_E .EQS. "" THEN GOTO CONFIG_ENABLE_LOOP0
-$   IF CONFIG_ENABLE_E .EQS. ";" THEN GOTO CONFIG_ENABLE_LOOP0_END
-$
-$   CONFIG_ENABLE_ALGOS = F$EDIT(F$ELEMENT(0,"/",CONFIG_ENABLE_E),"TRIM")
-$   CONFIG_ENABLE_DEPENDENTS = F$EDIT(F$ELEMENT(1,"/",CONFIG_ENABLE_E),"TRIM")
-$   TO_ENABLE := YES
-$   CONFIG_ALGO_I = 0
-$   CONFIG_ENABLE_LOOP1:
-$     CONFIG_ALGO_E = F$EDIT(F$ELEMENT(CONFIG_ALGO_I,",", -
-       CONFIG_ENABLE_ALGOS),"TRIM")
-$     CONFIG_ALGO_I = CONFIG_ALGO_I + 1
-$     IF CONFIG_ALGO_E .EQS. "" THEN GOTO CONFIG_ENABLE_LOOP1
-$     IF CONFIG_ALGO_E .EQS. "," THEN GOTO CONFIG_ENABLE_LOOP1_END
-$     IF F$TYPE(CONFIG_ENABLED_'CONFIG_ALGO_E') .EQS. ""
-$     THEN
-$       TO_ENABLE := NO
-$     ELSE
-$       IF .NOT. CONFIG_ENABLED_'CONFIG_ALGO_E' THEN TO_ENABLE := NO
-$     ENDIF
-$     GOTO CONFIG_ENABLE_LOOP1
-$   CONFIG_ENABLE_LOOP1_END:
-$
-$   IF TO_ENABLE
-$   THEN
-$     CONFIG_DEPENDENT_I = 0
-$     CONFIG_ENABLE_LOOP2:
-$       CONFIG_DEPENDENT_E = F$EDIT(F$ELEMENT(CONFIG_DEPENDENT_I,",", -
-         CONFIG_ENABLE_DEPENDENTS),"TRIM")
-$       CONFIG_DEPENDENT_I = CONFIG_DEPENDENT_I + 1
-$       IF CONFIG_DEPENDENT_E .EQS. "" THEN GOTO CONFIG_ENABLE_LOOP2
-$       IF CONFIG_DEPENDENT_E .EQS. "," THEN GOTO CONFIG_ENABLE_LOOP2_END
-$       CONFIG_DISABLED_'CONFIG_DEPENDENT_E' := NO
-$       CONFIG_ENABLED_'CONFIG_DEPENDENT_E' := YES
-$       ! Better not to assume defaults at this point...
-$       CONFIG_CHANGED_'CONFIG_DEPENDENT_E' := YES
-$       WRITE SYS$ERROR -
-         "''CONFIG_DEPENDENT_E' enabled by rule ''CONFIG_ENABLE_E'"
-$       GOTO CONFIG_ENABLE_LOOP2
-$     CONFIG_ENABLE_LOOP2_END:
-$   ENDIF
-$   GOTO CONFIG_ENABLE_LOOP0
-$ CONFIG_ENABLE_LOOP0_END:
-$
-$! Write to the configuration
-$ CONFIG_LOG_I = 0
-$ CONFIG_LOG_LOOP2:
-$   CONFIG_LOG_E = F$EDIT(F$ELEMENT(CONFIG_LOG_I,",",CONFIG_LOGICALS),"TRIM")
-$   CONFIG_LOG_I = CONFIG_LOG_I + 1
-$   IF CONFIG_LOG_E .EQS. "" THEN GOTO CONFIG_LOG_LOOP2
-$   IF CONFIG_LOG_E .EQS. "," THEN GOTO CONFIG_LOG_LOOP2_END
-$   IF CONFIG_CHANGED_'CONFIG_LOG_E'
-$   THEN
-$     IF CONFIG_DISABLED_'CONFIG_LOG_E'
-$     THEN
-$       WRITE H_FILE "#ifndef OPENSSL_NO_",CONFIG_LOG_E
-$       WRITE H_FILE "# define OPENSSL_NO_",CONFIG_LOG_E
-$       WRITE H_FILE "#endif"
-$     ELSE
-$       WRITE H_FILE "#ifndef OPENSSL_",CONFIG_LOG_E
-$       WRITE H_FILE "# define OPENSSL_",CONFIG_LOG_E
-$       WRITE H_FILE "#endif"
-$     ENDIF
-$   ENDIF
-$   GOTO CONFIG_LOG_LOOP2
-$ CONFIG_LOG_LOOP2_END:
-$!
-$ WRITE H_FILE ""
-$ WRITE H_FILE "/* 2011-02-23 SMS."
-$ WRITE H_FILE " * On VMS (V8.3), setvbuf() doesn't support a 64-bit"
-$ WRITE H_FILE " * ""in"" pointer, and the help says:"
-$ WRITE H_FILE " *       Please note that the previously documented"
-$ WRITE H_FILE " *       value _IONBF is not supported."
-$ WRITE H_FILE " * So, skip it on VMS."
-$ WRITE H_FILE " */"
-$ WRITE H_FILE "#define OPENSSL_NO_SETVBUF_IONBF"
-$ WRITE H_FILE "/* STCP support comes with TCPIP 5.7 ECO 2 "
-$ WRITE H_FILE " * enable on newer systems / 2012-02-24 arpadffy */"
-$ WRITE H_FILE "#define OPENSSL_NO_SCTP"
-$ WRITE H_FILE ""
-$!
-$! Add in the common "crypto/opensslconf.h.in".
-$!
-$ TYPE 'OPENSSLCONF_H_IN' /OUTPUT=H_FILE:
-$!
-$ IF ARCH .NES. "VAX"
-$ THEN
-$!
-$!  Write the non-VAX specific data
-$!
-$   WRITE H_FILE "#if defined(HEADER_RC4_H)"
-$   WRITE H_FILE "#undef RC4_INT"
-$   WRITE H_FILE "#define RC4_INT unsigned int"
-$   WRITE H_FILE "#undef RC4_CHUNK"
-$   WRITE H_FILE "#define RC4_CHUNK unsigned long long"
-$   WRITE H_FILE "#endif"
-$!
-$   WRITE H_FILE "#if defined(HEADER_DES_LOCL_H)"
-$   WRITE H_FILE "#undef DES_LONG"
-$   WRITE H_FILE "#define DES_LONG unsigned int"
-$   WRITE H_FILE "#undef DES_PTR"
-$   WRITE H_FILE "#define DES_PTR"
-$   WRITE H_FILE "#undef DES_RISC1"
-$   WRITE H_FILE "#undef DES_RISC2"
-$   WRITE H_FILE "#define DES_RISC1"
-$   WRITE H_FILE "#undef DES_UNROLL"
-$   WRITE H_FILE "#define DES_UNROLL"
-$   WRITE H_FILE "#endif"
-$!
-$   WRITE H_FILE "#if defined(HEADER_BN_H)"
-$   WRITE H_FILE "#undef BN_LLONG"      ! Never define with SIXTY_FOUR_BIT
-$   WRITE H_FILE "#undef SIXTY_FOUR_BIT_LONG"
-$   WRITE H_FILE "#undef SIXTY_FOUR_BIT"
-$   WRITE H_FILE "#define SIXTY_FOUR_BIT"
-$   WRITE H_FILE "#undef THIRTY_TWO_BIT"
-$   WRITE H_FILE "#undef SIXTEEN_BIT"
-$   WRITE H_FILE "#undef EIGHT_BIT"
-$   WRITE H_FILE "#endif"
-$
-$   WRITE H_FILE "#undef OPENSSL_EXPORT_VAR_AS_FUNCTION"
-$!
-$!  Else...
-$!
-$ ELSE
-$!
-$!  Write the VAX specific data
-$!
-$   WRITE H_FILE "#if defined(HEADER_RC4_H)"
-$   WRITE H_FILE "#undef RC4_INT"
-$   WRITE H_FILE "#define RC4_INT unsigned char"
-$   WRITE H_FILE "#undef RC4_CHUNK"
-$   WRITE H_FILE "#define RC4_CHUNK unsigned long"
-$   WRITE H_FILE "#endif"
-$!
-$   WRITE H_FILE "#if defined(HEADER_DES_LOCL_H)"
-$   WRITE H_FILE "#undef DES_LONG"
-$   WRITE H_FILE "#define DES_LONG unsigned long"
-$   WRITE H_FILE "#undef DES_PTR"
-$   WRITE H_FILE "#define DES_PTR"
-$   WRITE H_FILE "#undef DES_RISC1"
-$   WRITE H_FILE "#undef DES_RISC2"
-$   WRITE H_FILE "#undef DES_UNROLL"
-$   WRITE H_FILE "#endif"
-$!
-$   WRITE H_FILE "#if defined(HEADER_BN_H)"
-$   WRITE H_FILE "#undef BN_LLONG"      ! VAX C/DEC C doesn't have long long
-$   WRITE H_FILE "#undef SIXTY_FOUR_BIT_LONG"
-$   WRITE H_FILE "#undef SIXTY_FOUR_BIT"
-$   WRITE H_FILE "#undef THIRTY_TWO_BIT"
-$   WRITE H_FILE "#define THIRTY_TWO_BIT"
-$   WRITE H_FILE "#undef SIXTEEN_BIT"
-$   WRITE H_FILE "#undef EIGHT_BIT"
-$   WRITE H_FILE "#endif"
-$!
-$! Oddly enough, the following symbol is tested in crypto/sha/sha512.c
-$! before sha.h gets included (and HEADER_SHA_H defined), so we will not
-$! protect this one...
-$   WRITE H_FILE "#undef OPENSSL_NO_SHA512"
-$   WRITE H_FILE "#define OPENSSL_NO_SHA512"
-$!
-$   WRITE H_FILE "#undef OPENSSL_EXPORT_VAR_AS_FUNCTION"
-$   WRITE H_FILE "#define OPENSSL_EXPORT_VAR_AS_FUNCTION"
-$!
-$!  End
-$!
-$ ENDIF
-$!
-$! Close the [.CRYPTO._xxx]OPENSSLCONF.H file
-$!
-$ CLOSE H_FILE
-$!
-$! Purge The [.CRYPTO._xxx]OPENSSLCONF.H file
-$!
-$ PURGE SYS$DISK:[.CRYPTO.'ARCHD']OPENSSLCONF.H
-$!
-$! That's All, Time To RETURN.
-$!
-$ RETURN
-$!
-$! Rebuild The "[.CRYPTO._xxx]BUILDINF.H" file.
-$!
-$ BUILDINF:
-$!
-$! Tell The User We Are Creating The [.CRYPTO._xxx]BUILDINF.H File.
-$!
-$ WRITE SYS$OUTPUT "Creating [.CRYPTO.''ARCHD']BUILDINF.H Include File."
-$!
-$! Create The [.CRYPTO._xxx]BUILDINF.H File.
-$!
-$ BIH_NAME = "SYS$DISK:[.CRYPTO.''ARCHD']BUILDINF.H"
-$ CREATE /FDL=SYS$INPUT: 'BIH_NAME'
-RECORD
-        FORMAT stream_lf
-$!
-$ OPEN /APPEND H_FILE 'bih_name'
-$!
-$! Get The Current Date & Time.
-$!
-$ TIME = F$TIME()
-$!
-$! Write The [.CRYPTO._xxx]BUILDINF.H File.
-$!
-$ CFLAGS = ""
-$ if (POINTER_SIZE .nes. "")
-$ then
-$   CFLAGS = CFLAGS+ "/POINTER_SIZE=''POINTER_SIZE'"
-$ endif
-$ if (ZLIB .nes. "")
-$ then
-$   if (CFLAGS .nes. "") then CFLAGS = CFLAGS+ " "
-$   CFLAGS = CFLAGS+ "/DEFINE=ZLIB"
-$ endif
-$! 
-$ WRITE H_FILE "#define CFLAGS ""''CFLAGS'"""
-$ WRITE H_FILE "#define PLATFORM ""VMS ''ARCHD' ''VMS_VERSION'"""
-$ WRITE H_FILE "#define DATE ""''TIME'"" "
-$!
-$! Close The [.CRYPTO._xxx]BUILDINF.H File.
-$!
-$ CLOSE H_FILE
-$!
-$! Purge The [.CRYPTO._xxx]BUILDINF.H File.
-$!
-$ PURGE SYS$DISK:[.CRYPTO.'ARCHD']BUILDINF.H
-$!
-$! Delete [.CRYPTO]BUILDINF.H File, as there might be some residue from Unix.
-$!
-$ IF F$SEARCH("[.CRYPTO]BUILDINF.H") .NES. "" THEN -
-     DELETE SYS$DISK:[.CRYPTO]BUILDINF.H;*
-$!
-$! That's All, Time To RETURN.
-$!
-$ RETURN
-$!
-$! Copy a lot of files around.
-$!
-$ SOFTLINKS: 
-$!
-$!!!! Tell The User We Are Partly Rebuilding The [.APPS] Directory.
-$!!!!
-$!!! WRITE SYS$OUTPUT "Rebuilding The '[.APPS]MD4.C' File."
-$!!!!
-$!!! DELETE SYS$DISK:[.APPS]MD4.C;*
-$!!!!
-$!!!! Copy MD4.C from [.CRYPTO.MD4] into [.APPS]
-$!!!!
-$!!! COPY SYS$DISK:[.CRYPTO.MD4]MD4.C SYS$DISK:[.APPS]
-$!
-$! Ensure that the [.include.openssl] directory contains a full set of
-$! real header files.  The distribution kit may have left real or fake
-$! symlinks there.  Rather than think about what's there, simply delete
-$! the destination files (fake or real symlinks) before copying the real
-$! header files in.  (Copying a real header file onto a real symlink
-$! merely duplicates the real header file at its source.)
-$!
-$! Tell The User We Are Rebuilding The [.include.openssl] Directory.
-$!
-$ WRITE SYS$OUTPUT "Rebuilding The '[.include.openssl]' Directory."
-$!
-$! First, make sure the directory exists.  If it did exist, delete all
-$! the existing header files (or fake or real symlinks).
-$!
-$ if f$parse( "sys$disk:[.include.openssl]") .eqs. ""
-$ then
-$   create /directory sys$disk:[.include.openssl]
-$ else
-$   delete sys$disk:[.include.openssl]*.h;*
-$ endif
-$!
-$! Copy All The ".H" Files From The Main Directory.
-$!
-$ EXHEADER := e_os2.h
-$ copy 'exheader' sys$disk:[.include.openssl]
-$!
-$! Copy All The ".H" Files From The [.CRYPTO] Directory Tree.
-$!
-$ SDIRS := , -
-   'ARCHD', -
-   OBJECTS, -
-   MD2, MD4, MD5, SHA, MDC2, HMAC, RIPEMD, WHRLPOOL, -
-   DES, AES, RC2, RC4, RC5, IDEA, BF, CAST, CAMELLIA, SEED, MODES, -
-   BN, EC, RSA, DSA, ECDSA, DH, ECDH, DSO, ENGINE, -
-   BUFFER, BIO, STACK, LHASH, RAND, ERR, -
-   EVP, ASN1, PEM, X509, X509V3, CONF, TXT_DB, PKCS7, PKCS12, -
-   COMP, OCSP, UI, KRB5, -
-   CMS, PQUEUE, TS, JPAKE, SRP, STORE, CMAC
-$!
-$ EXHEADER_ := crypto.h, opensslv.h, ebcdic.h, symhacks.h, ossl_typ.h
-$ EXHEADER_'ARCHD' := opensslconf.h
-$ EXHEADER_OBJECTS := objects.h, obj_mac.h
-$ EXHEADER_MD2 := md2.h
-$ EXHEADER_MD4 := md4.h
-$ EXHEADER_MD5 := md5.h
-$ EXHEADER_SHA := sha.h
-$ EXHEADER_MDC2 := mdc2.h
-$ EXHEADER_HMAC := hmac.h
-$ EXHEADER_RIPEMD := ripemd.h
-$ EXHEADER_WHRLPOOL := whrlpool.h
-$ EXHEADER_DES := des.h, des_old.h
-$ EXHEADER_AES := aes.h
-$ EXHEADER_RC2 := rc2.h
-$ EXHEADER_RC4 := rc4.h
-$ EXHEADER_RC5 := rc5.h
-$ EXHEADER_IDEA := idea.h
-$ EXHEADER_BF := blowfish.h
-$ EXHEADER_CAST := cast.h
-$ EXHEADER_CAMELLIA := camellia.h
-$ EXHEADER_SEED := seed.h
-$ EXHEADER_MODES := modes.h
-$ EXHEADER_BN := bn.h
-$ EXHEADER_EC := ec.h
-$ EXHEADER_RSA := rsa.h
-$ EXHEADER_DSA := dsa.h
-$ EXHEADER_ECDSA := ecdsa.h
-$ EXHEADER_DH := dh.h
-$ EXHEADER_ECDH := ecdh.h
-$ EXHEADER_DSO := dso.h
-$ EXHEADER_ENGINE := engine.h
-$ EXHEADER_BUFFER := buffer.h
-$ EXHEADER_BIO := bio.h
-$ EXHEADER_STACK := stack.h, safestack.h
-$ EXHEADER_LHASH := lhash.h
-$ EXHEADER_RAND := rand.h
-$ EXHEADER_ERR := err.h
-$ EXHEADER_EVP := evp.h
-$ EXHEADER_ASN1 := asn1.h, asn1_mac.h, asn1t.h
-$ EXHEADER_PEM := pem.h, pem2.h
-$ EXHEADER_X509 := x509.h, x509_vfy.h
-$ EXHEADER_X509V3 := x509v3.h
-$ EXHEADER_CONF := conf.h, conf_api.h
-$ EXHEADER_TXT_DB := txt_db.h
-$ EXHEADER_PKCS7 := pkcs7.h
-$ EXHEADER_PKCS12 := pkcs12.h
-$ EXHEADER_COMP := comp.h
-$ EXHEADER_OCSP := ocsp.h
-$ EXHEADER_UI := ui.h, ui_compat.h
-$ EXHEADER_KRB5 := krb5_asn.h
-$ EXHEADER_CMS := cms.h
-$ EXHEADER_PQUEUE := pqueue.h
-$ EXHEADER_TS := ts.h
-$ EXHEADER_JPAKE := jpake.h
-$ EXHEADER_SRP := srp.h
-$!!! EXHEADER_STORE := store.h, str_compat.h
-$ EXHEADER_STORE := store.h
-$ EXHEADER_CMAC := cmac.h
-$!
-$ i = 0
-$ loop_sdirs:
-$   sdir = f$edit( f$element( i, ",", sdirs), "trim")
-$   i = i + 1
-$   if (sdir .eqs. ",") then goto loop_sdirs_end
-$   hdr_list = exheader_'sdir'
-$   if (sdir .nes. "") then sdir = "."+ sdir
-$   copy [.crypto'sdir']'hdr_list' sys$disk:[.include.openssl]
-$ goto loop_sdirs
-$ loop_sdirs_end:
-$!
-$! Copy All The ".H" Files From The [.SSL] Directory.
-$!
-$! (keep these in the same order as ssl/Makefile)
-$ EXHEADER := ssl.h, ssl2.h, ssl3.h, ssl23.h, tls1.h, dtls1.h, kssl.h, srtp.h
-$ copy sys$disk:[.ssl]'exheader' sys$disk:[.include.openssl]
-$!
-$! Purge the [.include.openssl] header files.
-$!
-$ purge sys$disk:[.include.openssl]*.h
-$!
-$! That's All, Time To RETURN.
-$!
-$ RETURN
-$!
-$! Build The "[.xxx.EXE.CRYPTO]SSL_LIBCRYPTO''LIB32'.OLB" Library.
-$!
-$ CRYPTO:
-$!
-$! Tell The User What We Are Doing.
-$!
-$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT -
-   "Building The [.",ARCHD,".EXE.CRYPTO]SSL_LIBCRYPTO''LIB32'.OLB Library."
-$!
-$! Go To The [.CRYPTO] Directory.
-$!
-$ SET DEFAULT SYS$DISK:[.CRYPTO]
-$!
-$! Build The [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library.
-$!  
-$ @CRYPTO-LIB LIBRARY 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" -
-   "''ISSEVEN'" "''BUILDPART'" "''POINTER_SIZE'" "''ZLIB'"
-$!
-$! Build The [.xxx.EXE.CRYPTO]*.EXE Test Applications.
-$!  
-$ @CRYPTO-LIB APPS 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" -
-   "''ISSEVEN'" "''BUILDPART'" "''POINTER_SIZE'" "''ZLIB'"
-$!
-$! Go Back To The Main Directory.
-$!
-$ SET DEFAULT [-]
-$!
-$! Time To RETURN.
-$!
-$ RETURN
-$!
-$! Build The "[.xxx.EXE.SSL]SSL_LIBSSL''LIB32'.OLB" Library.
-$!
-$ SSL:
-$!
-$! Tell The User What We Are Doing.
-$!
-$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT -
-   "Building The [.",ARCHD,".EXE.SSL]SSL_LIBSSL''LIB32'.OLB Library."
-$!
-$! Go To The [.SSL] Directory.
-$!
-$ SET DEFAULT SYS$DISK:[.SSL]
-$!
-$! Build The [.xxx.EXE.SSL]LIBSSL.OLB Library.
-$!
-$ @SSL-LIB LIBRARY 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" -
-   "''ISSEVEN'" "''POINTER_SIZE'" "''ZLIB'"
-$!
-$! Go Back To The Main Directory.
-$!
-$ SET DEFAULT [-]
-$!
-$! Time To Return.
-$!
-$ RETURN
-$!
-$! Build The "[.xxx.EXE.SSL]SSL_TASK.EXE" Program.
-$!
-$ SSL_TASK:
-$!
-$! Tell The User What We Are Doing.
-$!
-$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT -
-   "Building DECNet Based SSL Engine, [.",ARCHD,".EXE.SSL]SSL_TASK.EXE"
-$!
-$! Go To The [.SSL] Directory.
-$!
-$ SET DEFAULT SYS$DISK:[.SSL]
-$!
-$! Build The [.xxx.EXE.SSL]SSL_TASK.EXE
-$!
-$ @SSL-LIB SSL_TASK 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" -
-   "''ISSEVEN'" "''POINTER_SIZE'" "''ZLIB'"
-$!
-$! Go Back To The Main Directory.
-$!
-$ SET DEFAULT [-]
-$!
-$! That's All, Time To RETURN.
-$!
-$ RETURN
-$!
-$! Build The OpenSSL Test Programs.
-$!
-$ TEST:
-$!
-$! Tell The User What We Are Doing.
-$!
-$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT "Building The OpenSSL [.",ARCHD,".EXE.TEST] Test Utilities."
-$!
-$! Go To The [.TEST] Directory.
-$!
-$ SET DEFAULT SYS$DISK:[.TEST]
-$!
-$! Build The Test Programs.
-$!
-$ @MAKETESTS 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''ISSEVEN'" -
-   "''POINTER_SIZE'" "''ZLIB'"
-$!
-$! Go Back To The Main Directory.
-$!
-$ SET DEFAULT [-]
-$!
-$! That's All, Time To RETURN.
-$!
-$ RETURN
-$!
-$! Build The OpenSSL Application Programs.
-$!
-$ APPS:
-$!
-$! Tell The User What We Are Doing.
-$!
-$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT "Building OpenSSL [.",ARCHD,".EXE.APPS] Applications."
-$!
-$! Go To The [.APPS] Directory.
-$!
-$ SET DEFAULT SYS$DISK:[.APPS]
-$!
-$! Build The Application Programs.
-$!
-$ @MAKEAPPS 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''ISSEVEN'" -
-   "" "''POINTER_SIZE'" "''ZLIB'"
-$!
-$! Go Back To The Main Directory.
-$!
-$ SET DEFAULT [-]
-$!
-$! That's All, Time To RETURN.
-$!
-$ RETURN
-$!
-$! Build The OpenSSL Application Programs.
-$!
-$ ENGINES:
-$!
-$! Tell The User What We Are Doing.
-$!
-$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT "Building OpenSSL [.",ARCHD,".EXE.ENGINES] Engines."
-$!
-$! Go To The [.ENGINES] Directory.
-$!
-$ SET DEFAULT SYS$DISK:[.ENGINES]
-$!
-$! Build The Application Programs.
-$!
-$ @MAKEENGINES ENGINES 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" -
-   "''ISSEVEN'" "''BUILDPART'" "''POINTER_SIZE'" "''ZLIB'"
-$!
-$! Go Back To The Main Directory.
-$!
-$ SET DEFAULT [-]
-$!
-$! That's All, Time To RETURN.
-$!
-$ RETURN
-$!
-$! Check The User's Options.
-$!
-$ CHECK_OPTIONS:
-$!
-$! Check if there's a "part", and separate it out
-$!
-$ BUILDPART = F$ELEMENT(1,"/",P1)
-$ IF BUILDPART .EQS. "/"
-$ THEN
-$   BUILDPART = ""
-$ ELSE
-$   P1 = F$EXTRACT(0,F$LENGTH(P1) - F$LENGTH(BUILDPART) - 1, P1)
-$ ENDIF
-$!
-$! Check To See If P1 Is Blank.
-$!
-$ IF (P1.EQS."ALL")
-$ THEN
-$!
-$!   P1 Is ALL, So Build Everything.
-$!
-$    BUILDCOMMAND = "ALL"
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$!  Else, Check To See If P1 Has A Valid Argument.
-$!
-$   IF (P1.EQS."CONFIG").OR.(P1.EQS."BUILDINF").OR.(P1.EQS."SOFTLINKS") -
-       .OR.(P1.EQS."BUILDALL") -
-       .OR.(P1.EQS."CRYPTO").OR.(P1.EQS."SSL") -
-       .OR.(P1.EQS."SSL_TASK").OR.(P1.EQS."TEST").OR.(P1.EQS."APPS") -
-       .OR.(P1.EQS."ENGINES")
-$   THEN
-$!
-$!    A Valid Argument.
-$!
-$     BUILDCOMMAND = P1
-$!
-$!  Else...
-$!
-$   ELSE
-$!
-$!    Tell The User We Don't Know What They Want.
-$!
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "USAGE:   @MAKEVMS.COM [Target] [Pointer size] [Debug option] <Compiler>"
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "Example: @MAKEVMS.COM ALL """" NODEBUG "
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "The Target ",P1," Is Invalid.  The Valid Target Options Are:"
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "    ALL      :  Just Build Everything."
-$     WRITE SYS$OUTPUT "    CONFIG   :  Just build the [.CRYPTO._xxx]OPENSSLCONF.H file."
-$     WRITE SYS$OUTPUT "    BUILDINF :  Just build the [.CRYPTO._xxx]BUILDINF.H file."
-$     WRITE SYS$OUTPUT "    SOFTLINKS:  Just Fix The Unix soft links."
-$     WRITE SYS$OUTPUT "    BUILDALL :  Same as ALL, except CONFIG, BUILDINF and SOFTILNKS aren't done."
-$     WRITE SYS$OUTPUT "    CRYPTO   :  To Build Just The [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library."
-$     WRITE SYS$OUTPUT "    CRYPTO/x :  To Build Just The x Part Of The"
-$     WRITE SYS$OUTPUT "                [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library."
-$     WRITE SYS$OUTPUT "    SSL      :  To Build Just The [.xxx.EXE.SSL]LIBSSL.OLB Library."
-$     WRITE SYS$OUTPUT "    SSL_TASK :  To Build Just The [.xxx.EXE.SSL]SSL_TASK.EXE Program."
-$     WRITE SYS$OUTPUT "    TEST     :  To Build Just The OpenSSL Test Programs."
-$     WRITE SYS$OUTPUT "    APPS     :  To Build Just The OpenSSL Application Programs."
-$     WRITE SYS$OUTPUT "    ENGINES  :  To Build Just The ENGINES"
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT " Where 'xxx' Stands For:"
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "    ALPHA[64]:  Alpha Architecture."
-$     WRITE SYS$OUTPUT "    IA64[64] :  IA64 Architecture."
-$     WRITE SYS$OUTPUT "    VAX      :  VAX Architecture."
-$     WRITE SYS$OUTPUT ""
-$!
-$!    Time To EXIT.
-$!
-$     GOTO TIDY
-$!
-$!  End The Valid Argument Check.
-$!
-$   ENDIF
-$!
-$! End The P1 Check.
-$!
-$ ENDIF
-$!
-$! Check P2 (POINTER_SIZE).
-$!
-$ IF (P2 .NES. "") .AND. (ARCH .NES. "VAX")
-$ THEN
-$!
-$   IF (P2 .EQS. "32")
-$   THEN
-$     POINTER_SIZE = "32"
-$   ELSE
-$     POINTER_SIZE = F$EDIT( P2, "COLLAPSE, UPCASE")
-$     IF ((POINTER_SIZE .EQS. "64") .OR. -
-       (POINTER_SIZE .EQS. "64=") .OR. -
-       (POINTER_SIZE .EQS. "64=ARGV"))
-$     THEN
-$       ARCHD = ARCH+ "_64"
-$       LIB32 = ""
-$     ELSE
-$!
-$!      Tell The User Entered An Invalid Option.
-$!
-$       WRITE SYS$OUTPUT ""
-$       WRITE SYS$OUTPUT "The Option ", P2, -
-         " Is Invalid.  The Valid Options Are:"
-$       WRITE SYS$OUTPUT ""
-$       WRITE SYS$OUTPUT -
-         "    """"       :  Compile with default (short) pointers."
-$       WRITE SYS$OUTPUT -
-         "    32       :  Compile with 32-bit (short) pointers."
-$       WRITE SYS$OUTPUT -
-         "    64       :  Compile with 64-bit (long) pointers (auto ARGV)."
-$       WRITE SYS$OUTPUT -
-         "    64=      :  Compile with 64-bit (long) pointers (no ARGV)."
-$       WRITE SYS$OUTPUT -
-         "    64=ARGV  :  Compile with 64-bit (long) pointers (ARGV)."
-$       WRITE SYS$OUTPUT ""
-$! 
-$!      Time To EXIT.
-$!
-$       GOTO TIDY
-$!
-$     ENDIF
-$!
-$   ENDIF
-$!
-$! End The P2 (POINTER_SIZE) Check.
-$!
-$ ENDIF
-$!
-$! Check To See If P3 Is Blank.
-$!
-$ IF (P3.EQS."NODEBUG")
-$ THEN
-$!
-$!   P3 Is NODEBUG, So Compile Without Debugger Information.
-$!
-$    DEBUGGER = "NODEBUG"
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$!  Check To See If We Are To Compile With Debugger Information.
-$!
-$   IF (P3.EQS."DEBUG")
-$   THEN
-$!
-$!    Compile With Debugger Information.
-$!
-$     DEBUGGER = "DEBUG"
-$!
-$!  Else...
-$!
-$   ELSE
-$!
-$!    Tell The User Entered An Invalid Option.
-$!
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "The Option ",P3," Is Invalid.  The Valid Options Are:"
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "    DEBUG    :  Compile With The Debugger Information."
-$     WRITE SYS$OUTPUT "    NODEBUG  :  Compile Without The Debugger Information."
-$     WRITE SYS$OUTPUT ""
-$!
-$!    Time To EXIT.
-$!
-$     GOTO TIDY
-$!
-$!  End The Valid Argument Check.
-$!
-$   ENDIF
-$!
-$! End The P3 Check.
-$!
-$ ENDIF
-$!
-$! Check To See If P4 Is Blank.
-$!
-$ IF (P4.EQS."")
-$ THEN
-$!
-$!  O.K., The User Didn't Specify A Compiler, Let's Try To
-$!  Find Out Which One To Use.
-$!
-$!  Check To See If We Have GNU C.
-$!
-$   IF (F$TRNLNM("GNU_CC").NES."")
-$   THEN
-$!
-$!    Looks Like GNUC, Set To Use GNUC.
-$!
-$     COMPILER = "GNUC"
-$!
-$!    Tell The User We Are Using GNUC.
-$!
-$     WRITE SYS$OUTPUT "Using GNU 'C' Compiler."
-$!
-$!  End The GNU C Compiler Check.
-$!
-$   ENDIF
-$!
-$!  Check To See If We Have VAXC Or DECC.
-$!
-$   IF (F$GETSYI("CPU").GE.128).OR.(F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC")
-$   THEN 
-$!
-$!    Looks Like DECC, Set To Use DECC.
-$!
-$     COMPILER = "DECC"
-$!
-$!    Tell The User We Are Using DECC.
-$!
-$     WRITE SYS$OUTPUT "Using DECC 'C' Compiler."
-$!
-$!  Else...
-$!
-$   ELSE
-$!
-$!    Looks Like VAXC, Set To Use VAXC.
-$!
-$     COMPILER = "VAXC"
-$!
-$!    Tell The User We Are Using VAX C.
-$!
-$     WRITE SYS$OUTPUT "Using VAXC 'C' Compiler."
-$!
-$!  End The DECC & VAXC Compiler Check.
-$!
-$   ENDIF
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$!  Check To See If The User Entered A Valid Parameter.
-$!
-$   IF (P4.EQS."VAXC").OR.(P4.EQS."DECC").OR.(P4.EQS."GNUC")!.OR.(P4.EQS."LINK")
-$   THEN
-$!
-$!    Check To See If The User Wanted To Just LINK.
-$!
-$     IF (P4.EQS."LINK")
-$     THEN
-$!
-$!      Looks Like LINK-only
-$!
-$       COMPILER = "LINK"
-$!
-$!      Tell The User We Are Only Linking.
-$!
-$       WRITE SYS$OUTPUT "LINK Only.  This actually NOT YET SUPPORTED!"
-$!
-$!    End LINK Check.
-$!
-$     ENDIF
-$!
-$!    Check To See If The User Wanted DECC.
-$!
-$     IF (P4.EQS."DECC")
-$     THEN
-$!
-$!      Looks Like DECC, Set To Use DECC.
-$!
-$       COMPILER = "DECC"
-$!
-$!      Tell The User We Are Using DECC.
-$!
-$       WRITE SYS$OUTPUT "Using DECC 'C' Compiler."
-$!
-$!    End DECC Check.
-$!
-$     ENDIF
-$!
-$!    Check To See If We Are To Use VAXC.
-$!
-$     IF (P4.EQS."VAXC")
-$     THEN
-$!
-$!      Looks Like VAXC, Set To Use VAXC.
-$!
-$       COMPILER = "VAXC"
-$!
-$!      Tell The User We Are Using VAX C.
-$!
-$       WRITE SYS$OUTPUT "Using VAXC 'C' Compiler."
-$!
-$!    End VAXC Check
-$!
-$     ENDIF
-$!
-$!    Check To See If We Are To Use GNU C.
-$!
-$     IF (P4.EQS."GNUC")
-$     THEN
-$!
-$!      Looks Like GNUC, Set To Use GNUC.
-$!
-$       COMPILER = "GNUC"
-$!
-$!      Tell The User We Are Using GNUC.
-$!
-$       WRITE SYS$OUTPUT "Using GNU 'C' Compiler."
-$!
-$!    End The GNU C Check.
-$!
-$     ENDIF
-$!
-$!  Else The User Entered An Invalid Argument.
-$!
-$   ELSE
-$!
-$!    Tell The User We Don't Know What They Want.
-$!
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "The Option ",P4," Is Invalid.  The Valid Options Are:"
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "    VAXC  :  To Compile With VAX C."
-$     WRITE SYS$OUTPUT "    DECC  :  To Compile With DEC C."
-$     WRITE SYS$OUTPUT "    GNUC  :  To Compile With GNU C."
-$     WRITE SYS$OUTPUT ""
-$!
-$!    Time To EXIT.
-$!
-$     GOTO TIDY
-$!
-$!  End The Valid Argument Check.
-$!
-$   ENDIF
-$!
-$! End The P4 Check.
-$!
-$ ENDIF
-$!
-$! Time to check the contents of P5, and to make sure we get the correct
-$! library.
-$!
-$ IF P5.EQS."SOCKETSHR" .OR. P5.EQS."MULTINET" .OR. P5.EQS."UCX" -
-     .OR. P5.EQS."TCPIP" .OR. P5.EQS."NONE"
-$ THEN
-$!
-$!  Check to see if SOCKETSHR was chosen
-$!
-$   IF P5.EQS."SOCKETSHR"
-$   THEN
-$!
-$!    Set the library to use SOCKETSHR
-$!
-$     TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT /OPTIONS"
-$!
-$!    Tell the user
-$!
-$     WRITE SYS$OUTPUT "Using SOCKETSHR for TCP/IP"
-$!
-$!    Done with SOCKETSHR
-$!
-$   ENDIF
-$!
-$!  Check to see if MULTINET was chosen
-$!
-$   IF P5.EQS."MULTINET"
-$   THEN
-$!
-$!    Set the library to use UCX emulation.
-$!
-$     P5 = "UCX"
-$!
-$!    Tell the user
-$!
-$     WRITE SYS$OUTPUT "Using MultiNet via UCX emulation for TCP/IP"
-$!
-$!    Done with MULTINET
-$!
-$   ENDIF
-$!
-$!  Check to see if UCX was chosen
-$!
-$   IF P5.EQS."UCX"
-$   THEN
-$!
-$!    Set the library to use UCX.
-$!
-$     TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT /OPTIONS"
-$!
-$!    Tell the user
-$!
-$     WRITE SYS$OUTPUT "Using UCX or an emulation thereof for TCP/IP"
-$!
-$!    Done with UCX
-$!
-$   ENDIF
-$!
-$!  Check to see if TCPIP was chosen
-$!
-$   IF P5.EQS."TCPIP"
-$   THEN
-$!
-$!    Set the library to use TCPIP (post UCX).
-$!
-$     TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT /OPTIONS"
-$!
-$!    Tell the user
-$!
-$     WRITE SYS$OUTPUT "Using TCPIP (post UCX) for TCP/IP"
-$!
-$!    Done with TCPIP
-$!
-$   ENDIF
-$!
-$!  Check to see if NONE was chosen
-$!
-$   IF P5.EQS."NONE"
-$   THEN
-$!
-$!    Do not use a TCPIP library.
-$!
-$     TCPIP_LIB = ""
-$!
-$!    Tell the user
-$!
-$     WRITE SYS$OUTPUT "A specific TCPIP library will not be used."
-$!
-$!    Done with NONE.
-$!
-$   ENDIF
-$!
-$!  Set the TCPIP_TYPE symbol
-$!
-$   TCPIP_TYPE = P5
-$!
-$!  Print info
-$!
-$   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB
-$!
-$!  Else The User Entered An Invalid Argument.
-$!
-$ ELSE
-$   IF P5 .NES. ""
-$   THEN
-$!
-$!    Tell The User We Don't Know What They Want.
-$!
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "The Option ",P5," Is Invalid.  The Valid Options Are:"
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "    SOCKETSHR  :  To link with SOCKETSHR TCP/IP library."
-$     WRITE SYS$OUTPUT "    UCX        :  To link with UCX TCP/IP library."
-$     WRITE SYS$OUTPUT "    TCPIP      :  To link with TCPIP TCP/IP (post UCX) library."
-$     WRITE SYS$OUTPUT "    NONE       :  To not link with a specific TCP/IP library."
-$     WRITE SYS$OUTPUT ""
-$!
-$!    Time To EXIT.
-$!
-$     GOTO TIDY
-$   ELSE
-$!
-$! If TCPIP is not defined, then hardcode it to make
-$! it clear that no TCPIP is desired.
-$!
-$     IF P5 .EQS. ""
-$     THEN
-$       TCPIP_LIB = ""
-$       TCPIP_TYPE = "NONE"
-$     ELSE
-$!
-$!    Set the TCPIP_TYPE symbol
-$!
-$       TCPIP_TYPE = P5
-$     ENDIF
-$   ENDIF
-$!
-$!  Done with TCP/IP libraries
-$!
-$ ENDIF
-$!
-$! Special Threads For OpenVMS v7.1 Or Later
-$!
-$! Written By:  Richard Levitte
-$!              richard@levitte.org
-$!
-$!
-$! Check To See If We Have A Option For P6.
-$!
-$ IF (P6.EQS."")
-$ THEN
-$!
-$!  Get The Version Of VMS We Are Using.
-$!
-$   ISSEVEN :=
-$   TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,VMS_VERSION))
-$   TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP))
-$!
-$!  Check To See If The VMS Version Is v7.1 Or Later.
-$!
-$   IF (TMP.GE.71)
-$   THEN
-$!
-$!    We Have OpenVMS v7.1 Or Later, So Use The Special Threads.
-$!
-$     ISSEVEN := ,PTHREAD_USE_D4
-$!
-$!  End The VMS Version Check.
-$!
-$   ENDIF
-$!
-$! End The P6 Check.
-$!
-$ ENDIF
-$!
-$!
-$! Check To See If We Have A ZLIB Option.
-$!
-$ ZLIB = P7
-$ IF (ZLIB .NES. "")
-$ THEN
-$!
-$!  Check for expected ZLIB files.
-$!
-$   err = 0
-$   file1 = f$parse( "zlib.h", ZLIB, , , "SYNTAX_ONLY")
-$   if (f$search( file1) .eqs. "")
-$   then
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid."
-$     WRITE SYS$OUTPUT "    Can't find header: ''file1'"
-$     err = 1
-$   endif
-$!
-$   file2 = f$parse( ZLIB, "libz.olb", , , "SYNTAX_ONLY")
-$   if (f$search( file2) .eqs. "")
-$   then
-$     if (err .eq. 0)
-$     then
-$       WRITE SYS$OUTPUT ""
-$       WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid."
-$     endif
-$     WRITE SYS$OUTPUT "    Can't find library: ''file2'"
-$     WRITE SYS$OUTPUT ""
-$     err = err+ 2
-$   endif
-$   if (err .eq. 1)
-$   then
-$     WRITE SYS$OUTPUT ""
-$   endif
-$!
-$   if (err .ne. 0)
-$   then
-$     GOTO TIDY
-$   endif
-$!
-$!  Print info
-$!
-$   WRITE SYS$OUTPUT "ZLIB library spec: ", file2
-$!
-$! End The ZLIB Check.
-$!
-$ ENDIF
-$!
-$!  Time To RETURN...
-$!
-$ RETURN
-$!
-$ TIDY:
-$!
-$! Close any open files.
-$!
-$ if (f$trnlnm( "h_file", "LNM$PROCESS", 0, "SUPERVISOR") .nes. "") then -
-   close h_file
-$!
-$! Restore the original default device:[directory].
-$!
-$ SET DEFAULT 'DEF_ORIG'
-$!
-$ EXIT
-$!
diff --git a/src/lib/libssl/src/ms/32all.bat b/src/lib/libssl/src/ms/32all.bat
deleted file mode 100644
index aaab9b0c9d..0000000000
--- a/src/lib/libssl/src/ms/32all.bat
+++ /dev/null
@@ -1,20 +0,0 @@
-set OPTS=no-asm
-
-perl Configure VC-WIN32
-perl util\mkfiles.pl >MINFO
-perl util\mk1mf.pl %OPTS% debug VC-WIN32 >d32.mak
-perl util\mk1mf.pl %OPTS% VC-WIN32 >32.mak
-perl util\mk1mf.pl %OPTS% debug dll VC-WIN32 >d32dll.mak
-perl util\mk1mf.pl %OPTS% dll VC-WIN32 >32dll.mak
-perl util\mkdef.pl 32 libeay > ms\libeay32.def
-perl util\mkdef.pl 32 ssleay > ms\ssleay32.def
-
-nmake -f d32.mak
-@if errorlevel 1 goto end
-nmake -f 32.mak
-@if errorlevel 1 goto end
-nmake -f d32dll.mak
-@if errorlevel 1 goto end
-nmake -f 32dll.mak
-
-:end
diff --git a/src/lib/libssl/src/ms/README b/src/lib/libssl/src/ms/README
deleted file mode 100644
index 07f1925d5f..0000000000
--- a/src/lib/libssl/src/ms/README
+++ /dev/null
@@ -1,13 +0,0 @@
-Run these makefiles from the top level as in
-nmake -f ms\makefilename
-to build with visual C++ 4.[01].
-
-The results will be in the out directory.
-
-These makefiles and def files were generated by typing
-
-perl util\mk1mf.pl VC-NT >ms/nt.mak
-perl util\mk1mf.pl VC-NT dll >ms/ntdll.mak
-
-perl util\mkdef.pl 32 crypto > ms/crypto32.def
-perl util\mkdef.pl 32 ssl > ms/ssl32.def
diff --git a/src/lib/libssl/src/ms/applink.c b/src/lib/libssl/src/ms/applink.c
deleted file mode 100644
index 54a0a64262..0000000000
--- a/src/lib/libssl/src/ms/applink.c
+++ /dev/null
@@ -1,94 +0,0 @@
-#define APPLINK_STDIN   1
-#define APPLINK_STDOUT  2
-#define APPLINK_STDERR  3
-#define APPLINK_FPRINTF 4
-#define APPLINK_FGETS   5
-#define APPLINK_FREAD   6
-#define APPLINK_FWRITE  7
-#define APPLINK_FSETMOD 8
-#define APPLINK_FEOF    9
-#define APPLINK_FCLOSE  10      /* should not be used */
-
-#define APPLINK_FOPEN   11      /* solely for completeness */
-#define APPLINK_FSEEK   12
-#define APPLINK_FTELL   13
-#define APPLINK_FFLUSH  14
-#define APPLINK_FERROR  15
-#define APPLINK_CLEARERR 16
-#define APPLINK_FILENO  17      /* to be used with below */
-
-#define APPLINK_OPEN    18      /* formally can't be used, as flags can vary */
-#define APPLINK_READ    19
-#define APPLINK_WRITE   20
-#define APPLINK_LSEEK   21
-#define APPLINK_CLOSE   22
-#define APPLINK_MAX     22      /* always same as last macro */
-
-#ifndef APPMACROS_ONLY
-#include <stdio.h>
-#include <io.h>
-#include <fcntl.h>
-
-static void *app_stdin(void)            { return stdin;  }
-static void *app_stdout(void)           { return stdout; }
-static void *app_stderr(void)           { return stderr; }
-static int   app_feof(FILE *fp)         { return feof(fp); }
-static int   app_ferror(FILE *fp)       { return ferror(fp); }
-static void  app_clearerr(FILE *fp)     { clearerr(fp); }
-static int   app_fileno(FILE *fp)       { return _fileno(fp); }
-static int   app_fsetmod(FILE *fp,char mod)
-{ return _setmode (_fileno(fp),mod=='b'?_O_BINARY:_O_TEXT); }
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-__declspec(dllexport)
-void **
-#if defined(__BORLANDC__)
-__stdcall       /* __stdcall appears to be the only way to get the name
-                 * decoration right with Borland C. Otherwise it works
-                 * purely incidentally, as we pass no parameters. */
-#else
-__cdecl
-#endif
-OPENSSL_Applink(void)
-{ static int once=1;
-  static void *OPENSSL_ApplinkTable[APPLINK_MAX+1]={(void *)APPLINK_MAX};
-
-    if (once)
-    {   OPENSSL_ApplinkTable[APPLINK_STDIN]     = app_stdin;
-        OPENSSL_ApplinkTable[APPLINK_STDOUT]    = app_stdout;
-        OPENSSL_ApplinkTable[APPLINK_STDERR]    = app_stderr;
-        OPENSSL_ApplinkTable[APPLINK_FPRINTF]   = fprintf;
-        OPENSSL_ApplinkTable[APPLINK_FGETS]     = fgets;
-        OPENSSL_ApplinkTable[APPLINK_FREAD]     = fread;
-        OPENSSL_ApplinkTable[APPLINK_FWRITE]    = fwrite;
-        OPENSSL_ApplinkTable[APPLINK_FSETMOD]   = app_fsetmod;
-        OPENSSL_ApplinkTable[APPLINK_FEOF]      = app_feof;
-        OPENSSL_ApplinkTable[APPLINK_FCLOSE]    = fclose;
-
-        OPENSSL_ApplinkTable[APPLINK_FOPEN]     = fopen;
-        OPENSSL_ApplinkTable[APPLINK_FSEEK]     = fseek;
-        OPENSSL_ApplinkTable[APPLINK_FTELL]     = ftell;
-        OPENSSL_ApplinkTable[APPLINK_FFLUSH]    = fflush;
-        OPENSSL_ApplinkTable[APPLINK_FERROR]    = app_ferror;
-        OPENSSL_ApplinkTable[APPLINK_CLEARERR]  = app_clearerr;
-        OPENSSL_ApplinkTable[APPLINK_FILENO]    = app_fileno;
-
-        OPENSSL_ApplinkTable[APPLINK_OPEN]      = _open;
-        OPENSSL_ApplinkTable[APPLINK_READ]      = _read;
-        OPENSSL_ApplinkTable[APPLINK_WRITE]     = _write;
-        OPENSSL_ApplinkTable[APPLINK_LSEEK]     = _lseek;
-        OPENSSL_ApplinkTable[APPLINK_CLOSE]     = _close;
-
-        once = 0;
-    }
-
-  return OPENSSL_ApplinkTable;
-}
-
-#ifdef __cplusplus
-}
-#endif
-#endif
diff --git a/src/lib/libssl/src/ms/bcb4.bat b/src/lib/libssl/src/ms/bcb4.bat
deleted file mode 100644
index 00fb9e8459..0000000000
--- a/src/lib/libssl/src/ms/bcb4.bat
+++ /dev/null
@@ -1,6 +0,0 @@
-perl Configure BC-32
-perl util\mkfiles.pl > MINFO
-
-@rem create make file
-perl util\mk1mf.pl no-asm BC-NT > bcb.mak
-
diff --git a/src/lib/libssl/src/ms/certCA.srl b/src/lib/libssl/src/ms/certCA.srl
deleted file mode 100644
index 2cfaa3ba20..0000000000
--- a/src/lib/libssl/src/ms/certCA.srl
+++ /dev/null
@@ -1 +0,0 @@
-1D
diff --git a/src/lib/libssl/src/ms/certCA.ss b/src/lib/libssl/src/ms/certCA.ss
deleted file mode 100644
index b48c657ae0..0000000000
--- a/src/lib/libssl/src/ms/certCA.ss
+++ /dev/null
@@ -1,10 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIBXDCCAQYCAQAwDQYJKoZIhvcNAQEEBQAwOTELMAkGA1UEBhMCQVUxFzAVBgNV
-BAoTDkRvZGd5IEJyb3RoZXJzMREwDwYDVQQDEwhEb2RneSBDQTAeFw05ODA3MjEw
-NjUwMTZaFw05ODA4MjAwNjUwMTZaMDkxCzAJBgNVBAYTAkFVMRcwFQYDVQQKEw5E
-b2RneSBCcm90aGVyczERMA8GA1UEAxMIRG9kZ3kgQ0EwXDANBgkqhkiG9w0BAQEF
-AANLADBIAkEA0DQLenM/ncK6CwSEJhOO1WfZUPUEi4pvos9fHW459jh3rRDADgi3
-fiCYxoRVSQhvB47kDZ3ViNg5yrDhy7F9ywIDAQABMA0GCSqGSIb3DQEBBAUAA0EA
-S564l3SBxJ+QcIXthGGDyP5zkxTf/1fHfelW9LNgu6lZTdy9Dlp/NecPekzRmZEM
-WiGXGkKNeuo8PsnGJHP9Qg==
------END CERTIFICATE-----
diff --git a/src/lib/libssl/src/ms/certU.ss b/src/lib/libssl/src/ms/certU.ss
deleted file mode 100644
index 095ea14330..0000000000
--- a/src/lib/libssl/src/ms/certU.ss
+++ /dev/null
@@ -1,10 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIBcTCCARsCARwwDQYJKoZIhvcNAQEEBQAwOTELMAkGA1UEBhMCQVUxFzAVBgNV
-BAoTDkRvZGd5IEJyb3RoZXJzMREwDwYDVQQDEwhEb2RneSBDQTAeFw05ODA3MjEw
-NjUwMjdaFw05ODA4MjAwNjUwMjdaME4xCzAJBgNVBAYTAkFVMRcwFQYDVQQKEw5E
-b2RneSBCcm90aGVyczESMBAGA1UEAxMJQnJvdGhlciAxMRIwEAYDVQQDEwlCcm90
-aGVyIDIwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA0e4qorOr/zuLB9NvRaXhJVaI
-HaGGasa7eMAjVPitWAXkN+DxXiGH1CnMgQraKiYzsEVP15xtxkevEvK5jJpOwwID
-AQABMA0GCSqGSIb3DQEBBAUAA0EAZhcPV+SWwaszFuDTYc6fUurcV9OeXUqoxSQy
-MnLZPTyWubHbbkUr9fUfdf7Cc7dFqGzag05VHkNQUS9VjMzjIQ==
------END CERTIFICATE-----
diff --git a/src/lib/libssl/src/ms/cmp.pl b/src/lib/libssl/src/ms/cmp.pl
deleted file mode 100644
index 95b257fe4c..0000000000
--- a/src/lib/libssl/src/ms/cmp.pl
+++ /dev/null
@@ -1,47 +0,0 @@
-#!/usr/local/bin/perl
-
-($#ARGV == 1) || die "usage: cmp.pl <file1> <file2>\n";
-
-open(IN0,"<$ARGV[0]") || die "unable to open $ARGV[0]\n";
-open(IN1,"<$ARGV[1]") || die "unable to open $ARGV[1]\n";
-binmode IN0;
-binmode IN1;
-
-$tot=0;
-$ret=1;
-for (;;)
-        {
-        $n1=sysread(IN0,$b1,4096);
-        $n2=sysread(IN1,$b2,4096);
-
-        last if ($n1 != $n2);
-        last if ($b1 ne $b2);
-        last if ($n1 < 0);
-        if ($n1 == 0)
-                {
-                $ret=0;
-                last;
-                }
-        $tot+=$n1;
-        }
-
-close(IN0);
-close(IN1);
-if ($ret)
-        {
-        printf STDERR "$ARGV[0] and $ARGV[1] are different\n";
-        @a1=unpack("C*",$b1);
-        @a2=unpack("C*",$b2);
-        for ($i=0; $i<=$#a1; $i++)
-                {
-                if ($a1[$i] ne $a2[$i])
-                        {
-                        printf "%02X %02X <<\n",$a1[$i],$a2[$i];
-                        last;
-                        }
-                }
-        $nm=$tot+$n1;
-        $tot+=$i+1;
-        printf STDERR "diff at char $tot of $nm\n";
-        }
-exit($ret);
diff --git a/src/lib/libssl/src/ms/do_ms.bat b/src/lib/libssl/src/ms/do_ms.bat
deleted file mode 100644
index 55014d3fc3..0000000000
--- a/src/lib/libssl/src/ms/do_ms.bat
+++ /dev/null
@@ -1,11 +0,0 @@
-
-perl util\mkfiles.pl >MINFO
-perl util\mk1mf.pl no-asm VC-WIN32 >ms\nt.mak
-perl util\mk1mf.pl dll no-asm VC-WIN32 >ms\ntdll.mak
-if x%OSVERSION% == x goto skipce
-perl util\mk1mf.pl no-asm VC-CE >ms\ce.mak
-perl util\mk1mf.pl dll no-asm VC-CE >ms\cedll.mak
-:skipce
-
-perl util\mkdef.pl 32 libeay > ms\libeay32.def
-perl util\mkdef.pl 32 ssleay > ms\ssleay32.def
diff --git a/src/lib/libssl/src/ms/do_nasm.bat b/src/lib/libssl/src/ms/do_nasm.bat
deleted file mode 100644
index 7b3f3edbf0..0000000000
--- a/src/lib/libssl/src/ms/do_nasm.bat
+++ /dev/null
@@ -1,8 +0,0 @@
-
-perl util\mkfiles.pl >MINFO
-perl util\mk1mf.pl nasm VC-WIN32 >ms\nt.mak
-perl util\mk1mf.pl dll nasm VC-WIN32 >ms\ntdll.mak
-perl util\mk1mf.pl nasm BC-NT >ms\bcb.mak
-
-perl util\mkdef.pl 32 libeay > ms\libeay32.def
-perl util\mkdef.pl 32 ssleay > ms\ssleay32.def
diff --git a/src/lib/libssl/src/ms/do_nt.bat b/src/lib/libssl/src/ms/do_nt.bat
deleted file mode 100644
index e2d525e05d..0000000000
--- a/src/lib/libssl/src/ms/do_nt.bat
+++ /dev/null
@@ -1,7 +0,0 @@
-
-perl util\mkfiles.pl >MINFO
-perl util\mk1mf.pl no-asm VC-NT >ms\nt.mak
-perl util\mk1mf.pl dll no-asm VC-NT >ms\ntdll.mak
-
-perl util\mkdef.pl libeay NT > ms\libeay32.def
-perl util\mkdef.pl ssleay NT > ms\ssleay32.def
diff --git a/src/lib/libssl/src/ms/do_win64a.bat b/src/lib/libssl/src/ms/do_win64a.bat
deleted file mode 100755
index ff8b19ccfd..0000000000
--- a/src/lib/libssl/src/ms/do_win64a.bat
+++ /dev/null
@@ -1,19 +0,0 @@
-perl util\mkfiles.pl >MINFO
-
-cmd /c "nasm -f win64 -v" >NUL: 2>&1
-if %errorlevel% neq 0 goto ml64
-
-perl ms\uplink-x86_64.pl nasm > ms\uptable.asm
-nasm -f win64 -o ms\uptable.obj ms\uptable.asm
-goto proceed
-
-:ml64
-perl ms\uplink-x86_64.pl masm > ms\uptable.asm
-ml64 -c -Foms\uptable.obj ms\uptable.asm
-
-:proceed
-perl util\mk1mf.pl VC-WIN64A >ms\nt.mak
-perl util\mk1mf.pl dll VC-WIN64A >ms\ntdll.mak
-
-perl util\mkdef.pl 32 libeay > ms\libeay32.def
-perl util\mkdef.pl 32 ssleay > ms\ssleay32.def
diff --git a/src/lib/libssl/src/ms/do_win64i.bat b/src/lib/libssl/src/ms/do_win64i.bat
deleted file mode 100755
index 088f5e1d0a..0000000000
--- a/src/lib/libssl/src/ms/do_win64i.bat
+++ /dev/null
@@ -1,9 +0,0 @@
-
-perl util\mkfiles.pl >MINFO
-perl ms\uplink-ia64.pl > ms\uptable.asm
-ias -o ms\uptable.obj ms\uptable.asm
-perl util\mk1mf.pl VC-WIN64I >ms\nt.mak
-perl util\mk1mf.pl dll VC-WIN64I >ms\ntdll.mak
-
-perl util\mkdef.pl 32 libeay > ms\libeay32.def
-perl util\mkdef.pl 32 ssleay > ms\ssleay32.def
diff --git a/src/lib/libssl/src/ms/keyCA.ss b/src/lib/libssl/src/ms/keyCA.ss
deleted file mode 100644
index 933c2cd6ed..0000000000
--- a/src/lib/libssl/src/ms/keyCA.ss
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIBOwIBAAJBANA0C3pzP53CugsEhCYTjtVn2VD1BIuKb6LPXx1uOfY4d60QwA4I
-t34gmMaEVUkIbweO5A2d1YjYOcqw4cuxfcsCAwEAAQJAOT9WOKEfyN0WEpl3TJDs
-ITmgw2XbjhLOh1HFsW3xegWlaOuhL/wGamz7n7zzL/RQF3JP/VvpGk2F8VD9JhwT
-wQIhAPmqM3fLttBoCQuwQRdIPfB7Ps3THqx6N8AJ04z3I1ejAiEA1XyDd7bLpWrw
-/oA8CmR4b/KCGfvRwAL/Qej/rQliw7kCIQCYRzSvO8ScpuflhjKdZcXJuRJcbgnG
-f6Ejc5rh3xdiawIhALMmLdzEFNjXiSzIx5mg/kBTLUJIw5dx7GqO8B9xBORhAiA5
-oTN/hgvvrkkmRsHQpNBmzAEGBzhMEEq9lD6ZWrTSRg==
------END RSA PRIVATE KEY-----
diff --git a/src/lib/libssl/src/ms/keyU.ss b/src/lib/libssl/src/ms/keyU.ss
deleted file mode 100644
index 05d356e7a5..0000000000
--- a/src/lib/libssl/src/ms/keyU.ss
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIBPAIBAAJBANHuKqKzq/87iwfTb0Wl4SVWiB2hhmrGu3jAI1T4rVgF5Dfg8V4h
-h9QpzIEK2iomM7BFT9ecbcZHrxLyuYyaTsMCAwEAAQJBAIxtM6n4ZCJscxj+D13Y
-k13Fn3Gqvd6pJ3ijlj7dxh6tRBBQ3W9qmQflyvEc81giI2XtbVYBOEJKtJ1cWWZm
-gAkCIQDpEoOuc4KCI5ti6aMJvtxlXWNHbkXCxtbeIjH4+FnH9QIhAOaU3XVeWWOK
-PnnO87KniDjHQqWLnooivDGRK+FUKeDXAiEA2MjEvFVqFVvDIsxHPkBNROcI+Z6i
-ulkx76kErBtrfqUCIHN5uBLQZmngUPuFtiwRlLoCqJDphENfs+oK7vPQx4xPAiEA
-hnY2Ulrpld83IG6bUs95Loc8Fk81hez5YwmhsFEXVtk=
------END RSA PRIVATE KEY-----
diff --git a/src/lib/libssl/src/ms/mingw32.bat b/src/lib/libssl/src/ms/mingw32.bat
deleted file mode 100644
index 06b5733878..0000000000
--- a/src/lib/libssl/src/ms/mingw32.bat
+++ /dev/null
@@ -1,90 +0,0 @@
-@rem OpenSSL with Mingw32+GNU as
-@rem ---------------------------
-
-perl Configure mingw %1 %2 %3 %4 %5 %6 %7 %8
-
-@echo off
-
-perl -e "exit 1 if '%1' eq 'no-asm'"
-if errorlevel 1 goto noasm
-
-echo Generating x86 for GNU assember
-
-echo Bignum
-cd crypto\bn\asm
-perl bn-586.pl gaswin > bn-win32.s
-perl co-586.pl gaswin > co-win32.s
-cd ..\..\..
-
-echo DES
-cd crypto\des\asm
-perl des-586.pl gaswin > d-win32.s
-cd ..\..\..
-
-echo crypt
-cd crypto\des\asm
-perl crypt586.pl gaswin > y-win32.s
-cd ..\..\..
-
-echo Blowfish
-cd crypto\bf\asm
-perl bf-586.pl gaswin > b-win32.s
-cd ..\..\..
-
-echo CAST5
-cd crypto\cast\asm
-perl cast-586.pl gaswin > c-win32.s
-cd ..\..\..
-
-echo RC4
-cd crypto\rc4\asm
-perl rc4-586.pl gaswin > r4-win32.s
-cd ..\..\..
-
-echo MD5
-cd crypto\md5\asm
-perl md5-586.pl gaswin > m5-win32.s
-cd ..\..\..
-
-echo SHA1
-cd crypto\sha\asm
-perl sha1-586.pl gaswin > s1-win32.s
-cd ..\..\..
-
-echo RIPEMD160
-cd crypto\ripemd\asm
-perl rmd-586.pl gaswin > rm-win32.s
-cd ..\..\..
-
-echo RC5\32
-cd crypto\rc5\asm
-perl rc5-586.pl gaswin > r5-win32.s
-cd ..\..\..
-
-:noasm
-
-echo Generating makefile
-perl util\mkfiles.pl >MINFO
-perl util\mk1mf.pl gaswin Mingw32 >ms\mingw32a.mak
-echo Generating DLL definition files
-perl util\mkdef.pl 32 libeay >ms\libeay32.def
-if errorlevel 1 goto end
-perl util\mkdef.pl 32 ssleay >ms\ssleay32.def
-if errorlevel 1 goto end
-
-rem copy ms\tlhelp32.h outinc
-
-echo Building the libraries
-mingw32-make -f ms/mingw32a.mak
-if errorlevel 1 goto end
-
-echo Generating the DLLs and input libraries
-dllwrap --dllname libeay32.dll --output-lib out/libeay32.a --def ms/libeay32.def out/libcrypto.a -lws2_32 -lgdi32
-if errorlevel 1 goto end
-dllwrap --dllname libssl32.dll --output-lib out/libssl32.a --def ms/ssleay32.def out/libssl.a out/libeay32.a
-if errorlevel 1 goto end
-
-echo Done compiling OpenSSL
-
-:end
-
diff --git a/src/lib/libssl/src/ms/mw.bat b/src/lib/libssl/src/ms/mw.bat
deleted file mode 100644
index 35e00a4508..0000000000
--- a/src/lib/libssl/src/ms/mw.bat
+++ /dev/null
@@ -1,26 +0,0 @@
-@rem OpenSSL with Mingw32
-@rem --------------------
-
-@rem Makefile
-perl util\mkfiles.pl >MINFO
-perl util\mk1mf.pl Mingw32 >ms\mingw32.mak
-@rem DLL definition files
-perl util\mkdef.pl 32 libeay >ms\libeay32.def
-if errorlevel 1 goto end
-perl util\mkdef.pl 32 ssleay >ms\ssleay32.def
-if errorlevel 1 goto end
-
-@rem Build the libraries
-make -f ms/mingw32.mak
-if errorlevel 1 goto end
-
-@rem Generate the DLLs and input libraries
-dllwrap --dllname libeay32.dll --output-lib out/libeay32.a --def ms/libeay32.def out/libcrypto.a -lws2_32 -lgdi32
-if errorlevel 1 goto end
-dllwrap --dllname libssl32.dll --output-lib out/libssl32.a --def ms/ssleay32.def out/libssl.a out/libeay32.a
-if errorlevel 1 goto end
-
-echo Done compiling OpenSSL
-
-:end
-
diff --git a/src/lib/libssl/src/ms/req2CA.ss b/src/lib/libssl/src/ms/req2CA.ss
deleted file mode 100644
index d061fb2a07..0000000000
--- a/src/lib/libssl/src/ms/req2CA.ss
+++ /dev/null
@@ -1,29 +0,0 @@
-Certificate Request:
-    Data:
-        Version: 0 (0x0)
-        Subject: C=AU, O=Dodgy Brothers, CN=Dodgy CA
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (512 bit)
-                Modulus (512 bit):
-                    00:d0:34:0b:7a:73:3f:9d:c2:ba:0b:04:84:26:13:
-                    8e:d5:67:d9:50:f5:04:8b:8a:6f:a2:cf:5f:1d:6e:
-                    39:f6:38:77:ad:10:c0:0e:08:b7:7e:20:98:c6:84:
-                    55:49:08:6f:07:8e:e4:0d:9d:d5:88:d8:39:ca:b0:
-                    e1:cb:b1:7d:cb
-                Exponent: 65537 (0x10001)
-        Attributes:
-            a0:00
-    Signature Algorithm: md5WithRSAEncryption
-        8d:15:e6:8e:49:0f:07:fb:e0:72:ad:f0:04:9a:c8:5d:e7:1b:
-        ed:99:c9:c3:3c:f5:8e:4d:a1:5e:e1:40:75:2c:24:f0:c6:dd:
-        10:87:35:26:1d:cc:79:3f:a2:c6:a0:04:c8:52:78:ed:26:32:
-        d3:1b:a7:cd:5e:8c:55:92:dd:88
------BEGIN CERTIFICATE REQUEST-----
-MIHzMIGeAgEAMDkxCzAJBgNVBAYTAkFVMRcwFQYDVQQKEw5Eb2RneSBCcm90aGVy
-czERMA8GA1UEAxMIRG9kZ3kgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA0DQL
-enM/ncK6CwSEJhOO1WfZUPUEi4pvos9fHW459jh3rRDADgi3fiCYxoRVSQhvB47k
-DZ3ViNg5yrDhy7F9ywIDAQABoAAwDQYJKoZIhvcNAQEEBQADQQCNFeaOSQ8H++By
-rfAEmshd5xvtmcnDPPWOTaFe4UB1LCTwxt0QhzUmHcx5P6LGoATIUnjtJjLTG6fN
-XoxVkt2I
------END CERTIFICATE REQUEST-----
diff --git a/src/lib/libssl/src/ms/reqCA.ss b/src/lib/libssl/src/ms/reqCA.ss
deleted file mode 100644
index 1f7138cadc..0000000000
--- a/src/lib/libssl/src/ms/reqCA.ss
+++ /dev/null
@@ -1,8 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIHzMIGeAgEAMDkxCzAJBgNVBAYTAkFVMRcwFQYDVQQKEw5Eb2RneSBCcm90aGVy
-czERMA8GA1UEAxMIRG9kZ3kgQ0EwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA0DQL
-enM/ncK6CwSEJhOO1WfZUPUEi4pvos9fHW459jh3rRDADgi3fiCYxoRVSQhvB47k
-DZ3ViNg5yrDhy7F9ywIDAQABoAAwDQYJKoZIhvcNAQEFBQADQQA5DZSZgDXs8flG
-GZf4SGr8QpqkxSu9bZOYp/ySuz1khj7aupBrvZBmqZcZx4ZjAUN7UQpMWu2gyfKa
-mAiiLPFN
------END CERTIFICATE REQUEST-----
diff --git a/src/lib/libssl/src/ms/reqU.ss b/src/lib/libssl/src/ms/reqU.ss
deleted file mode 100644
index 91cce5966d..0000000000
--- a/src/lib/libssl/src/ms/reqU.ss
+++ /dev/null
@@ -1,8 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIBCDCBswIBADBOMQswCQYDVQQGEwJBVTEXMBUGA1UEChMORG9kZ3kgQnJvdGhl
-cnMxEjAQBgNVBAMTCUJyb3RoZXIgMTESMBAGA1UEAxMJQnJvdGhlciAyMFwwDQYJ
-KoZIhvcNAQEBBQADSwAwSAJBANHuKqKzq/87iwfTb0Wl4SVWiB2hhmrGu3jAI1T4
-rVgF5Dfg8V4hh9QpzIEK2iomM7BFT9ecbcZHrxLyuYyaTsMCAwEAAaAAMA0GCSqG
-SIb3DQEBAgUAA0EAhB0p6LbiVq+XshLo5sBQN0rsROC1OgWrdS6ZUmMaigOKK069
-r1o+dGwbM5VCYGTZf0PW9OtGuArGct0laL5h4w==
------END CERTIFICATE REQUEST-----
diff --git a/src/lib/libssl/src/ms/speed32.bat b/src/lib/libssl/src/ms/speed32.bat
deleted file mode 100644
index 95f7ce9505..0000000000
--- a/src/lib/libssl/src/ms/speed32.bat
+++ /dev/null
@@ -1,37 +0,0 @@
-set makefile=ms\nt.mak
-
-perl Configure b
-del tmp\*.obj
-nmake -f %makefile%
-nmake -f %makefile%
-nmake -f %makefile%
-out\ssleay version -v -b -f >speed.1
-out\ssleay speed >speed.1l
-
-perl Configure bl-4c-2c
-del tmp\rc4*.obj tmp\bn*.obj tmp\md2_dgst.obj
-nmake -f %makefile%
-nmake -f %makefile%
-nmake -f %makefile%
-out\ssleay speed rc4 rsa md2 >speed.2l
-
-perl Configure bl-4c-ri
-del tmp\rc4*.obj
-nmake -f %makefile%
-nmake -f %makefile%
-nmake -f %makefile%
-out\ssleay speed rc4 >speed.3l
-
-perl Configure b2-is-ri-dp
-del tmp\i_*.obj tmp\rc4*.obj tmp\ecb_enc.obj tmp\bn*.obj
-nmake -f %makefile%
-nmake -f %makefile%
-nmake -f %makefile%
-out\ssleay speed rsa rc4 idea des >speed.4l
-
-type speed.1 >speed.log
-type speed.1l >>speed.log
-perl util\sp-diff.pl speed.1l speed.2l >>speed.log
-perl util\sp-diff.pl speed.1l speed.3l >>speed.log
-perl util\sp-diff.pl speed.1l speed.4l >>speed.log
-
diff --git a/src/lib/libssl/src/ms/tenc.bat b/src/lib/libssl/src/ms/tenc.bat
deleted file mode 100644
index a4fa7f3652..0000000000
--- a/src/lib/libssl/src/ms/tenc.bat
+++ /dev/null
@@ -1,14 +0,0 @@
-rem called by testenc
-
-echo test %1 %2 %3 %4 %5 %6 
-%ssleay% %1 %2 %3 %4 %5 %6 -e -bufsize 113 -k test -in %input% -out %tmp1%
-%ssleay% %1 %2 %3 %4 %5 %6 -d -bufsize 157 -k test -in %tmp1% -out %out1%
-%cmp% %input% %out1%
-if errorlevel 1 goto err
-
-echo test base64 %1 %2 %3 %4 %5 %6 
-%ssleay% %1 %2 %3 %4 %5 %6 -a -e -bufsize 113 -k test -in %input% -out %tmp1%
-%ssleay% %1 %2 %3 %4 %5 %6 -a -d -bufsize 157 -k test -in %tmp1% -out %out1%
-%cmp% %input% %out1%
-
-:err
diff --git a/src/lib/libssl/src/ms/tencce.bat b/src/lib/libssl/src/ms/tencce.bat
deleted file mode 100644
index c8b1acd4b4..0000000000
--- a/src/lib/libssl/src/ms/tencce.bat
+++ /dev/null
@@ -1,19 +0,0 @@
-rem called by testencce
-
-echo test %1 %2 %3 %4 %5 %6 
-cecopy %input% CE:\OpenSSL
-cerun CE:\OpenSSL\%ssleay% %1 %2 %3 %4 %5 %6 -e -bufsize 113 -k test -in \OpenSSL\%input% -out \OpenSSL\%tmp1%
-cerun CE:\OpenSSL\%ssleay% %1 %2 %3 %4 %5 %6 -d -bufsize 157 -k test -in \OpenSSL\%tmp1% -out \OpenSSL\%out1%
-del %out1% >nul 2>&1
-cecopy CE:\OpenSSL\%out1% .
-%cmp% %input% %out1%
-if errorlevel 1 goto err
-
-echo test base64 %1 %2 %3 %4 %5 %6 
-cerun CE:\OpenSSL\%ssleay% %1 %2 %3 %4 %5 %6 -a -e -bufsize 113 -k test -in \OpenSSL\%input% -out \OpenSSL\%tmp1%
-cerun CE:\OpenSSL\%ssleay% %1 %2 %3 %4 %5 %6 -a -d -bufsize 157 -k test -in \OpenSSL\%tmp1% -out \OpenSSL\%out1%
-del %out1% >nul 2>&1
-cecopy CE:\OpenSSL\%out1% .
-%cmp% %input% %out1%
-
-:err
diff --git a/src/lib/libssl/src/ms/test.bat b/src/lib/libssl/src/ms/test.bat
deleted file mode 100644
index f490546ebb..0000000000
--- a/src/lib/libssl/src/ms/test.bat
+++ /dev/null
@@ -1,185 +0,0 @@
-@echo off
-
-set test=..\ms
-set opath=%PATH%
-PATH=..\ms;%PATH%
-set OPENSSL_CONF=..\apps\openssl.cnf
-
-rem run this from inside the bin directory
-
-echo rsa_test
-rsa_test
-if errorlevel 1 goto done
-
-echo destest
-destest
-if errorlevel 1 goto done
-
-echo ideatest
-ideatest
-if errorlevel 1 goto done
-
-echo bftest
-bftest
-if errorlevel 1 goto done
-
-echo shatest
-shatest
-if errorlevel 1 goto done
-
-echo sha1test
-sha1test
-if errorlevel 1 goto done
-
-echo md5test
-md5test
-if errorlevel 1 goto done
-
-echo rc2test
-rc2test
-if errorlevel 1 goto done
-
-echo rc4test
-rc4test
-if errorlevel 1 goto done
-
-echo randtest
-randtest
-if errorlevel 1 goto done
-
-echo dhtest
-dhtest
-if errorlevel 1 goto done
-
-echo exptest
-exptest
-if errorlevel 1 goto done
-
-echo dsatest
-dsatest
-if errorlevel 1 goto done
-
-echo ectest
-ectest
-if errorlevel 1 goto done
-
-echo testenc
-call %test%\testenc openssl
-if errorlevel 1 goto done
-
-echo testpem
-call %test%\testpem openssl
-if errorlevel 1 goto done
-
-echo testss
-call %test%\testss openssl
-if errorlevel 1 goto done
-
-set SSL_TEST=ssltest -key keyU.ss -cert certU.ss -c_key keyU.ss -c_cert certU.ss -CAfile certCA.ss
-
-echo test sslv2
-ssltest -ssl2
-if errorlevel 1 goto done
-
-echo test sslv2 with server authentication
-%SSL_TEST% -ssl2 -server_auth
-if errorlevel 1 goto done
-
-echo test sslv2 with client authentication
-%SSL_TEST% -ssl2 -client_auth
-if errorlevel 1 goto done
-
-echo test sslv2 with both client and server authentication
-%SSL_TEST% -ssl2 -server_auth -client_auth
-if errorlevel 1 goto done
-
-echo test sslv3
-ssltest -ssl3
-if errorlevel 1 goto done
-
-echo test sslv3 with server authentication
-%SSL_TEST% -ssl3 -server_auth
-if errorlevel 1 goto done
-
-echo test sslv3 with client authentication
-%SSL_TEST% -ssl3 -client_auth
-if errorlevel 1 goto done
-
-echo test sslv3 with both client and server authentication
-%SSL_TEST% -ssl3 -server_auth -client_auth
-if errorlevel 1 goto done
-
-echo test sslv2/sslv3
-ssltest
-if errorlevel 1 goto done
-
-echo test sslv2/sslv3 with server authentication
-%SSL_TEST% -server_auth
-if errorlevel 1 goto done
-
-echo test sslv2/sslv3 with client authentication
-%SSL_TEST% -client_auth
-if errorlevel 1 goto done
-
-echo test sslv2/sslv3 with both client and server authentication
-%SSL_TEST% -server_auth -client_auth
-if errorlevel 1 goto done
-
-echo test sslv2 via BIO pair
-ssltest -bio_pair -ssl2
-if errorlevel 1 goto done
-
-echo test sslv2/sslv3 with 1024 bit DHE via BIO pair
-ssltest -bio_pair -dhe1024dsa -v
-if errorlevel 1 goto done
-
-echo test sslv2 with server authentication via BIO pair
-%SSL_TEST% -bio_pair -ssl2 -server_auth
-if errorlevel 1 goto done
-
-echo test sslv2 with client authentication via BIO pair
-%SSL_TEST% -bio_pair -ssl2 -client_auth
-if errorlevel 1 goto done
-
-echo test sslv2 with both client and server authentication via BIO pair
-%SSL_TEST% -bio_pair -ssl2 -server_auth -client_auth
-if errorlevel 1 goto done
-
-echo test sslv3 via BIO pair
-ssltest -bio_pair -ssl3
-if errorlevel 1 goto done
-
-echo test sslv3 with server authentication via BIO pair
-%SSL_TEST% -bio_pair -ssl3 -server_auth
-if errorlevel 1 goto done
-
-echo test sslv3 with client authentication  via BIO pair
-%SSL_TEST% -bio_pair -ssl3 -client_auth
-if errorlevel 1 goto done
-
-echo test sslv3 with both client and server authentication via BIO pair
-%SSL_TEST% -bio_pair -ssl3 -server_auth -client_auth
-if errorlevel 1 goto done
-
-echo test sslv2/sslv3 via BIO pair
-ssltest -bio_pair
-if errorlevel 1 goto done
-
-echo test sslv2/sslv3 with server authentication
-%SSL_TEST% -bio_pair -server_auth
-if errorlevel 1 goto done
-
-echo test sslv2/sslv3 with client authentication via BIO pair
-%SSL_TEST% -bio_pair -client_auth
-if errorlevel 1 goto done
-
-echo test sslv2/sslv3 with both client and server authentication via BIO pair
-%SSL_TEST% -bio_pair -server_auth -client_auth
-if errorlevel 1 goto done
-
-echo passed all tests
-goto end
-:done
-echo problems.....
-:end
-PATH=%opath%
diff --git a/src/lib/libssl/src/ms/testce.bat b/src/lib/libssl/src/ms/testce.bat
deleted file mode 100644
index 2ab010be6a..0000000000
--- a/src/lib/libssl/src/ms/testce.bat
+++ /dev/null
@@ -1,234 +0,0 @@
-@echo off
-
-cemkdir CE:\OpenSSL
-
-set test=..\ms
-set opath=%PATH%
-PATH=..\ms;%PATH%
-cecopy ..\apps\openssl.cnf CE:\OpenSSL
-set OPENSSL_CONF=\OpenSSL\openssl.cnf
-set HOME=\OpenSSL
-set CERUN_PASS_ENV=OPENSSL_CONF HOME
-
-rem run this from inside the bin directory
-
-rem Copy the DLL's (though they'll only exist if we're in out32dll)
-if exist libeay32.dll cecopy libeay32.dll CE:\OpenSSL
-if exist ssleay32.dll cecopy ssleay32.dll CE:\OpenSSL
-
-echo rsa_test
-call %test%\testce2 rsa_test
-if errorlevel 1 goto done
-
-echo destest
-call %test%\testce2 destest
-if errorlevel 1 goto done
-
-echo ideatest
-call %test%\testce2 ideatest
-if errorlevel 1 goto done
-
-echo bftest
-call %test%\testce2 bftest
-if errorlevel 1 goto done
-
-echo shatest
-call %test%\testce2 shatest
-if errorlevel 1 goto done
-
-echo sha1test
-call %test%\testce2 sha1test
-if errorlevel 1 goto done
-
-echo md5test
-call %test%\testce2 md5test
-if errorlevel 1 goto done
-
-echo md2test
-call %test%\testce2 md2test
-if errorlevel 1 goto done
-
-echo mdc2test
-call %test%\testce2 mdc2test
-if errorlevel 1 goto done
-
-echo rc2test
-call %test%\testce2 rc2test
-if errorlevel 1 goto done
-
-echo rc4test
-call %test%\testce2 rc4test
-if errorlevel 1 goto done
-
-echo randtest
-call %test%\testce2 randtest
-if errorlevel 1 goto done
-
-echo dhtest
-call %test%\testce2 dhtest
-if errorlevel 1 goto done
-
-echo exptest
-call %test%\testce2 exptest
-if errorlevel 1 goto done
-
-echo dsatest
-call %test%\testce2 dsatest
-if errorlevel 1 goto done
-
-echo testenc
-call %test%\testencce openssl.exe
-if errorlevel 1 goto done
-
-echo testpem
-call %test%\testpemce openssl.exe
-if errorlevel 1 goto done
-
-cecopy openssl.exe CE:\OpenSSL
-
-echo verify
-copy ..\certs\*.pem cert.tmp >nul
-cecopy cert.tmp CE:\OpenSSL
-cemkdir CE:\OpenSSL\certs
-rem cecopy ..\certs\*.pem CE:\OpenSSL\certs
-cecopy ..\certs\ca-cert.pem CE:\OpenSSL\certs
-cecopy ..\certs\dsa-ca.pem CE:\OpenSSL\certs
-cecopy ..\certs\dsa-pca.pem CE:\OpenSSL\certs
-cecopy ..\certs\factory.pem CE:\OpenSSL\certs
-cecopy ..\certs\ICE-CA.pem CE:\OpenSSL\certs
-cecopy ..\certs\ICE-root.pem CE:\OpenSSL\certs
-cecopy ..\certs\ICE-user.pem CE:\OpenSSL\certs
-cecopy ..\certs\nortelCA.pem CE:\OpenSSL\certs
-cecopy ..\certs\pca-cert.pem CE:\OpenSSL\certs
-cecopy ..\certs\RegTP-4R.pem CE:\OpenSSL\certs
-cecopy ..\certs\RegTP-5R.pem CE:\OpenSSL\certs
-cecopy ..\certs\RegTP-6R.pem CE:\OpenSSL\certs
-cecopy ..\certs\rsa-cca.pem CE:\OpenSSL\certs
-cecopy ..\certs\thawteCb.pem CE:\OpenSSL\certs
-cecopy ..\certs\thawteCp.pem CE:\OpenSSL\certs
-cecopy ..\certs\timCA.pem CE:\OpenSSL\certs
-cecopy ..\certs\tjhCA.pem CE:\OpenSSL\certs
-cecopy ..\certs\vsign1.pem CE:\OpenSSL\certs
-cecopy ..\certs\vsign2.pem CE:\OpenSSL\certs
-cecopy ..\certs\vsign3.pem CE:\OpenSSL\certs
-cecopy ..\certs\vsignss.pem CE:\OpenSSL\certs
-cecopy ..\certs\vsigntca.pem CE:\OpenSSL\certs
-cerun CE:\OpenSSL\openssl verify -CAfile \OpenSSL\cert.tmp \OpenSSL\certs\*.pem
-
-echo testss
-call %test%\testssce openssl.exe
-if errorlevel 1 goto done
-
-cecopy ssltest.exe CE:\OpenSSL
-cecopy ..\apps\server.pem CE:\OpenSSL
-cecopy ..\apps\client.pem CE:\OpenSSL
-
-echo test sslv2
-cerun CE:\OpenSSL\ssltest -ssl2
-if errorlevel 1 goto done
-
-echo test sslv2 with server authentication
-cerun CE:\OpenSSL\ssltest -ssl2 -server_auth -CAfile \OpenSSL\cert.tmp
-if errorlevel 1 goto done
-
-echo test sslv2 with client authentication
-cerun CE:\OpenSSL\ssltest -ssl2 -client_auth -CAfile \OpenSSL\cert.tmp
-if errorlevel 1 goto done
-
-echo test sslv2 with both client and server authentication
-cerun CE:\OpenSSL\ssltest -ssl2 -server_auth -client_auth -CAfile \OpenSSL\cert.tmp
-if errorlevel 1 goto done
-
-echo test sslv3
-cerun CE:\OpenSSL\ssltest -ssl3
-if errorlevel 1 goto done
-
-echo test sslv3 with server authentication
-cerun CE:\OpenSSL\ssltest -ssl3 -server_auth -CAfile \OpenSSL\cert.tmp
-if errorlevel 1 goto done
-
-echo test sslv3 with client authentication
-cerun CE:\OpenSSL\ssltest -ssl3 -client_auth -CAfile \OpenSSL\cert.tmp
-if errorlevel 1 goto done
-
-echo test sslv3 with both client and server authentication
-cerun CE:\OpenSSL\ssltest -ssl3 -server_auth -client_auth -CAfile \OpenSSL\cert.tmp
-if errorlevel 1 goto done
-
-echo test sslv2/sslv3
-cerun CE:\OpenSSL\ssltest
-if errorlevel 1 goto done
-
-echo test sslv2/sslv3 with server authentication
-cerun CE:\OpenSSL\ssltest -server_auth -CAfile \OpenSSL\cert.tmp
-if errorlevel 1 goto done
-
-echo test sslv2/sslv3 with client authentication
-cerun CE:\OpenSSL\ssltest -client_auth -CAfile \OpenSSL\cert.tmp
-if errorlevel 1 goto done
-
-echo test sslv2/sslv3 with both client and server authentication
-cerun CE:\OpenSSL\ssltest -server_auth -client_auth -CAfile \OpenSSL\cert.tmp
-if errorlevel 1 goto done
-
-echo test sslv2 via BIO pair
-cerun CE:\OpenSSL\ssltest -bio_pair -ssl2
-if errorlevel 1 goto done
-
-echo test sslv2/sslv3 with 1024 bit DHE via BIO pair
-cerun CE:\OpenSSL\ssltest -bio_pair -dhe1024dsa -v
-if errorlevel 1 goto done
-
-echo test sslv2 with server authentication via BIO pair
-cerun CE:\OpenSSL\ssltest -bio_pair -ssl2 -server_auth -CAfile \OpenSSL\cert.tmp
-if errorlevel 1 goto done
-
-echo test sslv2 with client authentication via BIO pair
-cerun CE:\OpenSSL\ssltest -bio_pair -ssl2 -client_auth -CAfile \OpenSSL\cert.tmp
-if errorlevel 1 goto done
-
-echo test sslv2 with both client and server authentication via BIO pair
-cerun CE:\OpenSSL\ssltest -bio_pair -ssl2 -server_auth -client_auth -CAfile \OpenSSL\cert.tmp
-if errorlevel 1 goto done
-
-echo test sslv3 via BIO pair
-cerun CE:\OpenSSL\ssltest -bio_pair -ssl3
-if errorlevel 1 goto done
-
-echo test sslv3 with server authentication via BIO pair
-cerun CE:\OpenSSL\ssltest -bio_pair -ssl3 -server_auth -CAfile \OpenSSL\cert.tmp
-if errorlevel 1 goto done
-
-echo test sslv3 with client authentication  via BIO pair
-cerun CE:\OpenSSL\ssltest -bio_pair -ssl3 -client_auth -CAfile \OpenSSL\cert.tmp
-if errorlevel 1 goto done
-
-echo test sslv3 with both client and server authentication via BIO pair
-cerun CE:\OpenSSL\ssltest -bio_pair -ssl3 -server_auth -client_auth -CAfile \OpenSSL\cert.tmp
-if errorlevel 1 goto done
-
-echo test sslv2/sslv3 via BIO pair
-cerun CE:\OpenSSL\ssltest
-if errorlevel 1 goto done
-
-echo test sslv2/sslv3 with server authentication
-cerun CE:\OpenSSL\ssltest -bio_pair -server_auth -CAfile \OpenSSL\cert.tmp
-if errorlevel 1 goto done
-
-echo test sslv2/sslv3 with client authentication via BIO pair
-cerun CE:\OpenSSL\ssltest -bio_pair -client_auth -CAfile \OpenSSL\cert.tmp
-if errorlevel 1 goto done
-
-echo test sslv2/sslv3 with both client and server authentication via BIO pair
-cerun CE:\OpenSSL\ssltest -bio_pair -server_auth -client_auth -CAfile \OpenSSL\cert.tmp
-if errorlevel 1 goto done
-
-del cert.tmp
-
-echo passed all tests
-goto end
-:done
-echo problems.....
-:end
-PATH=%opath%
-
diff --git a/src/lib/libssl/src/ms/testce2.bat b/src/lib/libssl/src/ms/testce2.bat
deleted file mode 100644
index 24265b948f..0000000000
--- a/src/lib/libssl/src/ms/testce2.bat
+++ /dev/null
@@ -1,2 +0,0 @@
-cecopy %1.exe CE:\OpenSSL
-cerun CE:\OpenSSL\%1 %2 %3 %4 %5 %6 %7 %8 %9
diff --git a/src/lib/libssl/src/ms/testenc.bat b/src/lib/libssl/src/ms/testenc.bat
deleted file mode 100644
index f8e90939ed..0000000000
--- a/src/lib/libssl/src/ms/testenc.bat
+++ /dev/null
@@ -1,94 +0,0 @@
-@echo off
-echo start testenc
-
-path=..\ms;%path%
-set ssleay=%1%
-set input=..\ms\testenc.bat
-set tmp1=..\ms\cipher.out
-set out1=..\ms\clear.out
-set cmp=perl ..\ms\cmp.pl
-
-cd
-call tenc.bat enc
-if errorlevel 1 goto err
-
-call tenc.bat rc4
-if errorlevel 1 goto err
-
-call tenc.bat des-cfb
-if errorlevel 1 goto err
-
-call tenc.bat des-ede-cfb
-if errorlevel 1 goto err
-
-call tenc.bat des-ede3-cfb
-if errorlevel 1 goto err
-
-call tenc.bat des-ofb
-if errorlevel 1 goto err
-
-call tenc.bat des-ede-ofb
-if errorlevel 1 goto err
-
-call tenc.bat des-ede3-ofb
-if errorlevel 1 goto err
-
-call tenc.bat des-ecb
-if errorlevel 1 goto err
-
-call tenc.bat des-ede
-if errorlevel 1 goto err
-
-call tenc.bat des-ede3
-if errorlevel 1 goto err
-
-call tenc.bat des-cbc
-if errorlevel 1 goto err
-
-call tenc.bat des-ede-cbc
-if errorlevel 1 goto err
-
-call tenc.bat des-ede3-cbc
-if errorlevel 1 goto err
-
-call tenc.bat idea-ecb
-if errorlevel 1 goto err
-
-call tenc.bat idea-cfb
-if errorlevel 1 goto err
-
-call tenc.bat idea-ofb
-if errorlevel 1 goto err
-
-call tenc.bat idea-cbc
-if errorlevel 1 goto err
-
-call tenc.bat rc2-ecb
-if errorlevel 1 goto err
-
-call tenc.bat rc2-cfb
-if errorlevel 1 goto err
-
-call tenc.bat rc2-ofb
-if errorlevel 1 goto err
-
-call tenc.bat rc2-cbc
-if errorlevel 1 goto err
-
-call tenc.bat bf-ecb
-if errorlevel 1 goto err
-
-call tenc.bat bf-cfb
-if errorlevel 1 goto err
-
-call tenc.bat bf-ofb
-if errorlevel 1 goto err
-
-call tenc.bat bf-cbc
-if errorlevel 1 goto err
-
-echo OK
-del %out1%
-del %tmp1%
-:err
-
diff --git a/src/lib/libssl/src/ms/testencce.bat b/src/lib/libssl/src/ms/testencce.bat
deleted file mode 100644
index 1da3e0861f..0000000000
--- a/src/lib/libssl/src/ms/testencce.bat
+++ /dev/null
@@ -1,97 +0,0 @@
-@echo off
-echo start testenc
-
-path=..\ms;%path%
-set ssleay=%1%
-copy ..\ms\testenc.bat >nul
-set input=testenc.bat
-set tmp1=cipher.out
-set out1=clear.out
-set cmp=perl ..\ms\cmp.pl
-
-cecopy %ssleay% CE:\OpenSSL
-
-cd
-call tencce.bat enc
-if errorlevel 1 goto err
-
-call tencce.bat rc4
-if errorlevel 1 goto err
-
-call tencce.bat des-cfb
-if errorlevel 1 goto err
-
-call tencce.bat des-ede-cfb
-if errorlevel 1 goto err
-
-call tencce.bat des-ede3-cfb
-if errorlevel 1 goto err
-
-call tencce.bat des-ofb
-if errorlevel 1 goto err
-
-call tencce.bat des-ede-ofb
-if errorlevel 1 goto err
-
-call tencce.bat des-ede3-ofb
-if errorlevel 1 goto err
-
-call tencce.bat des-ecb
-if errorlevel 1 goto err
-
-call tencce.bat des-ede
-if errorlevel 1 goto err
-
-call tencce.bat des-ede3
-if errorlevel 1 goto err
-
-call tencce.bat des-cbc
-if errorlevel 1 goto err
-
-call tencce.bat des-ede-cbc
-if errorlevel 1 goto err
-
-call tencce.bat des-ede3-cbc
-if errorlevel 1 goto err
-
-call tencce.bat idea-ecb
-if errorlevel 1 goto err
-
-call tencce.bat idea-cfb
-if errorlevel 1 goto err
-
-call tencce.bat idea-ofb
-if errorlevel 1 goto err
-
-call tencce.bat idea-cbc
-if errorlevel 1 goto err
-
-call tencce.bat rc2-ecb
-if errorlevel 1 goto err
-
-call tencce.bat rc2-cfb
-if errorlevel 1 goto err
-
-call tencce.bat rc2-ofb
-if errorlevel 1 goto err
-
-call tencce.bat rc2-cbc
-if errorlevel 1 goto err
-
-call tencce.bat bf-ecb
-if errorlevel 1 goto err
-
-call tencce.bat bf-cfb
-if errorlevel 1 goto err
-
-call tencce.bat bf-ofb
-if errorlevel 1 goto err
-
-call tencce.bat bf-cbc
-if errorlevel 1 goto err
-
-echo OK
-del %out1% >nul 2>&1
-del %tmp1% >nul 2>&1
-:err
-
diff --git a/src/lib/libssl/src/ms/testpem.bat b/src/lib/libssl/src/ms/testpem.bat
deleted file mode 100644
index 8b2e844d36..0000000000
--- a/src/lib/libssl/src/ms/testpem.bat
+++ /dev/null
@@ -1,32 +0,0 @@
-@echo off
-set ssleay=%1%
-set tmp1=pem.out
-set cmp=fc.exe
-
-call tpem.bat crl ..\test\testcrl.pem
-if errorlevel 1 goto err
-
-call tpem.bat pkcs7 ..\test\testp7.pem
-if errorlevel 1 goto err
-
-call tpem.bat req ..\test\testreq2.pem
-if errorlevel 1 goto err
-
-call tpem.bat rsa ..\test\testrsa.pem
-if errorlevel 1 goto err
-
-call tpem.bat x509 ..\test\testx509.pem
-if errorlevel 1 goto err
-
-call tpem.bat x509 ..\test\v3-cert1.pem
-if errorlevel 1 goto err
-
-call tpem.bat x509 ..\test\v3-cert1.pem
-if errorlevel 1 goto err
-
-call tpem.bat sess_id ..\test\testsid.pem
-if errorlevel 1 goto err
-
-echo OK
-del %tmp1%
-:err
diff --git a/src/lib/libssl/src/ms/testpemce.bat b/src/lib/libssl/src/ms/testpemce.bat
deleted file mode 100644
index ac64a7912c..0000000000
--- a/src/lib/libssl/src/ms/testpemce.bat
+++ /dev/null
@@ -1,42 +0,0 @@
-@echo off
-set ssleay=%1%
-set tmp1=pem.out
-set cmp=fc.exe
-
-cecopy %ssleay% CE:\OpenSSL
-
-copy ..\test\testcrl.pem >nul
-call tpemce.bat crl testcrl.pem
-if errorlevel 1 goto err
-
-copy ..\test\testp7.pem >nul
-call tpemce.bat pkcs7 testp7.pem
-if errorlevel 1 goto err
-
-copy ..\test\testreq2.pem >nul
-call tpemce.bat req testreq2.pem
-if errorlevel 1 goto err
-
-copy ..\test\testrsa.pem >nul
-call tpemce.bat rsa testrsa.pem
-if errorlevel 1 goto err
-
-copy ..\test\testx509.pem >nul
-call tpemce.bat x509 testx509.pem
-if errorlevel 1 goto err
-
-copy ..\test\v3-cert1.pem >nul
-call tpemce.bat x509 v3-cert1.pem
-if errorlevel 1 goto err
-
-copy ..\test\v3-cert1.pem >nul
-call tpemce.bat x509 v3-cert1.pem
-if errorlevel 1 goto err
-
-copy ..\test\testsid.pem >nul
-call tpemce.bat sess_id testsid.pem
-if errorlevel 1 goto err
-
-echo OK
-del %tmp1% >nul 2>&1
-:err
diff --git a/src/lib/libssl/src/ms/testss.bat b/src/lib/libssl/src/ms/testss.bat
deleted file mode 100644
index 5afa131dba..0000000000
--- a/src/lib/libssl/src/ms/testss.bat
+++ /dev/null
@@ -1,98 +0,0 @@
-@echo off
-
-rem set ssleay=..\out\ssleay
-set ssleay=%1
-
-set reqcmd=%ssleay% req
-set x509cmd=%ssleay% x509 -sha1
-set verifycmd=%ssleay% verify
-
-set CAkey=keyCA.ss
-set CAcert=certCA.ss
-set CAserial=certCA.srl
-set CAreq=reqCA.ss
-set CAconf=..\test\CAss.cnf
-set CAreq2=req2CA.ss    
-
-set Uconf=..\test\Uss.cnf
-set Ukey=keyU.ss
-set Ureq=reqU.ss
-set Ucert=certU.ss
-
-echo make a certificate request using 'req'
-%reqcmd% -config %CAconf% -out %CAreq% -keyout %CAkey% -new
-if errorlevel 1 goto e_req
-
-echo convert the certificate request into a self signed certificate using 'x509'
-%x509cmd% -CAcreateserial -in %CAreq% -days 30 -req -out %CAcert% -signkey %CAkey% >err.ss
-if errorlevel 1 goto e_x509
-
-echo --
-echo convert a certificate into a certificate request using 'x509'
-%x509cmd% -in %CAcert% -x509toreq -signkey %CAkey% -out %CAreq2% >err.ss
-if errorlevel 1 goto e_x509_2
-
-%reqcmd% -verify -in %CAreq% -noout
-if errorlevel 1 goto e_vrfy_1
-
-%reqcmd% -verify -in %CAreq2% -noout
-if errorlevel 1 goto e_vrfy_2
-
-%verifycmd% -CAfile %CAcert% %CAcert%
-if errorlevel 1 goto e_vrfy_3
-
-echo --
-echo make another certificate request using 'req'
-%reqcmd% -config %Uconf% -out %Ureq% -keyout %Ukey% -new >err.ss
-if errorlevel 1 goto e_req_gen
-
-echo --
-echo sign certificate request with the just created CA via 'x509'
-%x509cmd% -CAcreateserial -in %Ureq% -days 30 -req -out %Ucert% -CA %CAcert% -CAkey %CAkey% -CAserial %CAserial%
-if errorlevel 1 goto e_x_sign
-
-%verifycmd% -CAfile %CAcert% %Ucert%
-echo --
-echo Certificate details
-%x509cmd% -subject -issuer -startdate -enddate -noout -in %Ucert%
-
-echo Everything appeared to work
-echo --
-echo The generated CA certificate is %CAcert%
-echo The generated CA private key is %CAkey%
-echo The current CA signing serial number is in %CAserial%
-
-echo The generated user certificate is %Ucert%
-echo The generated user private key is %Ukey%
-echo --
-
-del err.ss
-
-goto end
-
-:e_req
-echo error using 'req' to generate a certificate request
-goto end
-:e_x509
-echo error using 'x509' to self sign a certificate request
-goto end
-:e_x509_2
-echo error using 'x509' convert a certificate to a certificate request
-goto end
-:e_vrfy_1
-echo first generated request is invalid
-goto end
-:e_vrfy_2
-echo second generated request is invalid
-goto end
-:e_vrfy_3
-echo first generated cert is invalid
-goto end
-:e_req_gen
-echo error using 'req' to generate a certificate request
-goto end
-:e_x_sign
-echo error using 'x509' to sign a certificate request
-goto end
-
-:end
diff --git a/src/lib/libssl/src/ms/testssce.bat b/src/lib/libssl/src/ms/testssce.bat
deleted file mode 100644
index 18381ed2fa..0000000000
--- a/src/lib/libssl/src/ms/testssce.bat
+++ /dev/null
@@ -1,104 +0,0 @@
-rem set ssleay=..\out\ssleay
-set ssleay=%1
-
-set reqcmd=%ssleay% req
-set x509cmd=%ssleay% x509
-set verifycmd=%ssleay% verify
-
-set CAkey=\OpenSSL\keyCA.ss
-set CAcert=\OpenSSL\certCA.ss
-set CAserial=\OpenSSL\certCA.srl
-set CAreq=\OpenSSL\reqCA.ss
-cecopy ..\test\CAss.cnf CE:\OpenSSL
-set CAconf=\OpenSSL\CAss.cnf
-set CAreq2=\OpenSSL\req2CA.ss   
-
-cecopy ..\test\Uss.cnf CE:\OpenSSL
-set Uconf=\OpenSSL\Uss.cnf
-set Ukey=\OpenSSL\keyU.ss
-set Ureq=\OpenSSL\reqU.ss
-set Ucert=\OpenSSL\certU.ss
-
-echo make a certificate request using 'req'
-cerun CE:\OpenSSL\%reqcmd% -config %CAconf% -out %CAreq% -keyout %CAkey% -new
-if errorlevel 1 goto e_req
-
-echo convert the certificate request into a self signed certificate using 'x509'
-cerun CE:\OpenSSL\%x509cmd% -CAcreateserial -in %CAreq% -days 30 -req -out %CAcert% -signkey %CAkey% "> \OpenSSL\err.ss"
-if errorlevel 1 goto e_x509
-
-echo --
-echo convert a certificate into a certificate request using 'x509'
-cerun CE:\OpenSSL\%x509cmd% -in %CAcert% -x509toreq -signkey %CAkey% -out %CAreq2% "> \OpenSSL\err.ss"
-if errorlevel 1 goto e_x509_2
-
-cerun CE:\OpenSSL\%reqcmd% -verify -in %CAreq% -noout
-if errorlevel 1 goto e_vrfy_1
-
-cerun CE:\OpenSSL\%reqcmd% -verify -in %CAreq2% -noout
-if errorlevel 1 goto e_vrfy_2
-
-cerun CE:\OpenSSL\%verifycmd% -CAfile %CAcert% %CAcert%
-if errorlevel 1 goto e_vrfy_3
-
-echo --
-echo make another certificate request using 'req'
-cerun CE:\OpenSSL\%reqcmd% -config %Uconf% -out %Ureq% -keyout %Ukey% -new "> \OpenSSL\err.ss"
-if errorlevel 1 goto e_req_gen
-
-echo --
-echo sign certificate request with the just created CA via 'x509'
-cerun CE:\OpenSSL\%x509cmd% -CAcreateserial -in %Ureq% -days 30 -req -out %Ucert% -CA %CAcert% -CAkey %CAkey% -CAserial %CAserial%
-if errorlevel 1 goto e_x_sign
-
-cerun CE:\OpenSSL\%verifycmd% -CAfile %CAcert% %Ucert%
-echo --
-echo Certificate details
-cerun CE:\OpenSSL\%x509cmd% -subject -issuer -startdate -enddate -noout -in %Ucert%
-
-cecopy CE:%CAcert% .
-cecopy CE:%CAkey% .
-cecopy CE:%CAserial% .
-cecopy CE:%Ucert% .
-cecopy CE:%Ukey% .
-
-echo Everything appeared to work
-echo --
-echo The generated CA certificate is %CAcert%
-echo The generated CA private key is %CAkey%
-echo The current CA signing serial number is in %CAserial%
-
-echo The generated user certificate is %Ucert%
-echo The generated user private key is %Ukey%
-echo --
-
-cedel CE:\OpenSSL\err.ss
-
-goto end
-
-:e_req
-echo error using 'req' to generate a certificate request
-goto end
-:e_x509
-echo error using 'x509' to self sign a certificate request
-goto end
-:e_x509_2
-echo error using 'x509' convert a certificate to a certificate request
-goto end
-:e_vrfy_1
-echo first generated request is invalid
-goto end
-:e_vrfy_2
-echo second generated request is invalid
-goto end
-:e_vrfy_3
-echo first generated cert is invalid
-goto end
-:e_req_gen
-echo error using 'req' to generate a certificate request
-goto end
-:e_x_sign
-echo error using 'x509' to sign a certificate request
-goto end
-
-:end
diff --git a/src/lib/libssl/src/ms/tlhelp32.h b/src/lib/libssl/src/ms/tlhelp32.h
deleted file mode 100644
index 8f4222e34f..0000000000
--- a/src/lib/libssl/src/ms/tlhelp32.h
+++ /dev/null
@@ -1,136 +0,0 @@
-/*
-        tlhelp32.h - Include file for Tool help functions.
-
-        Written by Mumit Khan <khan@nanotech.wisc.edu>
-
-        This file is part of a free library for the Win32 API. 
-
-        This library is distributed in the hope that it will be useful,
-        but WITHOUT ANY WARRANTY; without even the implied warranty of
-        MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
-*/
-#ifndef _TLHELP32_H
-#define _TLHELP32_H
-#ifdef __cplusplus
-extern "C" {
-#endif
-#define HF32_DEFAULT    1
-#define HF32_SHARED     2
-#define LF32_FIXED      0x1
-#define LF32_FREE       0x2
-#define LF32_MOVEABLE   0x4
-#define MAX_MODULE_NAME32       255
-#define TH32CS_SNAPHEAPLIST     0x1
-#define TH32CS_SNAPPROCESS      0x2
-#define TH32CS_SNAPTHREAD       0x4
-#define TH32CS_SNAPMODULE       0x8
-#define TH32CS_SNAPALL  (TH32CS_SNAPHEAPLIST|TH32CS_SNAPPROCESS|TH32CS_SNAPTHREAD|TH32CS_SNAPMODULE)
-#define TH32CS_INHERIT  0x80000000
-typedef struct tagHEAPLIST32 {
-        DWORD dwSize;
-        DWORD th32ProcessID;
-        DWORD th32HeapID;
-        DWORD dwFlags;
-} HEAPLIST32,*PHEAPLIST32,*LPHEAPLIST32;
-typedef struct tagHEAPENTRY32 {
-        DWORD dwSize;
-        HANDLE hHandle;
-        DWORD dwAddress;
-        DWORD dwBlockSize;
-        DWORD dwFlags;
-        DWORD dwLockCount;
-        DWORD dwResvd;
-        DWORD th32ProcessID;
-        DWORD th32HeapID;
-} HEAPENTRY32,*PHEAPENTRY32,*LPHEAPENTRY32;
-typedef struct tagPROCESSENTRY32W {
-        DWORD dwSize;
-        DWORD cntUsage;
-        DWORD th32ProcessID;
-        DWORD th32DefaultHeapID;
-        DWORD th32ModuleID;
-        DWORD cntThreads;
-        DWORD th32ParentProcessID;
-        LONG pcPriClassBase;
-        DWORD dwFlags;
-        WCHAR szExeFile[MAX_PATH];
-} PROCESSENTRY32W,*PPROCESSENTRY32W,*LPPROCESSENTRY32W;
-typedef struct tagPROCESSENTRY32 {
-        DWORD dwSize;
-        DWORD cntUsage;
-        DWORD th32ProcessID;
-        DWORD th32DefaultHeapID;
-        DWORD th32ModuleID;
-        DWORD cntThreads;
-        DWORD th32ParentProcessID;
-        LONG pcPriClassBase;
-        DWORD dwFlags;
-        CHAR  szExeFile[MAX_PATH];
-} PROCESSENTRY32,*PPROCESSENTRY32,*LPPROCESSENTRY32;
-typedef struct tagTHREADENTRY32 {
-        DWORD dwSize;
-        DWORD cntUsage;
-        DWORD th32ThreadID;
-        DWORD th32OwnerProcessID;
-        LONG tpBasePri;
-        LONG tpDeltaPri;
-        DWORD dwFlags;
-} THREADENTRY32,*PTHREADENTRY32,*LPTHREADENTRY32;
-typedef struct tagMODULEENTRY32W {
-        DWORD dwSize;
-        DWORD th32ModuleID;
-        DWORD th32ProcessID;
-        DWORD GlblcntUsage;
-        DWORD ProccntUsage;
-        BYTE *modBaseAddr;
-        DWORD modBaseSize;
-        HMODULE hModule; 
-        WCHAR szModule[MAX_MODULE_NAME32 + 1];
-        WCHAR szExePath[MAX_PATH];
-} MODULEENTRY32W,*PMODULEENTRY32W,*LPMODULEENTRY32W;
-typedef struct tagMODULEENTRY32 {
-        DWORD dwSize;
-        DWORD th32ModuleID;
-        DWORD th32ProcessID;
-        DWORD GlblcntUsage;
-        DWORD ProccntUsage;
-        BYTE *modBaseAddr;
-        DWORD modBaseSize;
-        HMODULE hModule;
-        char szModule[MAX_MODULE_NAME32 + 1];
-        char szExePath[MAX_PATH];
-} MODULEENTRY32,*PMODULEENTRY32,*LPMODULEENTRY32;
-BOOL WINAPI Heap32First(LPHEAPENTRY32,DWORD,DWORD);
-BOOL WINAPI Heap32ListFirst(HANDLE,LPHEAPLIST32);
-BOOL WINAPI Heap32ListNext(HANDLE,LPHEAPLIST32);
-BOOL WINAPI Heap32Next(LPHEAPENTRY32);
-BOOL WINAPI Module32First(HANDLE,LPMODULEENTRY32);
-BOOL WINAPI Module32FirstW(HANDLE,LPMODULEENTRY32W);
-BOOL WINAPI Module32Next(HANDLE,LPMODULEENTRY32);
-BOOL WINAPI Module32NextW(HANDLE,LPMODULEENTRY32W);
-BOOL WINAPI Process32First(HANDLE,LPPROCESSENTRY32);
-BOOL WINAPI Process32FirstW(HANDLE,LPPROCESSENTRY32W);
-BOOL WINAPI Process32Next(HANDLE,LPPROCESSENTRY32);
-BOOL WINAPI Process32NextW(HANDLE,LPPROCESSENTRY32W);
-BOOL WINAPI Thread32First(HANDLE,LPTHREADENTRY32);
-BOOL WINAPI Thread32Next(HANDLE,LPTHREADENTRY32);
-BOOL WINAPI Toolhelp32ReadProcessMemory(DWORD,LPCVOID,LPVOID,DWORD,LPDWORD);
-HANDLE WINAPI CreateToolhelp32Snapshot(DWORD,DWORD);
-#ifdef UNICODE
-#define LPMODULEENTRY32 LPMODULEENTRY32W
-#define LPPROCESSENTRY32 LPPROCESSENTRY32W
-#define MODULEENTRY32 MODULEENTRY32W
-#define Module32First Module32FirstW
-#define Module32Next Module32NextW
-#define PMODULEENTRY32 PMODULEENTRY32W
-#define PPROCESSENTRY32 PPROCESSENTRY32W
-#define PROCESSENTRY32 PROCESSENTRY32W
-#define Process32First Process32FirstW
-#define Process32Next Process32NextW
-#endif /* UNICODE */
-#ifdef __cplusplus
-}
-#endif
-#endif /* _TLHELP32_H */
-
diff --git a/src/lib/libssl/src/ms/tpem.bat b/src/lib/libssl/src/ms/tpem.bat
deleted file mode 100644
index cd01792e9f..0000000000
--- a/src/lib/libssl/src/ms/tpem.bat
+++ /dev/null
@@ -1,6 +0,0 @@
-rem called by testpem
-
-echo test %1 %2
-%ssleay% %1 -in %2 -out %tmp1%
-%cmp% %2 %tmp1%
-
diff --git a/src/lib/libssl/src/ms/tpemce.bat b/src/lib/libssl/src/ms/tpemce.bat
deleted file mode 100644
index 483f559cfa..0000000000
--- a/src/lib/libssl/src/ms/tpemce.bat
+++ /dev/null
@@ -1,8 +0,0 @@
-rem called by testpemce
-
-echo test %1 %2
-cecopy %2 CE:\OpenSSL
-cerun CE:\OpenSSL\%ssleay% %1 -in \OpenSSL\%2 -out \OpenSSL\%tmp1%
-del %tmp1% >nul 2>&1
-cecopy CE:\OpenSSL\%tmp1% .
-%cmp% %2 %tmp1%
diff --git a/src/lib/libssl/src/ms/uplink-common.pl b/src/lib/libssl/src/ms/uplink-common.pl
deleted file mode 100755
index 1d20e6e03e..0000000000
--- a/src/lib/libssl/src/ms/uplink-common.pl
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/usr/bin/env perl
-#
-# pull APPLINK_MAX value from applink.c...
-$applink_c=$0;
-$applink_c=~s|[^/\\]+$||g;
-$applink_c.="applink.c";
-open(INPUT,$applink_c) || die "can't open $applink_c: $!";
-@max=grep {/APPLINK_MAX\s+(\d+)/} <INPUT>;
-close(INPUT);
-($#max==0) or die "can't find APPLINK_MAX in $applink_c";
-
-$max[0]=~/APPLINK_MAX\s+(\d+)/;
-$N=$1;  # number of entries in OPENSSL_UplinkTable not including
-        # OPENSSL_UplinkTable[0], which contains this value...
-
-1;
-
-# Idea is to fill the OPENSSL_UplinkTable with pointers to stubs
-# which invoke 'void OPENSSL_Uplink (ULONG_PTR *table,int index)';
-# and then dereference themselves. Latter shall result in endless
-# loop *unless* OPENSSL_Uplink does not replace 'table[index]' with
-# something else, e.g. as 'table[index]=unimplemented;'...
diff --git a/src/lib/libssl/src/ms/uplink-ia64.pl b/src/lib/libssl/src/ms/uplink-ia64.pl
deleted file mode 100755
index 4204c73d58..0000000000
--- a/src/lib/libssl/src/ms/uplink-ia64.pl
+++ /dev/null
@@ -1,50 +0,0 @@
-#!/usr/bin/env perl
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-push(@INC,"${dir}.");
-
-require "uplink-common.pl";
-
-local $V=8;     # max number of args uplink functions may accept...
-my $loc0 = "r".(32+$V);
-print <<___;
-.text
-.global OPENSSL_Uplink#
-.type   OPENSSL_Uplink#,\@function
-
-___
-for ($i=1;$i<=$N;$i++) {
-print <<___;
-.proc   lazy$i#
-lazy$i:
-        .prologue
-{ .mii; .save   ar.pfs,$loc0
-        alloc   loc0=ar.pfs,$V,3,2,0
-        .save   b0,loc1
-        mov     loc1=b0
-        addl    loc2=\@ltoff(OPENSSL_UplinkTable#),gp   };;
-        .body
-{ .mmi; ld8     out0=[loc2]
-        mov     out1=$i                                 };;
-{ .mib; add     loc2=8*$i,out0
-        br.call.sptk.many       b0=OPENSSL_Uplink#      };;
-{ .mmi; ld8     r31=[loc2];;
-        ld8     r30=[r31],8                             };;
-{ .mii; ld8     gp=[r31]
-        mov     b6=r30
-        mov     b0=loc1                                 };;
-{ .mib; mov     ar.pfs=loc0
-        br.many b6                                      };;
-.endp   lazy$i#
-
-___
-}
-print <<___;
-.data
-.global OPENSSL_UplinkTable#
-OPENSSL_UplinkTable:    data8   $N      // amount of following entries
-___
-for ($i=1;$i<=$N;$i++) {   print "      data8   \@fptr(lazy$i#)\n";   }
-print <<___;
-.size   OPENSSL_UplinkTable,.-OPENSSL_UplinkTable#
-___
diff --git a/src/lib/libssl/src/ms/uplink-x86.pl b/src/lib/libssl/src/ms/uplink-x86.pl
deleted file mode 100755
index 0dffc14fcd..0000000000
--- a/src/lib/libssl/src/ms/uplink-x86.pl
+++ /dev/null
@@ -1,33 +0,0 @@
-#!/usr/bin/env perl
-
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-push(@INC, "${dir}.", "${dir}../crypto/perlasm");
-require "x86asm.pl";
-
-require "uplink-common.pl";
-
-&asm_init($ARGV[0],"uplink-x86");
-
-&external_label("OPENSSL_Uplink");
-&public_label("OPENSSL_UplinkTable");
-
-for ($i=1;$i<=$N;$i++) {
-&function_begin_B("_\$lazy${i}");
-        &lea    ("eax",&DWP(&label("OPENSSL_UplinkTable")));
-        &push   ("eax");
-        &push   ($i);
-        &call   (&label("OPENSSL_Uplink"));
-        &add    ("esp",8);
-        &pop    ("eax");
-        &jmp_ptr(&DWP(4*$i,"eax"));
-&function_end_B("_\$lazy${i}");
-}
-
-&dataseg();
-&align(4);
-&set_label("OPENSSL_UplinkTable");
-&data_word($N);
-for ($i=1;$i<=$N;$i++) {
-&data_word(&label("_\$lazy${i}"));
-}
-&asm_finish();
diff --git a/src/lib/libssl/src/ms/uplink-x86_64.pl b/src/lib/libssl/src/ms/uplink-x86_64.pl
deleted file mode 100755
index 9acbf6be6f..0000000000
--- a/src/lib/libssl/src/ms/uplink-x86_64.pl
+++ /dev/null
@@ -1,64 +0,0 @@
-#!/usr/bin/env perl
-
-$output=shift;
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-open STDOUT,"| $^X ${dir}../crypto/perlasm/x86_64-xlate.pl $output";
-push(@INC,"${dir}.");
-
-require "uplink-common.pl";
-
-$prefix="_lazy";
-
-print <<___;
-.text
-.extern OPENSSL_Uplink
-.globl  OPENSSL_UplinkTable
-___
-for ($i=1;$i<=$N;$i++) {
-print <<___;
-.type   $prefix${i},\@abi-omnipotent
-.align  16
-$prefix${i}:
-        .byte   0x48,0x83,0xEC,0x28     # sub rsp,40
-        mov     %rcx,48(%rsp)
-        mov     %rdx,56(%rsp)
-        mov     %r8,64(%rsp)
-        mov     %r9,72(%rsp)
-        lea     OPENSSL_UplinkTable(%rip),%rcx
-        mov     \$$i,%rdx
-        call    OPENSSL_Uplink
-        mov     48(%rsp),%rcx
-        mov     56(%rsp),%rdx
-        mov     64(%rsp),%r8
-        mov     72(%rsp),%r9
-        lea     OPENSSL_UplinkTable(%rip),%rax
-        add     \$40,%rsp
-        jmp     *8*$i(%rax)
-$prefix${i}_end:
-.size   $prefix${i},.-$prefix${i}
-___
-}
-print <<___;
-.data
-OPENSSL_UplinkTable:
-        .quad   $N
-___
-for ($i=1;$i<=$N;$i++) {   print "      .quad   $prefix$i\n";   }
-print <<___;
-.section        .pdata,"r"
-.align          4
-___
-for ($i=1;$i<=$N;$i++) {
-print <<___;
-        .rva    $prefix${i},$prefix${i}_end,${prefix}_unwind_info
-___
-}
-print <<___;
-.section        .xdata,"r"
-.align          8
-${prefix}_unwind_info:
-        .byte   0x01,0x04,0x01,0x00
-        .byte   0x04,0x42,0x00,0x00
-___
-
-close STDOUT;
diff --git a/src/lib/libssl/src/ms/uplink.c b/src/lib/libssl/src/ms/uplink.c
deleted file mode 100644
index 6d59cb1f87..0000000000
--- a/src/lib/libssl/src/ms/uplink.c
+++ /dev/null
@@ -1,117 +0,0 @@
-#if (defined(_WIN64) || defined(_WIN32_WCE)) && !defined(UNICODE)
-#define UNICODE
-#endif
-#if defined(UNICODE) && !defined(_UNICODE)
-#define _UNICODE
-#endif
-#if defined(_UNICODE) && !defined(UNICODE)
-#define UNICODE
-#endif
-
-#include <windows.h>
-#include <tchar.h>
-#include <stdio.h>
-#include "uplink.h"
-void OPENSSL_showfatal(const char *,...);
-
-static TCHAR msg[128];
-
-static void unimplemented (void)
-{   OPENSSL_showfatal (sizeof(TCHAR)==sizeof(char)?"%s\n":"%S\n",msg);
-    ExitProcess (1);
-}
-
-void OPENSSL_Uplink (volatile void **table, int index)
-{ static HMODULE volatile apphandle=NULL;
-  static void ** volatile applinktable=NULL;
-  int len;
-  void (*func)(void)=unimplemented;
-  HANDLE h;
-  void **p;
-
-    /* Note that the below code is not MT-safe in respect to msg
-     * buffer, but what's the worst thing that can happen? Error
-     * message might be misleading or corrupted. As error condition
-     * is fatal and should never be risen, I accept the risk... */
-    /* One can argue that I should have used InterlockedExchangePointer
-     * or something to update static variables and table[]. Well,
-     * store instructions are as atomic as they can get and assigned
-     * values are effectively constant... So that volatile qualifier
-     * should be sufficient [it prohibits compiler to reorder memory
-     * access instructions]. */
-    do {
-        len = _sntprintf (msg,sizeof(msg)/sizeof(TCHAR),
-                          _T("OPENSSL_Uplink(%p,%02X): "),table,index);
-        _tcscpy (msg+len,_T("unimplemented function"));
-
-        if ((h=apphandle)==NULL)
-        {   if  ((h=GetModuleHandle(NULL))==NULL)
-            {   apphandle=(HMODULE)-1;
-                _tcscpy (msg+len,_T("no host application"));
-                break;
-            }
-            apphandle = h;
-        }
-        if ((h=apphandle)==(HMODULE)-1) /* revalidate */
-            break;
-
-        if (applinktable==NULL)
-        { void**(*applink)();
-
-            applink=(void**(*)())GetProcAddress(h,"OPENSSL_Applink");
-            if (applink==NULL)
-            {   apphandle=(HMODULE)-1;
-                _tcscpy (msg+len,_T("no OPENSSL_Applink"));
-                break;
-            }
-            p = (*applink)();
-            if (p==NULL)
-            {   apphandle=(HMODULE)-1;
-                _tcscpy (msg+len,_T("no ApplinkTable"));
-                break;
-            }
-            applinktable = p;
-        }
-        else
-            p = applinktable;
-
-        if (index > (int)p[0])
-            break;
-
-        if (p[index]) func = p[index];
-    } while (0);
-
-    table[index] = func;
-}    
-
-#if defined(_MSC_VER) && defined(_M_IX86) && !defined(OPENSSL_NO_INLINE_ASM)
-#define LAZY(i)         \
-__declspec(naked) static void lazy##i (void) {  \
-        _asm    push i                          \
-        _asm    push OFFSET OPENSSL_UplinkTable \
-        _asm    call OPENSSL_Uplink             \
-        _asm    add  esp,8                      \
-        _asm    jmp  OPENSSL_UplinkTable+4*i    }
-
-#if APPLINK_MAX>25
-#error "Add more stubs..."
-#endif
-/* make some in advance... */
-LAZY(1)  LAZY(2)  LAZY(3)  LAZY(4)  LAZY(5)
-LAZY(6)  LAZY(7)  LAZY(8)  LAZY(9)  LAZY(10)
-LAZY(11) LAZY(12) LAZY(13) LAZY(14) LAZY(15)
-LAZY(16) LAZY(17) LAZY(18) LAZY(19) LAZY(20)
-LAZY(21) LAZY(22) LAZY(23) LAZY(24) LAZY(25)
-void *OPENSSL_UplinkTable[] = {
-        (void *)APPLINK_MAX,
-        lazy1, lazy2, lazy3, lazy4, lazy5,
-        lazy6, lazy7, lazy8, lazy9, lazy10,
-        lazy11,lazy12,lazy13,lazy14,lazy15,
-        lazy16,lazy17,lazy18,lazy19,lazy20,
-        lazy21,lazy22,lazy23,lazy24,lazy25,
-};
-#endif
-
-#ifdef SELFTEST
-main() {  UP_fprintf(UP_stdout,"hello, world!\n"); }
-#endif
diff --git a/src/lib/libssl/src/ms/uplink.h b/src/lib/libssl/src/ms/uplink.h
deleted file mode 100644
index 4881ba7d42..0000000000
--- a/src/lib/libssl/src/ms/uplink.h
+++ /dev/null
@@ -1,29 +0,0 @@
-#define APPMACROS_ONLY
-#include "applink.c"
-
-extern void *OPENSSL_UplinkTable[];
-
-#define UP_stdin  (*(void *(*)(void))OPENSSL_UplinkTable[APPLINK_STDIN])()
-#define UP_stdout (*(void *(*)(void))OPENSSL_UplinkTable[APPLINK_STDOUT])()
-#define UP_stderr (*(void *(*)(void))OPENSSL_UplinkTable[APPLINK_STDERR])()
-#define UP_fprintf (*(int (*)(void *,const char *,...))OPENSSL_UplinkTable[APPLINK_FPRINTF])
-#define UP_fgets  (*(char *(*)(char *,int,void *))OPENSSL_UplinkTable[APPLINK_FGETS])
-#define UP_fread  (*(size_t (*)(void *,size_t,size_t,void *))OPENSSL_UplinkTable[APPLINK_FREAD])
-#define UP_fwrite (*(size_t (*)(const void *,size_t,size_t,void *))OPENSSL_UplinkTable[APPLINK_FWRITE])
-#define UP_fsetmod (*(int (*)(void *,char))OPENSSL_UplinkTable[APPLINK_FSETMOD])
-#define UP_feof   (*(int (*)(void *))OPENSSL_UplinkTable[APPLINK_FEOF])
-#define UP_fclose (*(int (*)(void *))OPENSSL_UplinkTable[APPLINK_FCLOSE])
-
-#define UP_fopen  (*(void *(*)(const char *,const char *))OPENSSL_UplinkTable[APPLINK_FOPEN])
-#define UP_fseek  (*(int (*)(void *,long,int))OPENSSL_UplinkTable[APPLINK_FSEEK])
-#define UP_ftell  (*(long (*)(void *))OPENSSL_UplinkTable[APPLINK_FTELL])
-#define UP_fflush (*(int (*)(void *))OPENSSL_UplinkTable[APPLINK_FFLUSH])
-#define UP_ferror (*(int (*)(void *))OPENSSL_UplinkTable[APPLINK_FERROR])
-#define UP_clearerr (*(void (*)(void *))OPENSSL_UplinkTable[APPLINK_CLEARERR])
-#define UP_fileno (*(int (*)(void *))OPENSSL_UplinkTable[APPLINK_FILENO])
-
-#define UP_open   (*(int (*)(const char *,int,...))OPENSSL_UplinkTable[APPLINK_OPEN])
-#define UP_read   (*(ossl_ssize_t (*)(int,void *,size_t))OPENSSL_UplinkTable[APPLINK_READ])
-#define UP_write  (*(ossl_ssize_t (*)(int,const void *,size_t))OPENSSL_UplinkTable[APPLINK_WRITE])
-#define UP_lseek  (*(long (*)(int,long,int))OPENSSL_UplinkTable[APPLINK_LSEEK])
-#define UP_close  (*(int (*)(int))OPENSSL_UplinkTable[APPLINK_CLOSE])
diff --git a/src/lib/libssl/src/ms/uplink.pl b/src/lib/libssl/src/ms/uplink.pl
deleted file mode 100755
index 102400e880..0000000000
--- a/src/lib/libssl/src/ms/uplink.pl
+++ /dev/null
@@ -1,204 +0,0 @@
-#!/usr/bin/env perl
-#
-# For Microsoft CL this is implemented as inline assembler. So that
-# even though this script can generate even Win32 code, we'll be
-# using it primarily to generate Win64 modules. Both IA-64 and AMD64
-# are supported...
-
-# pull APPLINK_MAX value from applink.c...
-$applink_c=$0;
-$applink_c=~s|[^/\\]+$||g;
-$applink_c.="applink.c";
-open(INPUT,$applink_c) || die "can't open $applink_c: $!";
-@max=grep {/APPLINK_MAX\s+(\d+)/} <INPUT>;
-close(INPUT);
-($#max==0) or die "can't find APPLINK_MAX in $applink_c";
-
-$max[0]=~/APPLINK_MAX\s+(\d+)/;
-$N=$1;  # number of entries in OPENSSL_UplinkTable not including
-        # OPENSSL_UplinkTable[0], which contains this value...
-
-# Idea is to fill the OPENSSL_UplinkTable with pointers to stubs
-# which invoke 'void OPENSSL_Uplink (ULONG_PTR *table,int index)';
-# and then dereference themselves. Latter shall result in endless
-# loop *unless* OPENSSL_Uplink does not replace 'table[index]' with
-# something else, e.g. as 'table[index]=unimplemented;'...
-
-$arg = shift;
-#( defined shift || open STDOUT,">$arg" ) || die "can't open $arg: $!";
-
-if ($arg =~ /win32n/)   { ia32nasm();  }
-elsif ($arg =~ /win32/) { ia32masm();  }
-elsif ($arg =~ /coff/)  { ia32gas();   }
-elsif ($arg =~ /win64i/ or $arg =~ /ia64/)      { ia64ias();   }
-elsif ($arg =~ /win64a/ or $arg =~ /amd64/)     { amd64masm(); }
-else    { die "nonsense $arg"; }
-
-sub ia32gas() {
-print <<___;
-.text
-___
-for ($i=1;$i<=$N;$i++) {
-print <<___;
-.def    .Lazy$i;        .scl    3;      .type   32;     .endef
-.align  4
-.Lazy$i:
-        pushl   \$$i
-        pushl   \$_OPENSSL_UplinkTable
-        call    _OPENSSL_Uplink
-        addl    \$8,%esp
-        jmp     *(_OPENSSL_UplinkTable+4*$i)
-___
-}
-print <<___;
-.data
-.align  4
-.globl  _OPENSSL_UplinkTable
-_OPENSSL_UplinkTable:
-        .long   $N
-___
-for ($i=1;$i<=$N;$i++) {   print "      .long   .Lazy$i\n";   }
-}
-
-sub ia32masm() {
-print <<___;
-.386P
-.model  FLAT
-
-_DATA   SEGMENT
-PUBLIC  _OPENSSL_UplinkTable
-_OPENSSL_UplinkTable    DD      $N      ; amount of following entries
-___
-for ($i=1;$i<=$N;$i++) {   print "      DD      FLAT:\$lazy$i\n";   }
-print <<___;
-_DATA   ENDS
-
-_TEXT   SEGMENT
-EXTRN   _OPENSSL_Uplink:NEAR
-___
-for ($i=1;$i<=$N;$i++) {
-print <<___;
-ALIGN   4
-\$lazy$i        PROC NEAR
-        push    $i
-        push    OFFSET FLAT:_OPENSSL_UplinkTable
-        call    _OPENSSL_Uplink
-        add     esp,8
-        jmp     DWORD PTR _OPENSSL_UplinkTable+4*$i
-\$lazy$i        ENDP
-___
-}
-print <<___;
-ALIGN   4
-_TEXT   ENDS
-END
-___
-}
-
-sub ia32nasm() {
-print <<___;
-SEGMENT .data
-GLOBAL  _OPENSSL_UplinkTable
-_OPENSSL_UplinkTable    DD      $N      ; amount of following entries
-___
-for ($i=1;$i<=$N;$i++) {   print "      DD      \$lazy$i\n";   }
-print <<___;
-
-SEGMENT .text
-EXTERN  _OPENSSL_Uplink
-___
-for ($i=1;$i<=$N;$i++) {
-print <<___;
-ALIGN   4
-\$lazy$i:
-        push    $i
-        push    _OPENSSL_UplinkTable
-        call    _OPENSSL_Uplink
-        add     esp,8
-        jmp     [_OPENSSL_UplinkTable+4*$i]
-___
-}
-print <<___;
-ALIGN   4
-END
-___
-}
-
-sub ia64ias () {
-local $V=8;     # max number of args uplink functions may accept...
-print <<___;
-.data
-.global OPENSSL_UplinkTable#
-OPENSSL_UplinkTable:    data8   $N      // amount of following entries
-___
-for ($i=1;$i<=$N;$i++) {   print "      data8   \@fptr(lazy$i#)\n";   }
-print <<___;
-.size   OPENSSL_UplinkTable,.-OPENSSL_UplinkTable#
-
-.text
-.global OPENSSL_Uplink#
-.type   OPENSSL_Uplink#,\@function
-___
-for ($i=1;$i<=$N;$i++) {
-print <<___;
-.proc   lazy$i
-lazy$i:
-{ .mii; alloc   loc0=ar.pfs,$V,3,2,0
-        mov     loc1=b0
-        addl    loc2=\@ltoff(OPENSSL_UplinkTable#),gp   };;
-{ .mmi; ld8     out0=[loc2]
-        mov     out1=$i                                 };;
-{ .mib; adds    loc2=8*$i,out0
-        br.call.sptk.many       b0=OPENSSL_Uplink#      };;
-{ .mmi; ld8     r31=[loc2];;
-        ld8     r30=[r31],8                             };;
-{ .mii; ld8     gp=[r31]
-        mov     b6=r30
-        mov     b0=loc1                                 };;
-{ .mib; mov     ar.pfs=loc0
-        br.many b6                                      };;
-.endp   lazy$i#
-___
-}
-}
-
-sub amd64masm() {
-print <<___;
-_DATA   SEGMENT
-PUBLIC  OPENSSL_UplinkTable
-OPENSSL_UplinkTable     DQ      $N
-___
-for ($i=1;$i<=$N;$i++) {   print "      DQ      \$lazy$i\n";   }
-print <<___;
-_DATA   ENDS
-
-_TEXT   SEGMENT
-EXTERN  OPENSSL_Uplink:PROC
-___
-for ($i=1;$i<=$N;$i++) {
-print <<___;
-ALIGN   4
-\$lazy$i        PROC
-        push    r9
-        push    r8
-        push    rdx
-        push    rcx
-        sub     rsp,40
-        lea     rcx,OFFSET OPENSSL_UplinkTable
-        mov     rdx,$i
-        call    OPENSSL_Uplink
-        add     rsp,40
-        pop     rcx
-        pop     rdx
-        pop     r8
-        pop     r9
-        jmp     QWORD PTR OPENSSL_UplinkTable+8*$i
-\$lazy$i        ENDP
-___
-}
-print <<___;
-_TEXT   ENDS
-END
-___
-}
-
diff --git a/src/lib/libssl/src/ms/x86asm.bat b/src/lib/libssl/src/ms/x86asm.bat
deleted file mode 100644
index 03563c6b04..0000000000
--- a/src/lib/libssl/src/ms/x86asm.bat
+++ /dev/null
@@ -1,57 +0,0 @@
-
-@echo off
-echo Generating x86 assember
-
-echo Bignum
-cd crypto\bn\asm
-perl x86.pl win32n > bn-win32.asm
-cd ..\..\..
-
-echo DES
-cd crypto\des\asm
-perl des-586.pl win32n > d-win32.asm
-cd ..\..\..
-
-echo "crypt(3)"
-
-cd crypto\des\asm
-perl crypt586.pl win32n > y-win32.asm
-cd ..\..\..
-
-echo Blowfish
-
-cd crypto\bf\asm
-perl bf-586.pl win32n > b-win32.asm
-cd ..\..\..
-
-echo CAST5
-cd crypto\cast\asm
-perl cast-586.pl win32n > c-win32.asm
-cd ..\..\..
-
-echo RC4
-cd crypto\rc4\asm
-perl rc4-586.pl win32n > r4-win32.asm
-cd ..\..\..
-
-echo MD5
-cd crypto\md5\asm
-perl md5-586.pl win32n > m5-win32.asm
-cd ..\..\..
-
-echo SHA1
-cd crypto\sha\asm
-perl sha1-586.pl win32n > s1-win32.asm
-cd ..\..\..
-
-echo RIPEMD160
-cd crypto\ripemd\asm
-perl rmd-586.pl win32n > rm-win32.asm
-cd ..\..\..
-
-echo RC5\32
-cd crypto\rc5\asm
-perl rc5-586.pl win32n > r5-win32.asm
-cd ..\..\..
-
-echo on
diff --git a/src/lib/libssl/src/openssl.spec b/src/lib/libssl/src/openssl.spec
index 0d86222e43..44147ce64a 100644
--- a/src/lib/libssl/src/openssl.spec
+++ b/src/lib/libssl/src/openssl.spec
@@ -1,8 +1,5 @@
 %define _unpackaged_files_terminate_build 0
-%define libmaj 1
-%define libmin 0
-%define librel 1
-%define librev c
+
 Release: 1
 
 %define openssldir /var/ssl
@@ -10,9 +7,9 @@ Release: 1
 Summary: Secure Sockets Layer and cryptography libraries and tools
 Name: openssl
 #Version: %{libmaj}.%{libmin}.%{librel}
-Version: %{libmaj}.%{libmin}.%{librel}%{librev}
+Version: 1.0.1g
 Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
-Copyright: Freely distributable
+License: OpenSSL
 Group: System Environment/Libraries
 Provides: SSL
 URL: http://www.openssl.org/
diff --git a/src/lib/libssl/src/os2/OS2-EMX.cmd b/src/lib/libssl/src/os2/OS2-EMX.cmd
deleted file mode 100644
index 5924b50b6d..0000000000
--- a/src/lib/libssl/src/os2/OS2-EMX.cmd
+++ /dev/null
@@ -1,102 +0,0 @@
-@echo off
-
-perl Configure OS2-EMX
-perl util\mkfiles.pl > MINFO
-
-@rem create make file
-perl util\mk1mf.pl OS2-EMX > OS2-EMX.mak
-perl util\mk1mf.pl dll OS2-EMX > OS2-EMX-DLL.mak
-
-echo Generating export definition files
-perl util\mkdef.pl crypto OS2 > os2\crypto.def
-perl util\mkdef.pl ssl OS2 > os2\ssl.def
-
-echo Generating x86 for GNU assember
-
-echo Bignum
-cd crypto\bn\asm
-rem perl x86.pl a.out > bn-os2.asm
-perl bn-586.pl a.out > bn-os2.asm 
-perl co-586.pl a.out > co-os2.asm 
-cd ..\..\..
-
-echo DES
-cd crypto\des\asm
-perl des-586.pl a.out > d-os2.asm
-cd ..\..\..
-
-echo crypt(3)
-cd crypto\des\asm
-perl crypt586.pl a.out > y-os2.asm
-cd ..\..\..
-
-echo Blowfish
-cd crypto\bf\asm
-perl bf-586.pl a.out > b-os2.asm
-cd ..\..\..
-
-echo CAST5
-cd crypto\cast\asm
-perl cast-586.pl a.out > c-os2.asm
-cd ..\..\..
-
-echo RC4
-cd crypto\rc4\asm
-perl rc4-586.pl a.out > r4-os2.asm
-cd ..\..\..
-
-echo MD5
-cd crypto\md5\asm
-perl md5-586.pl a.out > m5-os2.asm
-cd ..\..\..
-
-echo SHA1
-cd crypto\sha\asm
-perl sha1-586.pl a.out > s1-os2.asm
-cd ..\..\..
-
-echo RIPEMD160
-cd crypto\ripemd\asm
-perl rmd-586.pl a.out > rm-os2.asm
-cd ..\..\..
-
-echo RC5\32
-cd crypto\rc5\asm
-perl rc5-586.pl a.out > r5-os2.asm
-cd ..\..\..
-
-cd os2
-
-if exist noname\backward_ssl.def goto nomkdir
-mkdir noname
-:nomkdir
-
-perl backwardify.pl             crypto.def      >backward_crypto.def
-perl backwardify.pl             ssl.def         >backward_ssl.def
-perl backwardify.pl -noname     crypto.def      >noname\backward_crypto.def
-perl backwardify.pl -noname     ssl.def         >noname\backward_ssl.def
-
-echo Creating backward compatibility forwarder dlls:
-echo  crypto.dll
-gcc -Zomf -Zdll -Zcrtdll -o crypto.dll backward_crypto.def 2>&1 | grep -v L4085
-echo  ssl.dll
-gcc -Zomf -Zdll -Zcrtdll -o ssl.dll backward_ssl.def 2>&1 | grep -v L4085
-
-echo Creating smaller backward compatibility forwarder dlls:
-echo These DLLs are not good for runtime resolution of symbols.
-echo  noname\crypto.dll
-gcc -Zomf -Zdll -Zcrtdll -o noname/crypto.dll noname/backward_crypto.def 2>&1 | grep -v L4085
-echo  noname\ssl.dll
-gcc -Zomf -Zdll -Zcrtdll -o noname/ssl.dll noname/backward_ssl.def 2>&1 | grep -v L4085
-
-echo Compressing forwarders (it is ok if lxlite is not found):
-lxlite *.dll noname/*.dll
-
-cd ..
-
-echo Now run:
-echo For static build:
-echo  make -f OS2-EMX.mak
-echo For dynamic build:
-echo  make -f OS2-EMX-DLL.mak
-echo then rename crypto.dll to cryptssl.dll, ssl.dll to open_ssl.dll
diff --git a/src/lib/libssl/src/os2/backwardify.pl b/src/lib/libssl/src/os2/backwardify.pl
deleted file mode 100644
index 272423c8fa..0000000000
--- a/src/lib/libssl/src/os2/backwardify.pl
+++ /dev/null
@@ -1,32 +0,0 @@
-#!/usr/bin/perl -w
-use strict;
-
-# Use as $0
-# Use as $0 -noname
-
-my $did_library;
-my $did_description;
-my $do_exports;
-my @imports;
-my $noname = (@ARGV and $ARGV[0] eq '-noname' and shift);
-while (<>) {
-  unless ($did_library) {
-    s/\b(cryptssl)\b/crypto/ and $did_library = $1 if /^LIBRARY\s+cryptssl\b/;
-    s/\b(open_ssl)\b/ssl/    and $did_library = $1 if /^LIBRARY\s+open_ssl\b/;
-  }
-  unless ($did_description) {
-    s&^(DESCRIPTION\s+(['"])).*&${1}\@#www.openssl.org/:#\@forwarder DLL for pre-0.9.7c+ OpenSSL to the new dll naming scheme$2& and $did_description++;
-  }
-  if ($do_exports) {{
-    last unless /\S/;
-    warn, last unless /^ \s* ( \w+ ) \s+ \@(\d+)\s*$/x;
-    push @imports, [$1, $2];
-    s/$/ NONAME/ if $noname;
-  }}
-  $do_exports++ if not $do_exports and /^EXPORTS/;
-  print $_;
-}
-print "IMPORTS\n";
-for my $imp (@imports) {
-  print "\t$imp->[0]=$did_library.$imp->[1]\n";
-}
diff --git a/src/lib/libssl/src/ssl/Makefile b/src/lib/libssl/src/ssl/Makefile
index feaf3e358a..debe07405b 100644
--- a/src/lib/libssl/src/ssl/Makefile
+++ b/src/lib/libssl/src/ssl/Makefile
@@ -22,7 +22,7 @@ LIB=$(TOP)/libssl.a
 SHARED_LIB= libssl$(SHLIB_EXT)
 LIBSRC= \
         s2_meth.c   s2_srvr.c s2_clnt.c  s2_lib.c  s2_enc.c s2_pkt.c \
-        s3_meth.c   s3_srvr.c s3_clnt.c  s3_lib.c  s3_enc.c s3_pkt.c s3_both.c \
+        s3_meth.c   s3_srvr.c s3_clnt.c  s3_lib.c  s3_enc.c s3_pkt.c s3_both.c s3_cbc.c \
         s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c          s23_pkt.c \
         t1_meth.c   t1_srvr.c t1_clnt.c  t1_lib.c  t1_enc.c \
         d1_meth.c   d1_srvr.c d1_clnt.c  d1_lib.c  d1_pkt.c \
@@ -33,7 +33,7 @@ LIBSRC=	\
         bio_ssl.c ssl_err.c kssl.c tls_srp.c t1_reneg.c
 LIBOBJ= \
         s2_meth.o  s2_srvr.o  s2_clnt.o  s2_lib.o  s2_enc.o s2_pkt.o \
-        s3_meth.o  s3_srvr.o  s3_clnt.o  s3_lib.o  s3_enc.o s3_pkt.o s3_both.o \
+        s3_meth.o  s3_srvr.o  s3_clnt.o  s3_lib.o  s3_enc.o s3_pkt.o s3_both.o s3_cbc.o \
         s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o          s23_pkt.o \
         t1_meth.o   t1_srvr.o t1_clnt.o  t1_lib.o  t1_enc.o \
         d1_meth.o   d1_srvr.o d1_clnt.o  d1_lib.o  d1_pkt.o \
@@ -547,6 +547,26 @@ s3_both.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 s3_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
 s3_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h
 s3_both.o: ../include/openssl/x509_vfy.h s3_both.c ssl_locl.h
+s3_cbc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+s3_cbc.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+s3_cbc.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+s3_cbc.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+s3_cbc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+s3_cbc.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+s3_cbc.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+s3_cbc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s3_cbc.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
+s3_cbc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s3_cbc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s3_cbc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s3_cbc.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
+s3_cbc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s3_cbc.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+s3_cbc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s3_cbc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s3_cbc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s3_cbc.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s3_cbc.o: ../include/openssl/x509_vfy.h s3_cbc.c ssl_locl.h
 s3_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s3_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
diff --git a/src/lib/libssl/src/ssl/d1_both.c b/src/lib/libssl/src/ssl/d1_both.c
index e4b718efa7..2e8cf681ed 100644
--- a/src/lib/libssl/src/ssl/d1_both.c
+++ b/src/lib/libssl/src/ssl/d1_both.c
@@ -220,7 +220,6 @@ dtls1_hm_fragment_free(hm_fragment *frag)
                 EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx);
                 EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash);
                 }
-
         if (frag->fragment) OPENSSL_free(frag->fragment);
         if (frag->reassembly) OPENSSL_free(frag->reassembly);
         OPENSSL_free(frag);
@@ -320,9 +319,10 @@ int dtls1_do_write(SSL *s, int type)
                                 s->init_off -= DTLS1_HM_HEADER_LENGTH;
                                 s->init_num += DTLS1_HM_HEADER_LENGTH;
 
-                                /* write atleast DTLS1_HM_HEADER_LENGTH bytes */
-                                if ( len <= DTLS1_HM_HEADER_LENGTH)  
-                                        len += DTLS1_HM_HEADER_LENGTH;
+                                if ( s->init_num > curr_mtu)
+                                        len = curr_mtu;
+                                else
+                                        len = s->init_num;
                                 }
 
                         dtls1_fix_message_header(s, frag_off, 
diff --git a/src/lib/libssl/src/ssl/d1_clnt.c b/src/lib/libssl/src/ssl/d1_clnt.c
index a6ed09c51d..48e5e06bde 100644
--- a/src/lib/libssl/src/ssl/d1_clnt.c
+++ b/src/lib/libssl/src/ssl/d1_clnt.c
@@ -538,13 +538,6 @@ int dtls1_connect(SSL *s)
                                 SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
                         if (ret <= 0) goto end;
 
-#ifndef OPENSSL_NO_SCTP
-                        /* Change to new shared key of SCTP-Auth,
-                         * will be ignored if no SCTP used.
-                         */
-                        BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
-#endif
-
                         s->state=SSL3_ST_CW_FINISHED_A;
                         s->init_num=0;
 
@@ -571,6 +564,16 @@ int dtls1_connect(SSL *s)
                                 goto end;
                                 }
                         
+#ifndef OPENSSL_NO_SCTP
+                                if (s->hit)
+                                        {
+                                        /* Change to new shared key of SCTP-Auth,
+                                         * will be ignored if no SCTP used.
+                                         */
+                                        BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
+                                        }
+#endif
+
                         dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
                         break;
 
@@ -613,6 +616,13 @@ int dtls1_connect(SSL *s)
                                 }
                         else
                                 {
+#ifndef OPENSSL_NO_SCTP
+                                /* Change to new shared key of SCTP-Auth,
+                                 * will be ignored if no SCTP used.
+                                 */
+                                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
+#endif
+
 #ifndef OPENSSL_NO_TLSEXT
                                 /* Allow NewSessionTicket if ticket expected */
                                 if (s->tlsext_ticket_expected)
@@ -773,7 +783,7 @@ int dtls1_client_hello(SSL *s)
         unsigned char *buf;
         unsigned char *p,*d;
         unsigned int i,j;
-        unsigned long Time,l;
+        unsigned long l;
         SSL_COMP *comp;
 
         buf=(unsigned char *)s->init_buf->data;
@@ -798,13 +808,11 @@ int dtls1_client_hello(SSL *s)
 
                 /* if client_random is initialized, reuse it, we are
                  * required to use same upon reply to HelloVerify */
-                for (i=0;p[i]=='\0' && i<sizeof(s->s3->client_random);i++) ;
+                for (i=0;p[i]=='\0' && i<sizeof(s->s3->client_random);i++)
+                        ;
                 if (i==sizeof(s->s3->client_random))
-                        {
-                        Time=(unsigned long)time(NULL); /* Time */
-                        l2n(Time,p);
-                        RAND_pseudo_bytes(p,sizeof(s->s3->client_random)-4);
-                        }
+                        ssl_fill_hello_random(s, 0, p,
+                                              sizeof(s->s3->client_random));
 
                 /* Do the message type and length last */
                 d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
diff --git a/src/lib/libssl/src/ssl/d1_pkt.c b/src/lib/libssl/src/ssl/d1_pkt.c
index cfe4524553..8186462d4a 100644
--- a/src/lib/libssl/src/ssl/d1_pkt.c
+++ b/src/lib/libssl/src/ssl/d1_pkt.c
@@ -455,7 +455,7 @@ printf("\n");
                      orig_len < mac_size+1))
                         {
                         al=SSL_AD_DECODE_ERROR;
-                        SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
+                        SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
                         goto f_err;
                         }
 
@@ -480,7 +480,7 @@ printf("\n");
                         }
 
                 i=s->method->ssl3_enc->mac(s,md,0 /* not send */);
-                if (i < 0 || mac == NULL || timingsafe_bcmp(md, mac, (size_t)mac_size) != 0)
+                if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
                         enc_err = -1;
                 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size)
                         enc_err = -1;
@@ -847,6 +847,12 @@ start:
                         }
                 }
 
+        if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE)
+                {
+                rr->length = 0;
+                goto start;
+                }
+
         /* we now have a packet which can be read and processed */
 
         if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
@@ -1051,6 +1057,7 @@ start:
                         !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
                         !s->s3->renegotiate)
                         {
+                        s->d1->handshake_read_seq++;
                         s->new_session = 1;
                         ssl3_renegotiate(s);
                         if (ssl3_renegotiate_check(s))
diff --git a/src/lib/libssl/src/ssl/d1_srvr.c b/src/lib/libssl/src/ssl/d1_srvr.c
index 29421da9aa..9975e20873 100644
--- a/src/lib/libssl/src/ssl/d1_srvr.c
+++ b/src/lib/libssl/src/ssl/d1_srvr.c
@@ -276,10 +276,11 @@ int dtls1_accept(SSL *s)
                 case SSL3_ST_SW_HELLO_REQ_B:
 
                         s->shutdown=0;
+                        dtls1_clear_record_buffer(s);
                         dtls1_start_timer(s);
                         ret=dtls1_send_hello_request(s);
                         if (ret <= 0) goto end;
-                        s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;
+                        s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
                         s->state=SSL3_ST_SW_FLUSH;
                         s->init_num=0;
 
@@ -721,10 +722,13 @@ int dtls1_accept(SSL *s)
                         if (ret <= 0) goto end;
 
 #ifndef OPENSSL_NO_SCTP
-                        /* Change to new shared key of SCTP-Auth,
-                         * will be ignored if no SCTP used.
-                         */
-                        BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
+                        if (!s->hit)
+                                {
+                                /* Change to new shared key of SCTP-Auth,
+                                 * will be ignored if no SCTP used.
+                                 */
+                                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
+                                }
 #endif
 
                         s->state=SSL3_ST_SW_FINISHED_A;
@@ -749,7 +753,16 @@ int dtls1_accept(SSL *s)
                         if (ret <= 0) goto end;
                         s->state=SSL3_ST_SW_FLUSH;
                         if (s->hit)
+                                {
                                 s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
+
+#ifndef OPENSSL_NO_SCTP
+                                /* Change to new shared key of SCTP-Auth,
+                                 * will be ignored if no SCTP used.
+                                 */
+                                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
+#endif
+                                }
                         else
                                 {
                                 s->s3->tmp.next_state=SSL_ST_OK;
@@ -912,15 +925,13 @@ int dtls1_send_server_hello(SSL *s)
         unsigned char *p,*d;
         int i;
         unsigned int sl;
-        unsigned long l,Time;
+        unsigned long l;
 
         if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
                 {
                 buf=(unsigned char *)s->init_buf->data;
                 p=s->s3->server_random;
-                Time=(unsigned long)time(NULL);                 /* Time */
-                l2n(Time,p);
-                RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4);
+                ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE);
                 /* Do the message type and length last */
                 d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
 
diff --git a/src/lib/libssl/src/ssl/dtls1.h b/src/lib/libssl/src/ssl/dtls1.h
index 5008bf6081..e65d501191 100644
--- a/src/lib/libssl/src/ssl/dtls1.h
+++ b/src/lib/libssl/src/ssl/dtls1.h
@@ -57,8 +57,8 @@
  *
  */
 
-#ifndef HEADER_DTLS1_H 
-#define HEADER_DTLS1_H 
+#ifndef HEADER_DTLS1_H
+#define HEADER_DTLS1_H
 
 #include <openssl/buffer.h>
 #include <openssl/pqueue.h>
@@ -72,8 +72,12 @@
 #elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_)
 #include <sys/timeval.h>
 #else
+#if defined(OPENSSL_SYS_VXWORKS)
+#include <sys/times.h>
+#else
 #include <sys/time.h>
 #endif
+#endif
 
 #ifdef  __cplusplus
 extern "C" {
diff --git a/src/lib/libssl/src/ssl/install-ssl.com b/src/lib/libssl/src/ssl/install-ssl.com
deleted file mode 100755
index afe6967f85..0000000000
--- a/src/lib/libssl/src/ssl/install-ssl.com
+++ /dev/null
@@ -1,136 +0,0 @@
-$! INSTALL-SSL.COM -- Installs the files in a given directory tree
-$!
-$! Author: Richard Levitte <richard@levitte.org>
-$! Time of creation: 22-MAY-1998 10:13
-$!
-$! P1  root of the directory tree
-$! P2  "64" for 64-bit pointers.
-$!
-$!
-$! Announce/identify.
-$!
-$ proc = f$environment( "procedure")
-$ write sys$output "@@@ "+ -
-   f$parse( proc, , , "name")+ f$parse( proc, , , "type")
-$!
-$ on error then goto tidy
-$ on control_c then goto tidy
-$!
-$ if p1 .eqs. ""
-$ then
-$   write sys$output "First argument missing."
-$   write sys$output -
-     "It should be the directory where you want things installed."
-$   exit
-$ endif
-$!
-$ if (f$getsyi( "cpu") .lt. 128)
-$ then
-$     arch = "VAX"
-$ else
-$     arch = f$edit( f$getsyi( "arch_name"), "upcase")
-$     if (arch .eqs. "") then arch = "UNK"
-$ endif
-$!
-$ archd = arch
-$ lib32 = "32"
-$ shr = "_SHR32"
-$!
-$ if (p2 .nes. "")
-$ then
-$   if (p2 .eqs. "64")
-$   then
-$     archd = arch+ "_64"
-$     lib32 = ""
-$     shr = "_SHR"
-$   else
-$     if (p2 .nes. "32")
-$     then
-$       write sys$output "Second argument invalid."
-$       write sys$output "It should be "32", "64", or nothing."
-$       exit
-$     endif
-$   endif
-$ endif
-$!
-$ root = f$parse( p1, "[]A.;0", , , "syntax_only, no_conceal") - "A.;0"
-$ root_dev = f$parse(root,,,"device","syntax_only")
-$ root_dir = f$parse(root,,,"directory","syntax_only") - -
-   "[000000." - "][" - "[" - "]"
-$ root = root_dev + "[" + root_dir
-$!
-$ define /nolog wrk_sslroot 'root'.] /trans=conc
-$ define /nolog wrk_sslinclude wrk_sslroot:[include]
-$ define /nolog wrk_sslxexe wrk_sslroot:['archd'_exe]
-$ define /nolog wrk_sslxlib wrk_sslroot:['arch'_lib]
-$!
-$ if f$parse("wrk_sslroot:[000000]") .eqs. "" then -
-   create /directory /log wrk_sslroot:[000000]
-$ if f$parse("wrk_sslinclude:") .eqs. "" then -
-   create /directory /log wrk_sslinclude:
-$ if f$parse("wrk_sslxexe:") .eqs. "" then -
-   create /directory /log wrk_sslxexe:
-$ if f$parse("wrk_sslxlib:") .eqs. "" then -
-   create /directory /log wrk_sslxlib:
-$!
-$ exheader := ssl.h, ssl2.h, ssl3.h, ssl23.h, tls1.h, dtls1.h, kssl.h, srtp.h
-$ e_exe := ssl_task
-$ libs := ssl_libssl
-$!
-$ xexe_dir := [-.'archd'.exe.ssl]
-$!
-$ copy /protection = w:re 'exheader' wrk_sslinclude: /log
-$!
-$ i = 0
-$ loop_exe:
-$   e = f$edit( f$element( i, ",", e_exe), "trim")
-$   i = i + 1
-$   if e .eqs. "," then goto loop_exe_end
-$   set noon
-$   file = xexe_dir+ e+ ".exe"
-$   if f$search( file) .nes. ""
-$   then
-$     copy /protection = w:re 'file' wrk_sslxexe: /log
-$   endif
-$   set on
-$ goto loop_exe
-$ loop_exe_end:
-$!
-$ i = 0
-$ loop_lib: 
-$   e = f$edit(f$element(i, ",", libs),"trim")
-$   i = i + 1
-$   if e .eqs. "," then goto loop_lib_end
-$   set noon
-$! Object library.
-$   file = xexe_dir+ e+ lib32+ ".olb"
-$   if f$search( file) .nes. ""
-$   then
-$     copy /protection = w:re 'file' wrk_sslxlib: /log
-$   endif
-$! Shareable image.
-$   file = xexe_dir+ e+ shr+ ".exe"
-$   if f$search( file) .nes. ""
-$   then
-$     copy /protection = w:re 'file' wrk_sslxlib: /log
-$   endif
-$   set on
-$ goto loop_lib
-$ loop_lib_end:
-$!
-$ tidy:
-$!
-$ call deass wrk_sslroot
-$ call deass wrk_sslinclude
-$ call deass wrk_sslxexe
-$ call deass wrk_sslxlib
-$!
-$ exit
-$!
-$ deass: subroutine
-$ if (f$trnlnm( p1, "LNM$PROCESS") .nes. "")
-$ then
-$   deassign /process 'p1'
-$ endif
-$ endsubroutine
-$!
diff --git a/src/lib/libssl/src/ssl/install.com b/src/lib/libssl/src/ssl/install.com
deleted file mode 100644
index 7f56067599..0000000000
--- a/src/lib/libssl/src/ssl/install.com
+++ /dev/null
@@ -1,90 +0,0 @@
-$! INSTALL.COM -- Installs the files in a given directory tree
-$!
-$! Author: Richard Levitte <richard@levitte.org>
-$! Time of creation: 22-MAY-1998 10:13
-$!
-$! P1   root of the directory tree
-$!
-$       IF P1 .EQS. ""
-$       THEN
-$           WRITE SYS$OUTPUT "First argument missing."
-$           WRITE SYS$OUTPUT -
-                  "It should be the directory where you want things installed."
-$           EXIT
-$       ENDIF
-$
-$       IF (F$GETSYI("CPU").LT.128)
-$       THEN
-$           ARCH := VAX
-$       ELSE
-$           ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
-$           IF (ARCH .EQS. "") THEN ARCH = "UNK"
-$       ENDIF
-$
-$       ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
-$       ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
-$       ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
-                   - "[000000." - "][" - "[" - "]"
-$       ROOT = ROOT_DEV + "[" + ROOT_DIR
-$
-$       DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
-$       DEFINE/NOLOG WRK_SSLXLIB WRK_SSLROOT:['ARCH'_LIB]
-$       DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE]
-$       DEFINE/NOLOG WRK_SSLXEXE WRK_SSLROOT:['ARCH'_EXE]
-$
-$       IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
-           CREATE/DIR/LOG WRK_SSLROOT:[000000]
-$       IF F$PARSE("WRK_SSLXLIB:") .EQS. "" THEN -
-           CREATE/DIR/LOG WRK_SSLXLIB:
-$       IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN -
-           CREATE/DIR/LOG WRK_SSLINCLUDE:
-$       IF F$PARSE("WRK_SSLXEXE:") .EQS. "" THEN -
-           CREATE/DIR/LOG WRK_SSLXEXE:
-$
-$       EXHEADER := ssl.h,ssl2.h,ssl3.h,ssl23.h,tls1.h,dtls1.h,kssl.h
-$       E_EXE := ssl_task
-$       LIBS := LIBSSL
-$
-$       XEXE_DIR := [-.'ARCH'.EXE.SSL]
-$
-$       COPY 'EXHEADER' WRK_SSLINCLUDE:/LOG
-$       SET FILE/PROT=WORLD:RE WRK_SSLINCLUDE:'EXHEADER'
-$
-$       I = 0
-$ LOOP_EXE: 
-$       E = F$EDIT(F$ELEMENT(I, ",", E_EXE),"TRIM")
-$       I = I + 1
-$       IF E .EQS. "," THEN GOTO LOOP_EXE_END
-$       SET NOON
-$       IF F$SEARCH(XEXE_DIR+E+".EXE") .NES. ""
-$       THEN
-$         COPY 'XEXE_DIR''E'.EXE WRK_SSLXEXE:'E'.EXE/log
-$         SET FILE/PROT=W:RE WRK_SSLXEXE:'E'.EXE
-$       ENDIF
-$       SET ON
-$       GOTO LOOP_EXE
-$ LOOP_EXE_END:
-$
-$       I = 0
-$ LOOP_LIB: 
-$       E = F$EDIT(F$ELEMENT(I, ",", LIBS),"TRIM")
-$       I = I + 1
-$       IF E .EQS. "," THEN GOTO LOOP_LIB_END
-$       SET NOON
-$! Object library.
-$       IF F$SEARCH(XEXE_DIR+E+".OLB") .NES. ""
-$       THEN
-$         COPY 'XEXE_DIR''E'.OLB WRK_SSLXLIB:'E'.OLB/log
-$         SET FILE/PROT=W:RE WRK_SSLXLIB:'E'.OLB
-$       ENDIF
-$! Shareable image.
-$       IF F$SEARCH(XEXE_DIR+E+".EXE") .NES. ""
-$       THEN
-$         COPY 'XEXE_DIR''E'.EXE WRK_SSLXLIB:'E'.EXE/log
-$         SET FILE/PROT=W:RE WRK_SSLXLIB:'E'.EXE
-$       ENDIF
-$       SET ON
-$       GOTO LOOP_LIB
-$ LOOP_LIB_END:
-$
-$       EXIT
diff --git a/src/lib/libssl/src/ssl/kssl.h b/src/lib/libssl/src/ssl/kssl.h
index 8242fd5eeb..e4df843073 100644
--- a/src/lib/libssl/src/ssl/kssl.h
+++ b/src/lib/libssl/src/ssl/kssl.h
@@ -70,6 +70,15 @@
 #include <stdio.h>
 #include <ctype.h>
 #include <krb5.h>
+#ifdef OPENSSL_SYS_WIN32
+/* These can sometimes get redefined indirectly by krb5 header files
+ * after they get undefed in ossl_typ.h
+ */
+#undef X509_NAME
+#undef X509_EXTENSIONS
+#undef OCSP_REQUEST
+#undef OCSP_RESPONSE
+#endif
 
 #ifdef  __cplusplus
 extern "C" {
diff --git a/src/lib/libssl/src/ssl/s23_clnt.c b/src/lib/libssl/src/ssl/s23_clnt.c
index 47673e740a..2b93c639dd 100644
--- a/src/lib/libssl/src/ssl/s23_clnt.c
+++ b/src/lib/libssl/src/ssl/s23_clnt.c
@@ -269,12 +269,35 @@ static int ssl23_no_ssl2_ciphers(SSL *s)
         return 1;
         }
 
+/* Fill a ClientRandom or ServerRandom field of length len. Returns <= 0
+ * on failure, 1 on success. */
+int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len)
+        {
+        int send_time = 0;
+
+        if (len < 4)
+                return 0;
+        if (server)
+                send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
+        else
+                send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
+        if (send_time)
+                {
+                unsigned long Time = (unsigned long)time(NULL);
+                unsigned char *p = result;
+                l2n(Time, p);
+                return RAND_pseudo_bytes(p, len-4);
+                }
+        else
+                return RAND_pseudo_bytes(result, len);
+        }
+
 static int ssl23_client_hello(SSL *s)
         {
         unsigned char *buf;
         unsigned char *p,*d;
         int i,ch_len;
-        unsigned long Time,l;
+        unsigned long l;
         int ssl2_compat;
         int version = 0, version_major, version_minor;
 #ifndef OPENSSL_NO_COMP
@@ -355,9 +378,7 @@ static int ssl23_client_hello(SSL *s)
 #endif
 
                 p=s->s3->client_random;
-                Time=(unsigned long)time(NULL);         /* Time */
-                l2n(Time,p);
-                if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
+                if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
                         return -1;
 
                 if (version == TLS1_2_VERSION)
diff --git a/src/lib/libssl/src/ssl/s2_clnt.c b/src/lib/libssl/src/ssl/s2_clnt.c
index c65d27946f..03b6cf9673 100644
--- a/src/lib/libssl/src/ssl/s2_clnt.c
+++ b/src/lib/libssl/src/ssl/s2_clnt.c
@@ -359,12 +359,14 @@ static int get_server_hello(SSL *s)
                                         SSL_R_PEER_ERROR);
                         return(-1);
                         }
-#ifdef __APPLE_CC__
-                /* The Rhapsody 5.5 (a.k.a. MacOS X) compiler bug
-                 * workaround. <appro@fy.chalmers.se> */
-                s->hit=(i=*(p++))?1:0;
-#else
+#if 0
                 s->hit=(*(p++))?1:0;
+                /* Some [PPC?] compilers fail to increment p in above
+                   statement, e.g. one provided with Rhapsody 5.5, but
+                   most recent example XL C 11.1 for AIX, even without
+                   optimization flag... */
+#else
+                s->hit=(*p)?1:0; p++;
 #endif
                 s->s2->tmp.cert_type= *(p++);
                 n2s(p,i);
@@ -937,7 +939,7 @@ static int get_server_verify(SSL *s)
                 s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* SERVER-VERIFY */
         p += 1;
 
-        if (timingsafe_bcmp(p,s->s2->challenge,s->s2->challenge_length) != 0)
+        if (CRYPTO_memcmp(p,s->s2->challenge,s->s2->challenge_length) != 0)
                 {
                 ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
                 SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_CHALLENGE_IS_DIFFERENT);
diff --git a/src/lib/libssl/src/ssl/s2_pkt.c b/src/lib/libssl/src/ssl/s2_pkt.c
index b6ac9caf4a..8bb6ab8baa 100644
--- a/src/lib/libssl/src/ssl/s2_pkt.c
+++ b/src/lib/libssl/src/ssl/s2_pkt.c
@@ -269,7 +269,7 @@ static int ssl2_read_internal(SSL *s, void *buf, int len, int peek)
                         s->s2->ract_data_length-=mac_size;
                         ssl2_mac(s,mac,0);
                         s->s2->ract_data_length-=s->s2->padding;
-                        if (    (timingsafe_bcmp(mac,s->s2->mac_data,mac_size) != 0) ||
+                        if (    (CRYPTO_memcmp(mac,s->s2->mac_data,mac_size) != 0) ||
                                 (s->s2->rlength%EVP_CIPHER_CTX_block_size(s->enc_read_ctx) != 0))
                                 {
                                 SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_MAC_DECODE);
diff --git a/src/lib/libssl/src/ssl/s2_srvr.c b/src/lib/libssl/src/ssl/s2_srvr.c
index bc885e8e7f..2cba426bb7 100644
--- a/src/lib/libssl/src/ssl/s2_srvr.c
+++ b/src/lib/libssl/src/ssl/s2_srvr.c
@@ -1059,10 +1059,12 @@ static int request_certificate(SSL *s)
                 EVP_PKEY *pkey=NULL;
 
                 EVP_MD_CTX_init(&ctx);
-                EVP_VerifyInit_ex(&ctx,s->ctx->rsa_md5, NULL);
-                EVP_VerifyUpdate(&ctx,s->s2->key_material,
-                                 s->s2->key_material_length);
-                EVP_VerifyUpdate(&ctx,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
+                if (!EVP_VerifyInit_ex(&ctx,s->ctx->rsa_md5, NULL)
+                    || !EVP_VerifyUpdate(&ctx,s->s2->key_material,
+                                         s->s2->key_material_length)
+                    || !EVP_VerifyUpdate(&ctx,ccd,
+                                         SSL2_MIN_CERT_CHALLENGE_LENGTH))
+                        goto msg_end;
 
                 i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL);
                 buf2=OPENSSL_malloc((unsigned int)i);
@@ -1073,7 +1075,11 @@ static int request_certificate(SSL *s)
                         }
                 p2=buf2;
                 i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&p2);
-                EVP_VerifyUpdate(&ctx,buf2,(unsigned int)i);
+                if (!EVP_VerifyUpdate(&ctx,buf2,(unsigned int)i))
+                        {
+                        OPENSSL_free(buf2);
+                        goto msg_end;
+                        }
                 OPENSSL_free(buf2);
 
                 pkey=X509_get_pubkey(x509);
diff --git a/src/lib/libssl/src/ssl/s3_both.c b/src/lib/libssl/src/ssl/s3_both.c
index ed0fcfc532..53b9390fdd 100644
--- a/src/lib/libssl/src/ssl/s3_both.c
+++ b/src/lib/libssl/src/ssl/s3_both.c
@@ -206,10 +206,10 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
 
 #ifndef OPENSSL_NO_NEXTPROTONEG
 /* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen to far. */
-static void ssl3_take_mac(SSL *s) {
+static void ssl3_take_mac(SSL *s)
+        {
         const char *sender;
         int slen;
-
         /* If no new cipher setup return immediately: other functions will
          * set the appropriate error.
          */
@@ -228,7 +228,7 @@ static void ssl3_take_mac(SSL *s) {
 
         s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
                 sender,slen,s->s3->tmp.peer_finish_md);
-}
+        }
 #endif
 
 int ssl3_get_finished(SSL *s, int a, int b)
@@ -238,8 +238,9 @@ int ssl3_get_finished(SSL *s, int a, int b)
         unsigned char *p;
 
 #ifdef OPENSSL_NO_NEXTPROTONEG
-        /* the mac has already been generated when we received the change
-         * cipher spec message and is in s->s3->tmp.peer_finish_md. */
+        /* the mac has already been generated when we received the
+         * change cipher spec message and is in s->s3->tmp.peer_finish_md.
+         */ 
 #endif
 
         n=s->method->ssl_get_message(s,
@@ -270,7 +271,7 @@ int ssl3_get_finished(SSL *s, int a, int b)
                 goto f_err;
                 }
 
-        if (timingsafe_bcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
+        if (CRYPTO_memcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
                 {
                 al=SSL_AD_DECRYPT_ERROR;
                 SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);
@@ -544,12 +545,14 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
                 s->init_num += i;
                 n -= i;
                 }
+
 #ifndef OPENSSL_NO_NEXTPROTONEG
         /* If receiving Finished, record MAC of prior handshake messages for
          * Finished verification. */
         if (*s->init_buf->data == SSL3_MT_FINISHED)
                 ssl3_take_mac(s);
 #endif
+
         /* Feed this message into MAC computation. */
         ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
         if (s->msg_callback)
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index b80d052e1f..a6b3c01afa 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -459,7 +459,6 @@ int ssl3_connect(SSL *s)
                                 SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
                         if (ret <= 0) goto end;
 
-
 #if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
                         s->state=SSL3_ST_CW_FINISHED_A;
 #else
@@ -656,7 +655,7 @@ int ssl3_client_hello(SSL *s)
         unsigned char *buf;
         unsigned char *p,*d;
         int i;
-        unsigned long Time,l;
+        unsigned long l;
 #ifndef OPENSSL_NO_COMP
         int j;
         SSL_COMP *comp;
@@ -681,9 +680,8 @@ int ssl3_client_hello(SSL *s)
                 /* else use the pre-loaded session */
 
                 p=s->s3->client_random;
-                Time=(unsigned long)time(NULL);                 /* Time */
-                l2n(Time,p);
-                if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
+
+                if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0)
                         goto err;
 
                 /* Do the message type and length last */
@@ -987,7 +985,10 @@ int ssl3_get_server_hello(SSL *s)
          * client authentication.
          */
         if (TLS1_get_version(s) < TLS1_2_VERSION && !ssl3_digest_cached_records(s))
+                {
+                al = SSL_AD_INTERNAL_ERROR;
                 goto f_err;
+                }
         /* lets get the compression algorithm */
         /* COMPRESSION */
 #ifdef OPENSSL_NO_COMP
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c
index b73b5ac87f..c4ef2738d7 100644
--- a/src/lib/libssl/src/ssl/s3_lib.c
+++ b/src/lib/libssl/src/ssl/s3_lib.c
@@ -1125,7 +1125,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         0, /* not implemented (non-ephemeral DH) */
         TLS1_TXT_DH_DSS_WITH_AES_128_SHA256,
         TLS1_CK_DH_DSS_WITH_AES_128_SHA256,
-        SSL_kDHr,
+        SSL_kDHd,
         SSL_aDH,
         SSL_AES128,
         SSL_SHA256,
@@ -1407,7 +1407,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         0, /* not implemented (non-ephemeral DH) */
         TLS1_TXT_DH_DSS_WITH_AES_256_SHA256,
         TLS1_CK_DH_DSS_WITH_AES_256_SHA256,
-        SSL_kDHr,
+        SSL_kDHd,
         SSL_aDH,
         SSL_AES256,
         SSL_SHA256,
@@ -1683,7 +1683,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL_3DES,
         SSL_SHA1,
         SSL_TLSV1,
-        SSL_NOT_EXP|SSL_HIGH,
+        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
         168,
         168,
@@ -1699,7 +1699,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL_AES128,
         SSL_SHA1,
         SSL_TLSV1,
-        SSL_NOT_EXP|SSL_HIGH,
+        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
         128,
         128,
@@ -1715,7 +1715,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         SSL_AES256,
         SSL_SHA1,
         SSL_TLSV1,
-        SSL_NOT_EXP|SSL_HIGH,
+        SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
         SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
         256,
         256,
@@ -1958,7 +1958,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         0,
         TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256,
         TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256,
-        SSL_kDHr,
+        SSL_kDHd,
         SSL_aDH,
         SSL_AES128GCM,
         SSL_AEAD,
@@ -1974,7 +1974,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         0,
         TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384,
         TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384,
-        SSL_kDHr,
+        SSL_kDHd,
         SSL_aDH,
         SSL_AES256GCM,
         SSL_AEAD,
@@ -2669,7 +2669,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         1,
         TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
         TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
-        SSL_kECDHe,
+        SSL_kECDHr,
         SSL_aECDH,
         SSL_AES128,
         SSL_SHA256,
@@ -2685,7 +2685,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         1,
         TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
         TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
-        SSL_kECDHe,
+        SSL_kECDHr,
         SSL_aECDH,
         SSL_AES256,
         SSL_SHA384,
@@ -2799,7 +2799,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         1,
         TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256,
         TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
-        SSL_kECDHe,
+        SSL_kECDHr,
         SSL_aECDH,
         SSL_AES128GCM,
         SSL_AEAD,
@@ -2815,7 +2815,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
         1,
         TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384,
         TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384,
-        SSL_kECDHe,
+        SSL_kECDHr,
         SSL_aECDH,
         SSL_AES256GCM,
         SSL_AEAD,
@@ -3037,6 +3037,11 @@ void ssl3_clear(SSL *s)
                 s->s3->tmp.ecdh = NULL;
                 }
 #endif
+#ifndef OPENSSL_NO_TLSEXT
+#ifndef OPENSSL_NO_EC
+        s->s3->is_probably_safari = 0;
+#endif /* !OPENSSL_NO_EC */
+#endif /* !OPENSSL_NO_TLSEXT */
 
         rp = s->s3->rbuf.buf;
         wp = s->s3->wbuf.buf;
@@ -4016,6 +4021,13 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
                 ii=sk_SSL_CIPHER_find(allow,c);
                 if (ii >= 0)
                         {
+#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT)
+                        if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari)
+                                {
+                                if (!ret) ret=sk_SSL_CIPHER_value(allow,ii);
+                                continue;
+                                }
+#endif
                         ret=sk_SSL_CIPHER_value(allow,ii);
                         break;
                         }
diff --git a/src/lib/libssl/src/ssl/s3_pkt.c b/src/lib/libssl/src/ssl/s3_pkt.c
index 722ed9a858..96ba63262e 100644
--- a/src/lib/libssl/src/ssl/s3_pkt.c
+++ b/src/lib/libssl/src/ssl/s3_pkt.c
@@ -335,7 +335,7 @@ fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
                         if (version != s->version)
                                 {
                                 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
-                                if ((s->version & 0xFF00) == (version & 0xFF00))
+                                if ((s->version & 0xFF00) == (version & 0xFF00) && !s->enc_write_ctx && !s->write_hash)
                                         /* Send back error using their minor version number :-) */
                                         s->version = (unsigned short)version;
                                 al=SSL_AD_PROTOCOL_VERSION;
@@ -407,7 +407,7 @@ fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
         if (enc_err == 0)
                 {
                 al=SSL_AD_DECRYPTION_FAILED;
-                SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+                SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
                 goto f_err;
                 }
 
@@ -467,7 +467,7 @@ printf("\n");
                         }
 
                 i=s->method->ssl3_enc->mac(s,md,0 /* not send */);
-                if (i < 0 || mac == NULL || timingsafe_bcmp(md, mac, (size_t)mac_size) != 0)
+                if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
                         enc_err = -1;
                 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
                         enc_err = -1;
@@ -748,6 +748,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
          * bytes and record version number > TLS 1.0
          */
         if (s->state == SSL3_ST_CW_CLNT_HELLO_B
+                                && !s->renegotiate
                                 && TLS1_get_version(s) > TLS1_VERSION)
                 *(p++) = 0x1;
         else
@@ -1054,7 +1055,7 @@ start:
                                 {
                                 s->rstate=SSL_ST_READ_HEADER;
                                 rr->off=0;
-                                if (s->mode & SSL_MODE_RELEASE_BUFFERS && s->s3->rbuf.left == 0)
+                                if (s->mode & SSL_MODE_RELEASE_BUFFERS)
                                         ssl3_release_read_buffer(s);
                                 }
                         }
@@ -1242,7 +1243,7 @@ start:
                                 goto f_err;
                                 }
 #ifdef SSL_AD_MISSING_SRP_USERNAME
-                        if (alert_descr == SSL_AD_MISSING_SRP_USERNAME)
+                        else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME)
                                 return(0);
 #endif
                         }
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index 118939fabb..9ac19c05f2 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -191,7 +191,8 @@ static int ssl_check_srp_ext_ClientHello(SSL *s, int *al)
                 {
                 if(s->srp_ctx.login == NULL)
                         {
-                        /* There isn't any srp login extension !!! */
+                        /* RFC 5054 says SHOULD reject, 
+                           we do so if There is no srp login name */
                         ret = SSL3_AL_FATAL;
                         *al = SSL_AD_UNKNOWN_PSK_IDENTITY;
                         }
@@ -378,6 +379,7 @@ int ssl3_accept(SSL *s)
                                 }
                         }
 #endif          
+                        
                         s->renegotiate = 2;
                         s->state=SSL3_ST_SW_SRVR_HELLO_A;
                         s->init_num=0;
@@ -956,7 +958,8 @@ int ssl3_get_client_hello(SSL *s)
             (s->version != DTLS1_VERSION && s->client_version < s->version))
                 {
                 SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
-                if ((s->client_version>>8) == SSL3_VERSION_MAJOR)
+                if ((s->client_version>>8) == SSL3_VERSION_MAJOR && 
+                        !s->enc_write_ctx && !s->write_hash)
                         {
                         /* similar to ssl3_get_record, send alert using remote version number */
                         s->version = s->client_version;
@@ -1181,7 +1184,7 @@ int ssl3_get_client_hello(SSL *s)
                         goto f_err;
                         }
                 }
-                if (ssl_check_clienthello_tlsext(s) <= 0) {
+                if (ssl_check_clienthello_tlsext_early(s) <= 0) {
                         SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
                         goto err;
                 }
@@ -1191,12 +1194,9 @@ int ssl3_get_client_hello(SSL *s)
          * server_random before calling tls_session_secret_cb in order to allow
          * SessionTicket processing to use it in key derivation. */
         {
-                unsigned long Time;
                 unsigned char *pos;
-                Time=(unsigned long)time(NULL);                 /* Time */
                 pos=s->s3->server_random;
-                l2n(Time,pos);
-                if (RAND_pseudo_bytes(pos,SSL3_RANDOM_SIZE-4) <= 0)
+                if (ssl_fill_hello_random(s, 1, pos, SSL3_RANDOM_SIZE) <= 0)
                         {
                         al=SSL_AD_INTERNAL_ERROR;
                         goto f_err;
@@ -1389,7 +1389,10 @@ int ssl3_get_client_hello(SSL *s)
         if (TLS1_get_version(s) < TLS1_2_VERSION || !(s->verify_mode & SSL_VERIFY_PEER))
                 {
                 if (!ssl3_digest_cached_records(s))
+                        {
+                        al = SSL_AD_INTERNAL_ERROR;
                         goto f_err;
+                        }
                 }
         
         /* we now have the following setup. 
@@ -1403,6 +1406,16 @@ int ssl3_get_client_hello(SSL *s)
          * s->tmp.new_cipher    - the new cipher to use.
          */
 
+        /* Handles TLS extensions that we couldn't check earlier */
+        if (s->version >= SSL3_VERSION)
+                {
+                if (ssl_check_clienthello_tlsext_late(s) <= 0)
+                        {
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
+                        goto err;
+                        }
+                }
+
         if (ret < 0) ret=1;
         if (0)
                 {
@@ -1420,19 +1433,13 @@ int ssl3_send_server_hello(SSL *s)
         unsigned char *p,*d;
         int i,sl;
         unsigned long l;
-#ifdef OPENSSL_NO_TLSEXT
-        unsigned long Time;
-#endif
 
         if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
                 {
                 buf=(unsigned char *)s->init_buf->data;
 #ifdef OPENSSL_NO_TLSEXT
                 p=s->s3->server_random;
-                /* Generate server_random if it was not needed previously */
-                Time=(unsigned long)time(NULL);                 /* Time */
-                l2n(Time,p);
-                if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
+                if (ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE) <= 0)
                         return -1;
 #endif
                 /* Do the message type and length last */
@@ -1823,7 +1830,7 @@ int ssl3_send_server_key_exchange(SSL *s)
                         SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
                         goto f_err;
                         }
-                for (i=0; r[i] != NULL && i<4; i++)
+                for (i=0; i < 4 && r[i] != NULL; i++)
                         {
                         nr[i]=BN_num_bytes(r[i]);
 #ifndef OPENSSL_NO_SRP
@@ -1859,7 +1866,7 @@ int ssl3_send_server_key_exchange(SSL *s)
                 d=(unsigned char *)s->init_buf->data;
                 p= &(d[4]);
 
-                for (i=0; r[i] != NULL && i<4; i++)
+                for (i=0; i < 4 && r[i] != NULL; i++)
                         {
 #ifndef OPENSSL_NO_SRP
                         if ((i == 2) && (type & SSL_kSRP))
diff --git a/src/lib/libssl/src/ssl/ssl-lib.com b/src/lib/libssl/src/ssl/ssl-lib.com
deleted file mode 100644
index a77f7707f2..0000000000
--- a/src/lib/libssl/src/ssl/ssl-lib.com
+++ /dev/null
@@ -1,1214 +0,0 @@
-$!
-$!  SSL-LIB.COM
-$!  Written By:  Robert Byer
-$!               Vice-President
-$!               A-Com Computing, Inc.
-$!               byer@mail.all-net.net
-$!
-$!  Changes by Richard Levitte <richard@levitte.org>
-$!
-$!  This command file compiles and creates the "[.xxx.EXE.SSL]LIBSSL.OLB" 
-$!  library for OpenSSL.  The "xxx" denotes the machine architecture of
-$!  ALPHA, IA64 or VAX.
-$!
-$!  It is written to detect what type of machine you are compiling on
-$!  (i.e. ALPHA or VAX) and which "C" compiler you have (i.e. VAXC, DECC 
-$!  or GNU C) or you can specify which compiler to use.
-$!
-$!  Specify the following as P1 to build just that part or ALL to just
-$!  build everything.
-$!
-$!              LIBRARY    To just compile the [.xxx.EXE.SSL]LIBSSL.OLB Library.
-$!              SSL_TASK   To just compile the [.xxx.EXE.SSL]SSL_TASK.EXE
-$!
-$!  Specify DEBUG or NODEBUG as P2 to compile with or without debugger
-$!  information.
-$!
-$!  Specify which compiler at P3 to try to compile under.
-$!
-$!         VAXC  For VAX C.
-$!         DECC  For DEC C.
-$!         GNUC  For GNU C.
-$!
-$!  If you don't specify a compiler, it will try to determine which
-$!  "C" compiler to use.
-$!
-$!  P4, if defined, sets a TCP/IP library to use, through one of the following
-$!  keywords:
-$!
-$!      UCX             for UCX
-$!      TCPIP           for TCPIP (post UCX)
-$!      SOCKETSHR       for SOCKETSHR+NETLIB
-$!
-$!  P5, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
-$!
-$!  P6, if defined, specifies the C pointer size.  Ignored on VAX.
-$!      ("64=ARGV" gives more efficient code with HP C V7.3 or newer.)
-$!      Supported values are:
-$!
-$!      ""       Compile with default (/NOPOINTER_SIZE)
-$!      32       Compile with /POINTER_SIZE=32 (SHORT)
-$!      64       Compile with /POINTER_SIZE=64[=ARGV] (LONG[=ARGV])
-$!               (Automatically select ARGV if compiler supports it.)
-$!      64=      Compile with /POINTER_SIZE=64 (LONG).
-$!      64=ARGV  Compile with /POINTER_SIZE=64=ARGV (LONG=ARGV).
-$!
-$!  P7, if defined, specifies a directory where ZLIB files (zlib.h,
-$!  libz.olb) may be found.  Optionally, a non-default object library
-$!  name may be included ("dev:[dir]libz_64.olb", for example).
-$!
-$!
-$! Announce/identify.
-$!
-$ proc = f$environment( "procedure")
-$ write sys$output "@@@ "+ -
-   f$parse( proc, , , "name")+ f$parse( proc, , , "type")
-$!
-$! Define A TCP/IP Library That We Will Need To Link To.
-$! (That Is, If We Need To Link To One.)
-$!
-$ TCPIP_LIB = ""
-$ ZLIB_LIB = ""
-$!
-$! Check What Architecture We Are Using.
-$!
-$ IF (F$GETSYI("CPU").LT.128)
-$ THEN
-$!
-$!  The Architecture Is VAX.
-$!
-$   ARCH = "VAX"
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$!  The Architecture Is Alpha, IA64 or whatever comes in the future.
-$!
-$   ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
-$   IF (ARCH .EQS. "") THEN ARCH = "UNK"
-$!
-$! End The Architecture Check.
-$!
-$ ENDIF
-$!
-$ ARCHD = ARCH
-$ LIB32 = "32"
-$ OPT_FILE = ""
-$ POINTER_SIZE = ""
-$!
-$! Check To Make Sure We Have Valid Command Line Parameters.
-$!
-$ GOSUB CHECK_OPTIONS
-$!
-$! Define The OBJ and EXE Directories.
-$!
-$ OBJ_DIR := SYS$DISK:[-.'ARCHD'.OBJ.SSL]
-$ EXE_DIR := SYS$DISK:[-.'ARCHD'.EXE.SSL]
-$!
-$! Specify the destination directory in any /MAP option.
-$!
-$ if (LINKMAP .eqs. "MAP")
-$ then
-$   LINKMAP = LINKMAP+ "=''EXE_DIR'"
-$ endif
-$!
-$! Add the location prefix to the linker options file name.
-$!
-$ if (OPT_FILE .nes. "")
-$ then
-$   OPT_FILE = EXE_DIR+ OPT_FILE
-$ endif
-$!
-$! Initialise logical names and such
-$!
-$ GOSUB INITIALISE
-$!
-$! Tell The User What Kind of Machine We Run On.
-$!
-$ WRITE SYS$OUTPUT "Host system architecture: ''ARCHD'"
-$!
-$! Check To See If The Architecture Specific OBJ Directory Exists.
-$!
-$ IF (F$PARSE(OBJ_DIR).EQS."")
-$ THEN
-$!
-$!  It Dosen't Exist, So Create It.
-$!
-$   CREATE/DIR 'OBJ_DIR'
-$!
-$! End The Architecture Specific OBJ Directory Check.
-$!
-$ ENDIF
-$!
-$! Check To See If The Architecture Specific Directory Exists.
-$!
-$ IF (F$PARSE(EXE_DIR).EQS."")
-$ THEN
-$!
-$!  It Dosen't Exist, So Create It.
-$!
-$   CREATE/DIR 'EXE_DIR'
-$!
-$! End The Architecture Specific Directory Check.
-$!
-$ ENDIF
-$!
-$! Define The Library Name.
-$!
-$ SSL_LIB := 'EXE_DIR'SSL_LIBSSL'LIB32'.OLB
-$!
-$! Define The CRYPTO-LIB We Are To Use.
-$!
-$ CRYPTO_LIB := SYS$DISK:[-.'ARCHD'.EXE.CRYPTO]SSL_LIBCRYPTO'LIB32'.OLB
-$!
-$! Set up exceptional compilations.
-$!
-$ CC5_SHOWN = 0
-$!
-$! Check To See What We Are To Do.
-$!
-$ IF (BUILDALL.EQS."TRUE")
-$ THEN
-$!
-$!  Since Nothing Special Was Specified, Do Everything.
-$!
-$   GOSUB LIBRARY
-$   GOSUB SSL_TASK
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$!  Build Just What The User Wants Us To Build.
-$!
-$   GOSUB 'BUILDALL'
-$!
-$! End The BUILDALL Check.
-$!
-$ ENDIF
-$!
-$! Time To EXIT.
-$!
-$ EXIT:
-$ GOSUB CLEANUP
-$ EXIT   
-$!
-$! Compile The Library.
-$!
-$ LIBRARY:
-$!
-$! Check To See If We Already Have A "[.xxx.EXE.SSL]SSL_LIBSSL''LIB32'.OLB" Library...
-$!
-$ IF (F$SEARCH(SSL_LIB).EQS."")
-$ THEN
-$!
-$! Guess Not, Create The Library.
-$!
-$   LIBRARY/CREATE/OBJECT 'SSL_LIB'
-$!
-$! End The Library Exist Check.
-$!
-$ ENDIF
-$!
-$! Define The Different SSL "library" Files.
-$!
-$ LIB_SSL = "s2_meth,s2_srvr,s2_clnt,s2_lib,s2_enc,s2_pkt,"+ -
-            "s3_meth,s3_srvr,s3_clnt,s3_lib,s3_enc,s3_pkt,s3_both,"+ -
-            "s23_meth,s23_srvr,s23_clnt,s23_lib,s23_pkt,"+ -
-            "t1_meth,t1_srvr,t1_clnt,t1_lib,t1_enc,"+ -
-            "d1_meth,d1_srvr,d1_clnt,d1_lib,d1_pkt,"+ -
-            "d1_both,d1_enc,d1_srtp,"+ -
-            "ssl_lib,ssl_err2,ssl_cert,ssl_sess,"+ -
-            "ssl_ciph,ssl_stat,ssl_rsa,"+ -
-            "ssl_asn1,ssl_txt,ssl_algs,"+ -
-            "bio_ssl,ssl_err,kssl,tls_srp,t1_reneg"
-$!
-$ COMPILEWITH_CC5 = ""
-$!
-$! Tell The User That We Are Compiling The Library.
-$!
-$ WRITE SYS$OUTPUT "Building The ",SSL_LIB," Library."
-$!
-$! Define A File Counter And Set It To "0"
-$!
-$ FILE_COUNTER = 0
-$!
-$! Top Of The File Loop.
-$!
-$ NEXT_FILE:
-$!
-$! O.K, Extract The File Name From The File List.
-$!
-$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",LIB_SSL)
-$!
-$! Check To See If We Are At The End Of The File List.
-$!
-$ IF (FILE_NAME.EQS.",") THEN GOTO FILE_DONE
-$!
-$! Increment The Counter.
-$!
-$ FILE_COUNTER = FILE_COUNTER + 1
-$!
-$! Create The Source File Name.
-$!
-$ SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME + ".C"
-$!
-$! Create The Object File Name.
-$!
-$ OBJECT_FILE = OBJ_DIR + FILE_NAME + ".OBJ"
-$ ON WARNING THEN GOTO NEXT_FILE
-$!
-$! Check To See If The File We Want To Compile Is Actually There.
-$!
-$ IF (F$SEARCH(SOURCE_FILE).EQS."")
-$ THEN
-$!
-$!  Tell The User That The File Dosen't Exist.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Dosen't Exist."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Exit The Build.
-$!
-$   EXIT
-$!
-$! End The File Exists Check.
-$!
-$ ENDIF
-$!
-$!  Tell The User What File We Are Compiling.
-$!
-$ WRITE SYS$OUTPUT "    ",FILE_NAME,".c"
-$!
-$! Compile The File.
-$!
-$ ON ERROR THEN GOTO NEXT_FILE
-$ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
-$!
-$! Add It To The Library.
-$!
-$ LIBRARY/REPLACE/OBJECT 'SSL_LIB' 'OBJECT_FILE'
-$!
-$! Time To Clean Up The Object File.
-$!
-$ DELETE 'OBJECT_FILE';*
-$!
-$! Go Back And Get The Next File Name.
-$!
-$ GOTO NEXT_FILE
-$!
-$! All Done With This Library.
-$!
-$ FILE_DONE:
-$!
-$! Tell The User That We Are All Done.
-$!
-$ WRITE SYS$OUTPUT "Library ",SSL_LIB," Compiled."
-$!
-$! Time To RETURN.
-$!
-$ RETURN
-$ SSL_TASK:
-$!
-$! Check To See If We Have The Proper Libraries.
-$!
-$ GOSUB LIB_CHECK
-$!
-$! Check To See If We Have A Linker Option File.
-$!
-$ GOSUB CHECK_OPT_FILE
-$!
-$! Check To See If The File We Want To Compile Is Actually There.
-$!
-$ IF (F$SEARCH("SYS$DISK:[]SSL_TASK.C").EQS."")
-$ THEN
-$!
-$!  Tell The User That The File Dosen't Exist.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The File SSL_TASK.C Dosen't Exist."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Exit The Build.
-$!
-$   EXIT
-$!
-$! End The SSL_TASK.C File Check.
-$!
-$ ENDIF
-$!
-$ COMPILEWITH_CC5 = "" !!! ",ssl_task,"
-$!
-$! Tell The User We Are Creating The SSL_TASK.
-$!
-$! Tell The User We Are Creating The SSL_TASK.
-$!
-$ WRITE SYS$OUTPUT "Creating SSL_TASK OSU HTTP SSL Engine."     
-$!
-$!  Tell The User What File We Are Compiling.
-$!
-$ FILE_NAME = "ssl_task"
-$ WRITE SYS$OUTPUT "    ",FILE_NAME,".c"
-$!
-$! Compile The File.
-$!
-$ ON ERROR THEN GOTO SSL_TASK_END
-$!
-$ FILE_NAME0 = ","+ F$ELEMENT(0,".",FILE_NAME)+ ","
-$ IF COMPILEWITH_CC5 - FILE_NAME0 .NES. COMPILEWITH_CC5
-$ THEN
-$   if (.not. CC5_SHOWN)
-$   then
-$     CC5_SHOWN = 1
-$     write sys$output "        \Using special rule (5)"
-$     x = "    "+ CC5
-$     write /symbol sys$output x
-$   endif
-$   CC5 /OBJECT='OBJ_DIR''FILE_NAME'.OBJ SYS$DISK:[]'FILE_NAME'.C
-$ ELSE
-$   CC /OBJECT='OBJ_DIR''FILE_NAME'.OBJ SYS$DISK:[]'FILE_NAME'.C
-$ ENDIF
-$!
-$! Link The Program.
-$!
-$ LINK /'DEBUGGER' /'LINKMAP' /'TRACEBACK' /EXE='EXE_DIR'SSL_TASK.EXE -
-   'OBJ_DIR'SSL_TASK.OBJ, -
-   'SSL_LIB'/LIBRARY, -
-   'CRYPTO_LIB'/LIBRARY -
-   'TCPIP_LIB' -
-   'ZLIB_LIB' -
-   ,'OPT_FILE' /OPTIONS
-$!
-$! Time To Return.
-$!
-$SSL_TASK_END:
-$ RETURN
-$!
-$! Check For The Link Option FIle.
-$!
-$ CHECK_OPT_FILE:
-$!
-$! Check To See If We Need To Make A VAX C Option File.
-$!
-$ IF (COMPILER.EQS."VAXC")
-$ THEN
-$!
-$!  Check To See If We Already Have A VAX C Linker Option File.
-$!
-$   IF (F$SEARCH(OPT_FILE).EQS."")
-$   THEN
-$!
-$!    We Need A VAX C Linker Option File.
-$!
-$     CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File To Link Against 
-! The Sharable VAX C Runtime Library.
-!
-SYS$SHARE:VAXCRTL.EXE/SHARE
-$EOD
-$!
-$!  End The Option File Check.
-$!
-$   ENDIF
-$!
-$! End The VAXC Check.
-$!
-$ ENDIF
-$!
-$! Check To See If We Need A GNU C Option File.
-$!
-$ IF (COMPILER.EQS."GNUC")
-$ THEN
-$!
-$!  Check To See If We Already Have A GNU C Linker Option File.
-$!
-$   IF (F$SEARCH(OPT_FILE).EQS."")
-$   THEN
-$!
-$!    We Need A GNU C Linker Option File.
-$!
-$     CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File To Link Against 
-! The Sharable C Runtime Library.
-!
-GNU_CC:[000000]GCCLIB/LIBRARY
-SYS$SHARE:VAXCRTL/SHARE
-$EOD
-$!
-$!  End The Option File Check.
-$!
-$   ENDIF
-$!
-$! End The GNU C Check.
-$!
-$ ENDIF
-$!
-$! Check To See If We Need A DEC C Option File.
-$!
-$ IF (COMPILER.EQS."DECC")
-$ THEN
-$!
-$!  Check To See If We Already Have A DEC C Linker Option File.
-$!
-$   IF (F$SEARCH(OPT_FILE).EQS."")
-$   THEN
-$!
-$!    Figure Out If We Need A non-VAX Or A VAX Linker Option File.
-$!
-$     IF (ARCH.EQS."VAX")
-$     THEN
-$!
-$!      We Need A DEC C Linker Option File For VAX.
-$!
-$       CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File To Link Against 
-! The Sharable DEC C Runtime Library.
-!
-SYS$SHARE:DECC$SHR.EXE/SHARE
-$EOD
-$!
-$!    Else...
-$!
-$     ELSE
-$!
-$!      Create The non-VAX Linker Option File.
-$!
-$       CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File For non-VAX To Link Against 
-! The Sharable C Runtime Library.
-!
-SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
-SYS$SHARE:CMA$OPEN_RTL/SHARE
-$EOD
-$!
-$!    End The DEC C Option File Check.
-$!
-$     ENDIF
-$!
-$!  End The Option File Search.
-$!
-$   ENDIF
-$!
-$! End The DEC C Check.
-$!
-$ ENDIF
-$!
-$!  Tell The User What Linker Option File We Are Using.
-$!
-$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"."     
-$!
-$! Time To RETURN.
-$!
-$ RETURN
-$ LIB_CHECK:
-$!
-$! Look For The VAX Library LIBSSL.OLB.
-$!
-$ IF (F$SEARCH(SSL_LIB).EQS."")
-$ THEN
-$!
-$!  Tell The User We Can't Find The LIBSSL.OLB Library.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "Can't Find The Library ",SSL_LIB,"."
-$   WRITE SYS$OUTPUT "We Can't Link Without It."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Since We Can't Link Without It, Exit.
-$!
-$   EXIT
-$!
-$! End The LIBSSL.OLB Library Check.
-$!
-$ ENDIF
-$!
-$! Look For The Library LIBCRYPTO.OLB.
-$!
-$ IF (F$SEARCH(CRYPTO_LIB).EQS."")
-$ THEN
-$!
-$!  Tell The User We Can't Find The LIBCRYPTO.OLB Library.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "Can't Find The Library ",CRYPTO_LIB,"."
-$   WRITE SYS$OUTPUT "We Can't Link Without It."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Since We Can't Link Without It, Exit.
-$!
-$   EXIT
-$!
-$! End The LIBCRYPTO.OLB Library Check.
-$!
-$ ENDIF
-$!
-$! Time To Return.
-$!
-$ RETURN
-$!
-$! Check The User's Options.
-$!
-$ CHECK_OPTIONS:
-$!
-$! Check To See If P1 Is Blank.
-$!
-$ IF (P1.EQS."ALL")
-$ THEN
-$!
-$!   P1 Is Blank, So Build Everything.
-$!
-$    BUILDALL = "TRUE"
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$!  Else, Check To See If P1 Has A Valid Argument.
-$!
-$   IF (P1.EQS."LIBRARY").OR.(P1.EQS."SSL_TASK")
-$   THEN
-$!
-$!    A Valid Argument.
-$!
-$     BUILDALL = P1
-$!
-$!  Else...
-$!
-$   ELSE
-$!
-$!    Tell The User We Don't Know What They Want.
-$!
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "The Option ",P1," Is Invalid.  The Valid Options Are:"
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "    ALL      :  Just Build Everything."
-$     WRITE SYS$OUTPUT "    LIBRARY  :  To Compile Just The [.xxx.EXE.SSL]LIBSSL.OLB Library."
-$     WRITE SYS$OUTPUT "    SSL_TASK :  To Compile Just The [.xxx.EXE.SSL]SSL_TASK.EXE Program."
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT " Where 'xxx' Stands For:"
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "    ALPHA[64]:  Alpha Architecture."
-$     WRITE SYS$OUTPUT "    IA64[64] :  IA64 Architecture."
-$     WRITE SYS$OUTPUT "    VAX      :  VAX Architecture."
-$     WRITE SYS$OUTPUT ""
-$!
-$!    Time To EXIT.
-$!
-$     EXIT
-$!
-$!  End The Valid Argument Check.
-$!
-$   ENDIF
-$!
-$! End The P1 Check.
-$!
-$ ENDIF
-$!
-$! Check To See If P2 Is Blank.
-$!
-$ IF (P2.EQS."NODEBUG")
-$ THEN
-$!
-$!  P2 Is NODEBUG, So Compile Without Debugger Information.
-$!
-$   DEBUGGER  = "NODEBUG"
-$   LINKMAP = "NOMAP"
-$   TRACEBACK = "NOTRACEBACK" 
-$   GCC_OPTIMIZE = "OPTIMIZE"
-$   CC_OPTIMIZE = "OPTIMIZE"
-$   WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
-$   WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$!  Check To See If We Are To Compile With Debugger Information.
-$!
-$   IF (P2.EQS."DEBUG")
-$   THEN
-$!
-$!    Compile With Debugger Information.
-$!
-$     DEBUGGER  = "DEBUG"
-$     LINKMAP = "MAP"
-$     TRACEBACK = "TRACEBACK"
-$     GCC_OPTIMIZE = "NOOPTIMIZE"
-$     CC_OPTIMIZE = "NOOPTIMIZE"
-$     WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile."
-$     WRITE SYS$OUTPUT "Compiling Without Compiler Optimization."
-$   ELSE
-$!
-$!    Tell The User Entered An Invalid Option.
-$!
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "The Option ",P2," Is Invalid.  The Valid Options Are:"
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "    DEBUG    :  Compile With The Debugger Information."
-$     WRITE SYS$OUTPUT "    NODEBUG  :  Compile Without The Debugger Information."
-$     WRITE SYS$OUTPUT ""
-$!
-$!    Time To EXIT.
-$!
-$     EXIT
-$!
-$!  End The Valid Argument Check.
-$!
-$   ENDIF
-$!
-$! End The P2 Check.
-$!
-$ ENDIF
-$!
-$! Special Threads For OpenVMS v7.1 Or Later
-$!
-$! Written By:  Richard Levitte
-$!              richard@levitte.org
-$!
-$!
-$! Check To See If We Have A Option For P5.
-$!
-$ IF (P5.EQS."")
-$ THEN
-$!
-$!  Get The Version Of VMS We Are Using.
-$!
-$   ISSEVEN :=
-$   TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION")))
-$   TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP))
-$!
-$!  Check To See If The VMS Version Is v7.1 Or Later.
-$!
-$   IF (TMP.GE.71)
-$   THEN
-$!
-$!    We Have OpenVMS v7.1 Or Later, So Use The Special Threads.
-$!
-$     ISSEVEN := ,PTHREAD_USE_D4
-$!
-$!  End The VMS Version Check.
-$!
-$   ENDIF
-$!
-$! End The P5 Check.
-$!
-$ ENDIF
-$!
-$! Check P6 (POINTER_SIZE).
-$!
-$ IF (P6 .NES. "") .AND. (ARCH .NES. "VAX")
-$ THEN
-$!
-$   IF (P6 .EQS. "32")
-$   THEN
-$     POINTER_SIZE = " /POINTER_SIZE=32"
-$   ELSE
-$     POINTER_SIZE = F$EDIT( P6, "COLLAPSE, UPCASE")
-$     IF ((POINTER_SIZE .EQS. "64") .OR. -
-       (POINTER_SIZE .EQS. "64=") .OR. -
-       (POINTER_SIZE .EQS. "64=ARGV"))
-$     THEN
-$       ARCHD = ARCH+ "_64"
-$       LIB32 = ""
-$       POINTER_SIZE = " /POINTER_SIZE=64"
-$     ELSE
-$!
-$!      Tell The User Entered An Invalid Option.
-$!
-$       WRITE SYS$OUTPUT ""
-$       WRITE SYS$OUTPUT "The Option ", P6, -
-         " Is Invalid.  The Valid Options Are:"
-$       WRITE SYS$OUTPUT ""
-$       WRITE SYS$OUTPUT -
-         "    """"       :  Compile with default (short) pointers."
-$       WRITE SYS$OUTPUT -
-         "    32       :  Compile with 32-bit (short) pointers."
-$       WRITE SYS$OUTPUT -
-         "    64       :  Compile with 64-bit (long) pointers (auto ARGV)."
-$       WRITE SYS$OUTPUT -
-         "    64=      :  Compile with 64-bit (long) pointers (no ARGV)."
-$       WRITE SYS$OUTPUT -
-         "    64=ARGV  :  Compile with 64-bit (long) pointers (ARGV)."
-$       WRITE SYS$OUTPUT ""
-$! 
-$!      Time To EXIT.
-$!
-$       EXIT
-$!
-$     ENDIF
-$!
-$   ENDIF
-$!
-$! End The P6 (POINTER_SIZE) Check.
-$!
-$ ENDIF
-$!
-$! Set basic C compiler /INCLUDE directories.
-$!
-$ CC_INCLUDES = "SYS$DISK:[-.CRYPTO],SYS$DISK:[-]"
-$!
-$! Check To See If P3 Is Blank.
-$!
-$ IF (P3.EQS."")
-$ THEN
-$!
-$!  O.K., The User Didn't Specify A Compiler, Let's Try To
-$!  Find Out Which One To Use.
-$!
-$!  Check To See If We Have GNU C.
-$!
-$   IF (F$TRNLNM("GNU_CC").NES."")
-$   THEN
-$!
-$!    Looks Like GNUC, Set To Use GNUC.
-$!
-$     P3 = "GNUC"
-$!
-$!  End The GNU C Compiler Check.
-$!
-$   ELSE
-$!
-$!  Check To See If We Have VAXC Or DECC.
-$!
-$     IF (ARCH.NES."VAX").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
-$     THEN 
-$!
-$!      Looks Like DECC, Set To Use DECC.
-$!
-$       P3 = "DECC"
-$!
-$!      Else...
-$!
-$     ELSE
-$!
-$!      Looks Like VAXC, Set To Use VAXC.
-$!
-$       P3 = "VAXC"
-$!
-$!    End The VAXC Compiler Check.
-$!
-$     ENDIF
-$!
-$!  End The DECC & VAXC Compiler Check.
-$!
-$   ENDIF
-$!
-$!  End The Compiler Check.
-$!
-$ ENDIF
-$!
-$! Check To See If We Have A Option For P4.
-$!
-$ IF (P4.EQS."")
-$ THEN
-$!
-$!  Find out what socket library we have available
-$!
-$   IF F$PARSE("SOCKETSHR:") .NES. ""
-$   THEN
-$!
-$!    We have SOCKETSHR, and it is my opinion that it's the best to use.
-$!
-$     P4 = "SOCKETSHR"
-$!
-$!    Tell the user
-$!
-$     WRITE SYS$OUTPUT "Using SOCKETSHR for TCP/IP"
-$!
-$!    Else, let's look for something else
-$!
-$   ELSE
-$!
-$!    Like UCX (the reason to do this before Multinet is that the UCX
-$!    emulation is easier to use...)
-$!
-$     IF F$TRNLNM("UCX$IPC_SHR") .NES. "" -
-         .OR. F$PARSE("SYS$SHARE:UCX$IPC_SHR.EXE") .NES. "" -
-         .OR. F$PARSE("SYS$LIBRARY:UCX$IPC.OLB") .NES. ""
-$     THEN
-$!
-$!      Last resort: a UCX or UCX-compatible library
-$!
-$       P4 = "UCX"
-$!
-$!      Tell the user
-$!
-$       WRITE SYS$OUTPUT "Using UCX or an emulation thereof for TCP/IP"
-$!
-$!      That was all...
-$!
-$     ENDIF
-$   ENDIF
-$ ENDIF
-$!
-$! Set Up Initial CC Definitions, Possibly With User Ones
-$!
-$ CCDEFS = "TCPIP_TYPE_''P4'"
-$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
-$ CCEXTRAFLAGS = ""
-$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = "" !!! "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
-$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
-        CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
-$!
-$! Check To See If We Have A ZLIB Option.
-$!
-$ ZLIB = P7
-$ IF (ZLIB .NES. "")
-$ THEN
-$!
-$!  Check for expected ZLIB files.
-$!
-$   err = 0
-$   file1 = f$parse( "zlib.h", ZLIB, , , "SYNTAX_ONLY")
-$   if (f$search( file1) .eqs. "")
-$   then
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid."
-$     WRITE SYS$OUTPUT "    Can't find header: ''file1'"
-$     err = 1
-$   endif
-$   file1 = f$parse( "A.;", ZLIB)- "A.;"
-$!
-$   file2 = f$parse( ZLIB, "libz.olb", , , "SYNTAX_ONLY")
-$   if (f$search( file2) .eqs. "")
-$   then
-$     if (err .eq. 0)
-$     then
-$       WRITE SYS$OUTPUT ""
-$       WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid."
-$     endif
-$     WRITE SYS$OUTPUT "    Can't find library: ''file2'"
-$     WRITE SYS$OUTPUT ""
-$     err = err+ 2
-$   endif
-$   if (err .eq. 1)
-$   then
-$     WRITE SYS$OUTPUT ""
-$   endif
-$!
-$   if (err .ne. 0)
-$   then
-$     EXIT
-$   endif
-$!
-$   CCDEFS = """ZLIB=1"", "+ CCDEFS
-$   CC_INCLUDES = CC_INCLUDES+ ", "+ file1
-$   ZLIB_LIB = ", ''file2' /library"
-$!
-$!  Print info
-$!
-$   WRITE SYS$OUTPUT "ZLIB library spec: ", file2
-$!
-$! End The ZLIB Check.
-$!
-$ ENDIF
-$!
-$!  Check To See If The User Entered A Valid Parameter.
-$!
-$ IF (P3.EQS."VAXC").OR.(P3.EQS."DECC").OR.(P3.EQS."GNUC")
-$ THEN
-$!
-$!  Check To See If The User Wanted DECC.
-$!
-$   IF (P3.EQS."DECC")
-$   THEN
-$!
-$!    Looks Like DECC, Set To Use DECC.
-$!
-$     COMPILER = "DECC"
-$!
-$!    Tell The User We Are Using DECC.
-$!
-$     WRITE SYS$OUTPUT "Using DECC 'C' Compiler."
-$!
-$!    Use DECC...
-$!
-$     CC = "CC"
-$     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
-         THEN CC = "CC/DECC"
-$     CC = CC + " /''CC_OPTIMIZE' /''DEBUGGER' /STANDARD=RELAXED"+ -
-       "''POINTER_SIZE' /NOLIST /PREFIX=ALL" + -
-       " /INCLUDE=(''CC_INCLUDES') " + CCEXTRAFLAGS
-$!
-$!    Define The Linker Options File Name.
-$!
-$     OPT_FILE = "VAX_DECC_OPTIONS.OPT"
-$!
-$!  End DECC Check.
-$!
-$   ENDIF
-$!
-$!  Check To See If We Are To Use VAXC.
-$!
-$   IF (P3.EQS."VAXC")
-$   THEN
-$!
-$!    Looks Like VAXC, Set To Use VAXC.
-$!
-$     COMPILER = "VAXC"
-$!
-$!    Tell The User We Are Using VAX C.
-$!
-$     WRITE SYS$OUTPUT "Using VAXC 'C' Compiler."
-$!
-$!    Compile Using VAXC.
-$!
-$     CC = "CC"
-$     IF ARCH.NES."VAX"
-$     THEN
-$       WRITE SYS$OUTPUT "There is no VAX C on ''ARCH'!"
-$       EXIT
-$     ENDIF
-$     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
-$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-           "/INCLUDE=(''CC_INCLUDES')" + CCEXTRAFLAGS
-$     CCDEFS = CCDEFS + ",""VAXC"""
-$!
-$!    Define <sys> As SYS$COMMON:[SYSLIB]
-$!
-$     DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
-$!
-$!    Define The Linker Options File Name.
-$!
-$     OPT_FILE = "VAX_VAXC_OPTIONS.OPT"
-$!
-$!  End VAXC Check
-$!
-$   ENDIF
-$!
-$!  Check To See If We Are To Use GNU C.
-$!
-$   IF (P3.EQS."GNUC")
-$   THEN
-$!
-$!    Looks Like GNUC, Set To Use GNUC.
-$!
-$     COMPILER = "GNUC"
-$!
-$!    Tell The User We Are Using GNUC.
-$!
-$     WRITE SYS$OUTPUT "Using GNU 'C' Compiler."
-$!
-$!    Use GNU C...
-$!
-$     IF F$TYPE(GCC) .EQS. "" THEN GCC := GCC
-$     CC = GCC+"/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-           "/INCLUDE=(''CC_INCLUDES')" + CCEXTRAFLAGS
-$!
-$!    Define The Linker Options File Name.
-$!
-$     OPT_FILE = "VAX_GNUC_OPTIONS.OPT"
-$!
-$!  End The GNU C Check.
-$!
-$   ENDIF
-$!
-$!  Set up default defines
-$!
-$   CCDEFS = """FLAT_INC=1""," + CCDEFS
-$!
-$!  Finish up the definition of CC.
-$!
-$   IF COMPILER .EQS. "DECC"
-$   THEN
-$     IF CCDISABLEWARNINGS .EQS. ""
-$     THEN
-$       CC4DISABLEWARNINGS = "DOLLARID"
-$     ELSE
-$       CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID"
-$       CCDISABLEWARNINGS = " /WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
-$     ENDIF
-$     CC4DISABLEWARNINGS = " /WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
-$   ELSE
-$     CCDISABLEWARNINGS = ""
-$     CC4DISABLEWARNINGS = ""
-$   ENDIF
-$   CC2 = CC + " /DEFINE=(" + CCDEFS + ",_POSIX_C_SOURCE)" + CCDISABLEWARNINGS
-$   CC3 = CC + " /DEFINE=(" + CCDEFS + ISSEVEN + ")" + CCDISABLEWARNINGS
-$   CC = CC + " /DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
-$   IF COMPILER .EQS. "DECC"
-$   THEN
-$     CC4 = CC - CCDISABLEWARNINGS + CC4DISABLEWARNINGS
-$     CC5 = CC3 - CCDISABLEWARNINGS + CC4DISABLEWARNINGS
-$   ELSE
-$     CC4 = CC
-$     CC5 = CC3
-$   ENDIF
-$!
-$!  Show user the result
-$!
-$   WRITE/SYMBOL SYS$OUTPUT "Main Compiling Command: ",CC
-$!
-$!  Else The User Entered An Invalid Argument.
-$!
-$ ELSE
-$!
-$!  Tell The User We Don't Know What They Want.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The Option ",P3," Is Invalid.  The Valid Options Are:"
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "    VAXC  :  To Compile With VAX C."
-$   WRITE SYS$OUTPUT "    DECC  :  To Compile With DEC C."
-$   WRITE SYS$OUTPUT "    GNUC  :  To Compile With GNU C."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Time To EXIT.
-$!
-$   EXIT
-$ ENDIF
-$!
-$! Time to check the contents, and to make sure we get the correct library.
-$!
-$ IF P4.EQS."SOCKETSHR" .OR. P4.EQS."MULTINET" .OR. P4.EQS."UCX" -
-     .OR. P4.EQS."TCPIP" .OR. P4.EQS."NONE"
-$ THEN
-$!
-$!  Check to see if SOCKETSHR was chosen
-$!
-$   IF P4.EQS."SOCKETSHR"
-$   THEN
-$!
-$!    Set the library to use SOCKETSHR
-$!
-$     TCPIP_LIB = ",SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT /OPTIONS"
-$!
-$!    Done with SOCKETSHR
-$!
-$   ENDIF
-$!
-$!  Check to see if MULTINET was chosen
-$!
-$   IF P4.EQS."MULTINET"
-$   THEN
-$!
-$!    Set the library to use UCX emulation.
-$!
-$     P4 = "UCX"
-$!
-$!    Done with MULTINET
-$!
-$   ENDIF
-$!
-$!  Check to see if UCX was chosen
-$!
-$   IF P4.EQS."UCX"
-$   THEN
-$!
-$!    Set the library to use UCX.
-$!
-$     TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT /OPTIONS"
-$     IF F$TRNLNM("UCX$IPC_SHR") .NES. ""
-$     THEN
-$       TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT /OPTIONS"
-$     ELSE
-$       IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN -
-          TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT /OPTIONS"
-$     ENDIF
-$!
-$!    Done with UCX
-$!
-$   ENDIF
-$!
-$!  Check to see if TCPIP was chosen
-$!
-$   IF P4.EQS."TCPIP"
-$   THEN
-$!
-$!    Set the library to use TCPIP (post UCX).
-$!
-$     TCPIP_LIB = ",SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT /OPTIONS"
-$!
-$!    Done with TCPIP
-$!
-$   ENDIF
-$!
-$!  Check to see if NONE was chosen
-$!
-$   IF P4.EQS."NONE"
-$   THEN
-$!
-$!    Do not use a TCPIP library.
-$!
-$     TCPIP_LIB = ""
-$!
-$!    Done with NONE
-$!
-$   ENDIF
-$!
-$!  Print info
-$!
-$   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB- ","
-$!
-$!  Else The User Entered An Invalid Argument.
-$!
-$ ELSE
-$!
-$!  Tell The User We Don't Know What They Want.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The Option ",P4," Is Invalid.  The Valid Options Are:"
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "    SOCKETSHR  :  To link with SOCKETSHR TCP/IP library."
-$   WRITE SYS$OUTPUT "    UCX        :  To link with UCX TCP/IP library."
-$   WRITE SYS$OUTPUT "    TCPIP      :  To link with TCPIP (post UCX) TCP/IP library."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Time To EXIT.
-$!
-$   EXIT
-$!
-$!  Done with TCP/IP libraries
-$!
-$ ENDIF
-$!
-$!  Time To RETURN...
-$!
-$ RETURN
-$!
-$ INITIALISE:
-$!
-$! Save old value of the logical name OPENSSL
-$!
-$ __SAVE_OPENSSL = F$TRNLNM("OPENSSL","LNM$PROCESS_TABLE")
-$!
-$! Save directory information
-$!
-$ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A.;"
-$ __HERE = F$EDIT(__HERE,"UPCASE")
-$ __TOP = __HERE - "SSL]"
-$ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
-$!
-$! Set up the logical name OPENSSL to point at the include directory
-$!
-$ DEFINE OPENSSL/NOLOG '__INCLUDE'
-$!
-$! Done
-$!
-$ RETURN
-$!
-$ CLEANUP:
-$!
-$! Restore the logical name OPENSSL if it had a value
-$!
-$ IF __SAVE_OPENSSL .EQS. ""
-$ THEN
-$   DEASSIGN OPENSSL
-$ ELSE
-$   DEFINE/NOLOG OPENSSL '__SAVE_OPENSSL'
-$ ENDIF
-$!
-$! Done
-$!
-$ RETURN
diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h
index 8b0c2a2dac..7219a0e64b 100644
--- a/src/lib/libssl/src/ssl/ssl.h
+++ b/src/lib/libssl/src/ssl/ssl.h
@@ -493,6 +493,9 @@ struct ssl_session_st
         char *psk_identity_hint;
         char *psk_identity;
 #endif
+        /* Used to indicate that session resumption is not allowed.
+         * Applications can also set this bit for a new session via
+         * not_resumable_session_cb to disable session caching and tickets. */
         int not_resumable;
 
         /* The cert is the certificate used to establish this connection */
@@ -535,7 +538,7 @@ struct ssl_session_st
 #endif /* OPENSSL_NO_EC */
         /* RFC4507 info */
         unsigned char *tlsext_tick;     /* Session ticket */
-        size_t  tlsext_ticklen;         /* Session ticket length */     
+        size_t tlsext_ticklen;          /* Session ticket length */
         long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
 #endif
 #ifndef OPENSSL_NO_SRP
@@ -552,11 +555,14 @@ struct ssl_session_st
 #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG         0x00000008L
 #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG              0x00000010L
 #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER               0x00000020L
-#define SSL_OP_MSIE_SSLV2_RSA_PADDING                   0x00000040L /* no effect since 0.9.7h and 0.9.8b */
+#define SSL_OP_SAFARI_ECDHE_ECDSA_BUG                   0x00000040L
 #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG                 0x00000080L
 #define SSL_OP_TLS_D5_BUG                               0x00000100L
 #define SSL_OP_TLS_BLOCK_PADDING_BUG                    0x00000200L
 
+/* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */
+#define SSL_OP_MSIE_SSLV2_RSA_PADDING                   0x0
+
 /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
  * in OpenSSL 0.9.6d.  Usually (depending on the application protocol)
  * the workaround is not needed.  Unfortunately some broken SSL/TLS
@@ -638,6 +644,12 @@ struct ssl_session_st
  * TLS only.)  "Released" buffers are put onto a free-list in the context
  * or just freed (depending on the context's setting for freelist_max_len). */
 #define SSL_MODE_RELEASE_BUFFERS 0x00000010L
+/* Send the current time in the Random fields of the ClientHello and
+ * ServerHello records for compatibility with hypothetical implementations
+ * that require it.
+ */
+#define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L
+#define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L
 
 /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
  * they cannot be used to clear bits. */
@@ -903,7 +915,7 @@ struct ssl_ctx_st
          */
         unsigned int max_send_fragment;
 
-#ifndef OPENSSL_ENGINE
+#ifndef OPENSSL_NO_ENGINE
         /* Engine to pass requests for client certs to
          */
         ENGINE *client_cert_engine;
@@ -927,6 +939,7 @@ struct ssl_ctx_st
         /* Callback for status request */
         int (*tlsext_status_cb)(SSL *ssl, void *arg);
         void *tlsext_status_arg;
+
         /* draft-rescorla-tls-opaque-prf-input-00.txt information */
         int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg);
         void *tlsext_opaque_prf_input_callback_arg;
@@ -952,6 +965,7 @@ struct ssl_ctx_st
 #endif
 
 #ifndef OPENSSL_NO_TLSEXT
+
 # ifndef OPENSSL_NO_NEXTPROTONEG
         /* Next protocol negotiation information */
         /* (for experimental NPN extension). */
@@ -2206,6 +2220,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL_GET_NEW_SESSION                        181
 #define SSL_F_SSL_GET_PREV_SESSION                       217
 #define SSL_F_SSL_GET_SERVER_SEND_CERT                   182
+#define SSL_F_SSL_GET_SERVER_SEND_PKEY                   317
 #define SSL_F_SSL_GET_SIGN_PKEY                          183
 #define SSL_F_SSL_INIT_WBIO_BUFFER                       184
 #define SSL_F_SSL_LOAD_CLIENT_CA_FILE                    185
diff --git a/src/lib/libssl/src/ssl/ssl3.h b/src/lib/libssl/src/ssl/ssl3.h
index 112e627de0..cb8b2492ec 100644
--- a/src/lib/libssl/src/ssl/ssl3.h
+++ b/src/lib/libssl/src/ssl/ssl3.h
@@ -539,6 +539,15 @@ typedef struct ssl3_state_st
         /* Set if we saw the Next Protocol Negotiation extension from our peer. */
         int next_proto_neg_seen;
 #endif
+
+#ifndef OPENSSL_NO_TLSEXT
+#ifndef OPENSSL_NO_EC
+        /* This is set to true if we believe that this is a version of Safari
+         * running on OS X 10.6 or newer. We wish to know this because Safari
+         * on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */
+        char is_probably_safari;
+#endif /* !OPENSSL_NO_EC */
+#endif /* !OPENSSL_NO_TLSEXT */
         } SSL3_STATE;
 
 #endif
@@ -578,8 +587,10 @@ typedef struct ssl3_state_st
 #define SSL3_ST_CW_CERT_VRFY_B          (0x191|SSL_ST_CONNECT)
 #define SSL3_ST_CW_CHANGE_A             (0x1A0|SSL_ST_CONNECT)
 #define SSL3_ST_CW_CHANGE_B             (0x1A1|SSL_ST_CONNECT)
+#ifndef OPENSSL_NO_NEXTPROTONEG
 #define SSL3_ST_CW_NEXT_PROTO_A         (0x200|SSL_ST_CONNECT)
 #define SSL3_ST_CW_NEXT_PROTO_B         (0x201|SSL_ST_CONNECT)
+#endif
 #define SSL3_ST_CW_FINISHED_A           (0x1B0|SSL_ST_CONNECT)
 #define SSL3_ST_CW_FINISHED_B           (0x1B1|SSL_ST_CONNECT)
 /* read from server */
@@ -629,8 +640,10 @@ typedef struct ssl3_state_st
 #define SSL3_ST_SR_CERT_VRFY_B          (0x1A1|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_CHANGE_A             (0x1B0|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_CHANGE_B             (0x1B1|SSL_ST_ACCEPT)
+#ifndef OPENSSL_NO_NEXTPROTONEG
 #define SSL3_ST_SR_NEXT_PROTO_A         (0x210|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_NEXT_PROTO_B         (0x211|SSL_ST_ACCEPT)
+#endif
 #define SSL3_ST_SR_FINISHED_A           (0x1C0|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_FINISHED_B           (0x1C1|SSL_ST_ACCEPT)
 /* write to client */
@@ -655,7 +668,9 @@ typedef struct ssl3_state_st
 #define SSL3_MT_CLIENT_KEY_EXCHANGE             16
 #define SSL3_MT_FINISHED                        20
 #define SSL3_MT_CERTIFICATE_STATUS              22
+#ifndef OPENSSL_NO_NEXTPROTONEG
 #define SSL3_MT_NEXT_PROTO                      67
+#endif
 #define DTLS1_MT_HELLO_VERIFY_REQUEST    3
 
 
diff --git a/src/lib/libssl/src/ssl/ssl_algs.c b/src/lib/libssl/src/ssl/ssl_algs.c
index d443143c59..9c34d19725 100644
--- a/src/lib/libssl/src/ssl/ssl_algs.c
+++ b/src/lib/libssl/src/ssl/ssl_algs.c
@@ -94,6 +94,7 @@ int SSL_library_init(void)
         EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1());
         EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
 #endif
+
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
         EVP_add_cipher(EVP_camellia_128_cbc());
diff --git a/src/lib/libssl/src/ssl/ssl_cert.c b/src/lib/libssl/src/ssl/ssl_cert.c
index 917be31876..5123a89182 100644
--- a/src/lib/libssl/src/ssl/ssl_cert.c
+++ b/src/lib/libssl/src/ssl/ssl_cert.c
@@ -164,14 +164,14 @@ static void ssl_cert_set_default_md(CERT *cert)
         {
         /* Set digest values to defaults */
 #ifndef OPENSSL_NO_DSA
-        cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_dss1();
+        cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1();
 #endif
 #ifndef OPENSSL_NO_RSA
         cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
         cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
 #endif
 #ifndef OPENSSL_NO_ECDSA
-        cert->pkeys[SSL_PKEY_ECC].digest = EVP_ecdsa();
+        cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
 #endif
         }
 
diff --git a/src/lib/libssl/src/ssl/ssl_ciph.c b/src/lib/libssl/src/ssl/ssl_ciph.c
index 92d1e94d6a..0aba8e048c 100644
--- a/src/lib/libssl/src/ssl/ssl_ciph.c
+++ b/src/lib/libssl/src/ssl/ssl_ciph.c
@@ -312,6 +312,7 @@ static const SSL_CIPHER cipher_aliases[]={
         {0,SSL_TXT_SSLV2,0,   0,0,0,0,SSL_SSLV2, 0,0,0,0},
         {0,SSL_TXT_SSLV3,0,   0,0,0,0,SSL_SSLV3, 0,0,0,0},
         {0,SSL_TXT_TLSV1,0,   0,0,0,0,SSL_TLSV1, 0,0,0,0},
+        {0,SSL_TXT_TLSV1_2,0, 0,0,0,0,SSL_TLSV1_2, 0,0,0,0},
 
         /* export flag */
         {0,SSL_TXT_EXP,0,     0,0,0,0,0,SSL_EXPORT,0,0,0},
@@ -1150,9 +1151,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
                         while ( ((ch >= 'A') && (ch <= 'Z')) ||
                                 ((ch >= '0') && (ch <= '9')) ||
                                 ((ch >= 'a') && (ch <= 'z')) ||
-                                 (ch == '-'))
+                                 (ch == '-') || (ch == '.'))
 #else
-                        while ( isalnum(ch) || (ch == '-'))
+                        while ( isalnum(ch) || (ch == '-') || (ch == '.'))
 #endif
                                  {
                                  ch = *(++l);
diff --git a/src/lib/libssl/src/ssl/ssl_err.c b/src/lib/libssl/src/ssl/ssl_err.c
index 2577c6895a..370fb57e3b 100644
--- a/src/lib/libssl/src/ssl/ssl_err.c
+++ b/src/lib/libssl/src/ssl/ssl_err.c
@@ -228,6 +228,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION),   "SSL_GET_NEW_SESSION"},
 {ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION),  "SSL_GET_PREV_SESSION"},
 {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT),      "SSL_GET_SERVER_SEND_CERT"},
+{ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_PKEY),      "SSL_GET_SERVER_SEND_PKEY"},
 {ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY),     "SSL_GET_SIGN_PKEY"},
 {ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER),  "SSL_INIT_WBIO_BUFFER"},
 {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE),       "SSL_load_client_CA_file"},
diff --git a/src/lib/libssl/src/ssl/ssl_lib.c b/src/lib/libssl/src/ssl/ssl_lib.c
index c91f0018e4..f052deeb97 100644
--- a/src/lib/libssl/src/ssl/ssl_lib.c
+++ b/src/lib/libssl/src/ssl/ssl_lib.c
@@ -597,8 +597,10 @@ void SSL_free(SSL *s)
                 OPENSSL_free(s->next_proto_negotiated);
 #endif
 
+#ifndef OPENSSL_NO_SRTP
         if (s->srtp_profiles)
             sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
+#endif
 
         OPENSSL_free(s);
         }
@@ -1792,7 +1794,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
         CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
 
         ret->extra_certs=NULL;
-        ret->comp_methods=SSL_COMP_get_compression_methods();
+        /* No compression for DTLS */
+        if (meth->version != DTLS1_VERSION)
+                ret->comp_methods=SSL_COMP_get_compression_methods();
 
         ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
 
@@ -1949,8 +1953,10 @@ void SSL_CTX_free(SSL_CTX *a)
         a->comp_methods = NULL;
 #endif
 
+#ifndef OPENSSL_NO_SRTP
         if (a->srtp_profiles)
                 sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
+#endif
 
 #ifndef OPENSSL_NO_PSK
         if (a->psk_identity_hint)
@@ -2284,7 +2290,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
 #endif
 
 /* THIS NEEDS CLEANING UP */
-X509 *ssl_get_server_send_cert(SSL *s)
+CERT_PKEY *ssl_get_server_send_pkey(const SSL *s)
         {
         unsigned long alg_k,alg_a;
         CERT *c;
@@ -2339,12 +2345,20 @@ X509 *ssl_get_server_send_cert(SSL *s)
                 i=SSL_PKEY_GOST01;
         else /* if (alg_a & SSL_aNULL) */
                 {
-                SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,ERR_R_INTERNAL_ERROR);
+                SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY,ERR_R_INTERNAL_ERROR);
                 return(NULL);
                 }
-        if (c->pkeys[i].x509 == NULL) return(NULL);
 
-        return(c->pkeys[i].x509);
+        return c->pkeys + i;
+        }
+
+X509 *ssl_get_server_send_cert(const SSL *s)
+        {
+        CERT_PKEY *cpk;
+        cpk = ssl_get_server_send_pkey(s);
+        if (!cpk)
+                return NULL;
+        return cpk->x509;
         }
 
 EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher, const EVP_MD **pmd)
@@ -2605,7 +2619,7 @@ const char *SSL_get_version(const SSL *s)
                 return("TLSv1.2");
         else if (s->version == TLS1_1_VERSION)
                 return("TLSv1.1");
-        if (s->version == TLS1_VERSION)
+        else if (s->version == TLS1_VERSION)
                 return("TLSv1");
         else if (s->version == SSL3_VERSION)
                 return("SSLv3");
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index c3c4c21d38..e485907748 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -841,13 +841,15 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk);
 int ssl_undefined_function(SSL *s);
 int ssl_undefined_void_function(void);
 int ssl_undefined_const_function(const SSL *s);
-X509 *ssl_get_server_send_cert(SSL *);
+CERT_PKEY *ssl_get_server_send_pkey(const SSL *s);
+X509 *ssl_get_server_send_cert(const SSL *);
 EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *c, const EVP_MD **pmd);
 int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
 void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher);
 STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
 int ssl_verify_alarm_type(long type);
 void ssl_load_ciphers(void);
+int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len);
 
 int ssl2_enc_init(SSL *s, int client);
 int ssl2_generate_key_material(SSL *s);
@@ -1099,7 +1101,8 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d,
 int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
 int ssl_prepare_clienthello_tlsext(SSL *s);
 int ssl_prepare_serverhello_tlsext(SSL *s);
-int ssl_check_clienthello_tlsext(SSL *s);
+int ssl_check_clienthello_tlsext_early(SSL *s);
+int ssl_check_clienthello_tlsext_late(SSL *s);
 int ssl_check_serverhello_tlsext(SSL *s);
 
 #ifndef OPENSSL_NO_HEARTBEATS
diff --git a/src/lib/libssl/src/ssl/ssl_rsa.c b/src/lib/libssl/src/ssl/ssl_rsa.c
index c0960b5712..60e7b66859 100644
--- a/src/lib/libssl/src/ssl/ssl_rsa.c
+++ b/src/lib/libssl/src/ssl/ssl_rsa.c
@@ -710,7 +710,7 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
 
         ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */
 
-        in=BIO_new(BIO_s_file_internal());
+        in = BIO_new(BIO_s_file_internal());
         if (in == NULL)
                 {
                 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB);
@@ -723,14 +723,16 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
                 goto end;
                 }
 
-        x=PEM_read_bio_X509_AUX(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
+        x=PEM_read_bio_X509_AUX(in,NULL,ctx->default_passwd_callback,
+                                ctx->default_passwd_callback_userdata);
         if (x == NULL)
                 {
                 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB);
                 goto end;
                 }
 
-        ret=SSL_CTX_use_certificate(ctx,x);
+        ret = SSL_CTX_use_certificate(ctx, x);
+
         if (ERR_peek_error() != 0)
                 ret = 0;  /* Key/certificate mismatch doesn't imply ret==0 ... */
         if (ret)
@@ -742,13 +744,15 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
                 int r;
                 unsigned long err;
                 
-                if (ctx->extra_certs != NULL) 
+                if (ctx->extra_certs != NULL)
                         {
                         sk_X509_pop_free(ctx->extra_certs, X509_free);
                         ctx->extra_certs = NULL;
                         }
 
-                while ((ca = PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata))
+                while ((ca = PEM_read_bio_X509(in, NULL,
+                                        ctx->default_passwd_callback,
+                                        ctx->default_passwd_callback_userdata))
                         != NULL)
                         {
                         r = SSL_CTX_add_extra_chain_cert(ctx, ca);
diff --git a/src/lib/libssl/src/ssl/ssltest.c b/src/lib/libssl/src/ssl/ssltest.c
index a0e2af6647..4f80be8ee4 100644
--- a/src/lib/libssl/src/ssl/ssltest.c
+++ b/src/lib/libssl/src/ssl/ssltest.c
@@ -150,8 +150,6 @@
 #include <stdlib.h>
 #include <string.h>
 #include <time.h>
-#include <inttypes.h>
-#include <ctype.h>
 
 #define USE_SOCKETS
 #include "e_os.h"
@@ -545,8 +543,8 @@ int main(int argc, char *argv[])
         int comp = 0;
 #ifndef OPENSSL_NO_COMP
         COMP_METHOD *cm = NULL;
-#endif
         STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
+#endif
         int test_cipherlist = 0;
 #ifdef OPENSSL_FIPS
         int fips_mode=0;
@@ -883,7 +881,13 @@ bad:
                 meth=SSLv23_method();
 #else
 #ifdef OPENSSL_NO_SSL2
-        meth=SSLv3_method();
+        if (tls1)
+                meth=TLSv1_method();
+        else
+        if (ssl3)
+                meth=SSLv3_method();
+        else
+                meth=SSLv23_method();
 #else
         meth=SSLv2_method();
 #endif
diff --git a/src/lib/libssl/src/ssl/t1_enc.c b/src/lib/libssl/src/ssl/t1_enc.c
index 638405ec39..0c4cddedf8 100644
--- a/src/lib/libssl/src/ssl/t1_enc.c
+++ b/src/lib/libssl/src/ssl/t1_enc.c
@@ -361,7 +361,7 @@ int tls1_change_cipher_state(SSL *s, int which)
         {
         int i;
         for (i=0; i<s->s3->tmp.key_block_length; i++)
-                printf("%02x", key_block[i]);  printf("\n");
+                printf("%02x", s->s3->tmp.key_block[i]);  printf("\n");
         }
 #endif  /* KSSL_DEBUG */
 
@@ -427,7 +427,7 @@ int tls1_change_cipher_state(SSL *s, int which)
                         s->write_hash = mac_ctx;
                         }
                 else
-                       mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
+                        mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
 #ifndef OPENSSL_NO_COMP
                 if (s->compress != NULL)
                         {
@@ -929,8 +929,8 @@ int tls1_final_finish_mac(SSL *s,
                         else
                                 {
                                 if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) ||
-                                    !EVP_DigestFinal_ex(&ctx,q,&i) ||
-                                    (i != (unsigned int)hashsize))
+                                        !EVP_DigestFinal_ex(&ctx,q,&i) ||
+                                        (i != (unsigned int)hashsize))
                                         err = 1;
                                 q+=hashsize;
                                 }
@@ -986,7 +986,8 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
                 }
                 else
                 {
-                        EVP_MD_CTX_copy(&hmac,hash);
+                        if (!EVP_MD_CTX_copy(&hmac,hash))
+                                return -1;
                         mac_ctx = &hmac;
                 }
 
diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c
index a649dafba9..bddffd92cc 100644
--- a/src/lib/libssl/src/ssl/t1_lib.c
+++ b/src/lib/libssl/src/ssl/t1_lib.c
@@ -342,19 +342,11 @@ static unsigned char tls12_sigalgs[] = {
 #ifndef OPENSSL_NO_SHA
         tlsext_sigalg(TLSEXT_hash_sha1)
 #endif
-#ifndef OPENSSL_NO_MD5
-        tlsext_sigalg_rsa(TLSEXT_hash_md5)
-#endif
 };
 
 int tls12_get_req_sig_algs(SSL *s, unsigned char *p)
         {
         size_t slen = sizeof(tls12_sigalgs);
-#ifdef OPENSSL_FIPS
-        /* If FIPS mode don't include MD5 which is last */
-        if (FIPS_mode())
-                slen -= 2;
-#endif
         if (p)
                 memcpy(p, tls12_sigalgs, slen);
         return (int)slen;
@@ -649,6 +641,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
                 }
 #endif
 
+#ifndef OPENSSL_NO_SRTP
         if(SSL_get_srtp_profiles(s))
                 {
                 int el;
@@ -667,6 +660,37 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
                         }
                 ret += el;
                 }
+#endif
+
+#ifdef TLSEXT_TYPE_padding
+        /* Add padding to workaround bugs in F5 terminators.
+         * See https://tools.ietf.org/html/draft-agl-tls-padding-03
+         *
+         * NB: because this code works out the length of all existing
+         * extensions it MUST always appear last.
+         */
+        {
+        int hlen = ret - (unsigned char *)s->init_buf->data;
+        /* The code in s23_clnt.c to build ClientHello messages includes the
+         * 5-byte record header in the buffer, while the code in s3_clnt.c does
+         * not. */
+        if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
+                hlen -= 5;
+        if (hlen > 0xff && hlen < 0x200)
+                {
+                hlen = 0x200 - hlen;
+                if (hlen >= 4)
+                        hlen -= 4;
+                else
+                        hlen = 0;
+
+                s2n(TLSEXT_TYPE_padding, ret);
+                s2n(hlen, ret);
+                memset(ret, 0, hlen);
+                ret += hlen;
+                }
+        }
+#endif
 
         if ((extdatalen = ret-p-2)== 0) 
                 return p;
@@ -781,6 +805,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
                 }
 #endif
 
+#ifndef OPENSSL_NO_SRTP
         if(s->srtp_profile)
                 {
                 int el;
@@ -799,6 +824,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
                         }
                 ret+=el;
                 }
+#endif
 
         if (((s->s3->tmp.new_cipher->id & 0xFFFF)==0x80 || (s->s3->tmp.new_cipher->id & 0xFFFF)==0x81) 
                 && (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG))
@@ -862,6 +888,89 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
         return ret;
         }
 
+#ifndef OPENSSL_NO_EC
+/* ssl_check_for_safari attempts to fingerprint Safari using OS X
+ * SecureTransport using the TLS extension block in |d|, of length |n|.
+ * Safari, since 10.6, sends exactly these extensions, in this order:
+ *   SNI,
+ *   elliptic_curves
+ *   ec_point_formats
+ *
+ * We wish to fingerprint Safari because they broke ECDHE-ECDSA support in 10.8,
+ * but they advertise support. So enabling ECDHE-ECDSA ciphers breaks them.
+ * Sadly we cannot differentiate 10.6, 10.7 and 10.8.4 (which work), from
+ * 10.8..10.8.3 (which don't work).
+ */
+static void ssl_check_for_safari(SSL *s, const unsigned char *data, const unsigned char *d, int n) {
+        unsigned short type, size;
+        static const unsigned char kSafariExtensionsBlock[] = {
+                0x00, 0x0a,  /* elliptic_curves extension */
+                0x00, 0x08,  /* 8 bytes */
+                0x00, 0x06,  /* 6 bytes of curve ids */
+                0x00, 0x17,  /* P-256 */
+                0x00, 0x18,  /* P-384 */
+                0x00, 0x19,  /* P-521 */
+
+                0x00, 0x0b,  /* ec_point_formats */
+                0x00, 0x02,  /* 2 bytes */
+                0x01,        /* 1 point format */
+                0x00,        /* uncompressed */
+        };
+
+        /* The following is only present in TLS 1.2 */
+        static const unsigned char kSafariTLS12ExtensionsBlock[] = {
+                0x00, 0x0d,  /* signature_algorithms */
+                0x00, 0x0c,  /* 12 bytes */
+                0x00, 0x0a,  /* 10 bytes */
+                0x05, 0x01,  /* SHA-384/RSA */
+                0x04, 0x01,  /* SHA-256/RSA */
+                0x02, 0x01,  /* SHA-1/RSA */
+                0x04, 0x03,  /* SHA-256/ECDSA */
+                0x02, 0x03,  /* SHA-1/ECDSA */
+        };
+
+        if (data >= (d+n-2))
+                return;
+        data += 2;
+
+        if (data > (d+n-4))
+                return;
+        n2s(data,type);
+        n2s(data,size);
+
+        if (type != TLSEXT_TYPE_server_name)
+                return;
+
+        if (data+size > d+n)
+                return;
+        data += size;
+
+        if (TLS1_get_client_version(s) >= TLS1_2_VERSION)
+                {
+                const size_t len1 = sizeof(kSafariExtensionsBlock);
+                const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock);
+
+                if (data + len1 + len2 != d+n)
+                        return;
+                if (memcmp(data, kSafariExtensionsBlock, len1) != 0)
+                        return;
+                if (memcmp(data + len1, kSafariTLS12ExtensionsBlock, len2) != 0)
+                        return;
+                }
+        else
+                {
+                const size_t len = sizeof(kSafariExtensionsBlock);
+
+                if (data + len != d+n)
+                        return;
+                if (memcmp(data, kSafariExtensionsBlock, len) != 0)
+                        return;
+                }
+
+        s->s3->is_probably_safari = 1;
+}
+#endif /* !OPENSSL_NO_EC */
+
 int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al)
         {
         unsigned short type;
@@ -882,6 +991,11 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                                SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
 #endif
 
+#ifndef OPENSSL_NO_EC
+        if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
+                ssl_check_for_safari(s, data, d, n);
+#endif /* !OPENSSL_NO_EC */
+
         if (data >= (d+n-2))
                 goto ri_check;
         n2s(data,len);
@@ -1077,7 +1191,8 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                         int ellipticcurvelist_length = (*(sdata++) << 8);
                         ellipticcurvelist_length += (*(sdata++));
 
-                        if (ellipticcurvelist_length != size - 2)
+                        if (ellipticcurvelist_length != size - 2 ||
+                                ellipticcurvelist_length < 1)
                                 {
                                 *al = TLS1_AD_DECODE_ERROR;
                                 return 0;
@@ -1176,7 +1291,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                                 }
                         }
                 else if (type == TLSEXT_TYPE_status_request &&
-                         s->version != DTLS1_VERSION && s->ctx->tlsext_status_cb)
+                         s->version != DTLS1_VERSION)
                         {
                 
                         if (size < 5) 
@@ -1328,12 +1443,14 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 #endif
 
                 /* session ticket processed earlier */
+#ifndef OPENSSL_NO_SRTP
                 else if (type == TLSEXT_TYPE_use_srtp)
-                        {
+                        {
                         if(ssl_parse_clienthello_use_srtp_ext(s, data, size,
                                                               al))
                                 return 0;
-                        }
+                        }
+#endif
 
                 data+=size;
                 }
@@ -1433,7 +1550,8 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                         unsigned char *sdata = data;
                         int ecpointformatlist_length = *(sdata++);
 
-                        if (ecpointformatlist_length != size - 1)
+                        if (ecpointformatlist_length != size - 1 || 
+                                ecpointformatlist_length < 1)
                                 {
                                 *al = TLS1_AD_DECODE_ERROR;
                                 return 0;
@@ -1527,7 +1645,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                         unsigned char selected_len;
 
                         /* We must have requested it. */
-                        if ((s->ctx->next_proto_select_cb == NULL))
+                        if (s->ctx->next_proto_select_cb == NULL)
                                 {
                                 *al = TLS1_AD_UNSUPPORTED_EXTENSION;
                                 return 0;
@@ -1577,12 +1695,14 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                                 }
                         }
 #endif
+#ifndef OPENSSL_NO_SRTP
                 else if (type == TLSEXT_TYPE_use_srtp)
-                        {
+                        {
                         if(ssl_parse_serverhello_use_srtp_ext(s, data, size,
                                                               al))
                                 return 0;
-                        }
+                        }
+#endif
 
                 data+=size;             
                 }
@@ -1763,7 +1883,7 @@ int ssl_prepare_serverhello_tlsext(SSL *s)
         return 1;
         }
 
-int ssl_check_clienthello_tlsext(SSL *s)
+int ssl_check_clienthello_tlsext_early(SSL *s)
         {
         int ret=SSL_TLSEXT_ERR_NOACK;
         int al = SSL_AD_UNRECOGNIZED_NAME;
@@ -1782,42 +1902,12 @@ int ssl_check_clienthello_tlsext(SSL *s)
         else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)             
                 ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);
 
-        /* If status request then ask callback what to do.
-         * Note: this must be called after servername callbacks in case 
-         * the certificate has changed.
-         */
-        if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb)
-                {
-                int r;
-                r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
-                switch (r)
-                        {
-                        /* We don't want to send a status request response */
-                        case SSL_TLSEXT_ERR_NOACK:
-                                s->tlsext_status_expected = 0;
-                                break;
-                        /* status request response should be sent */
-                        case SSL_TLSEXT_ERR_OK:
-                                if (s->tlsext_ocsp_resp)
-                                        s->tlsext_status_expected = 1;
-                                else
-                                        s->tlsext_status_expected = 0;
-                                break;
-                        /* something bad happened */
-                        case SSL_TLSEXT_ERR_ALERT_FATAL:
-                                ret = SSL_TLSEXT_ERR_ALERT_FATAL;
-                                al = SSL_AD_INTERNAL_ERROR;
-                                goto err;
-                        }
-                }
-        else
-                s->tlsext_status_expected = 0;
-
 #ifdef TLSEXT_TYPE_opaque_prf_input
         {
                 /* This sort of belongs into ssl_prepare_serverhello_tlsext(),
                  * but we might be sending an alert in response to the client hello,
-                 * so this has to happen here in ssl_check_clienthello_tlsext(). */
+                 * so this has to happen here in
+                 * ssl_check_clienthello_tlsext_early(). */
 
                 int r = 1;
         
@@ -1869,8 +1959,8 @@ int ssl_check_clienthello_tlsext(SSL *s)
                         }
         }
 
-#endif
  err:
+#endif
         switch (ret)
                 {
                 case SSL_TLSEXT_ERR_ALERT_FATAL:
@@ -1888,6 +1978,71 @@ int ssl_check_clienthello_tlsext(SSL *s)
                 }
         }
 
+int ssl_check_clienthello_tlsext_late(SSL *s)
+        {
+        int ret = SSL_TLSEXT_ERR_OK;
+        int al;
+
+        /* If status request then ask callback what to do.
+         * Note: this must be called after servername callbacks in case 
+         * the certificate has changed, and must be called after the cipher
+         * has been chosen because this may influence which certificate is sent
+         */
+        if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb)
+                {
+                int r;
+                CERT_PKEY *certpkey;
+                certpkey = ssl_get_server_send_pkey(s);
+                /* If no certificate can't return certificate status */
+                if (certpkey == NULL)
+                        {
+                        s->tlsext_status_expected = 0;
+                        return 1;
+                        }
+                /* Set current certificate to one we will use so
+                 * SSL_get_certificate et al can pick it up.
+                 */
+                s->cert->key = certpkey;
+                r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
+                switch (r)
+                        {
+                        /* We don't want to send a status request response */
+                        case SSL_TLSEXT_ERR_NOACK:
+                                s->tlsext_status_expected = 0;
+                                break;
+                        /* status request response should be sent */
+                        case SSL_TLSEXT_ERR_OK:
+                                if (s->tlsext_ocsp_resp)
+                                        s->tlsext_status_expected = 1;
+                                else
+                                        s->tlsext_status_expected = 0;
+                                break;
+                        /* something bad happened */
+                        case SSL_TLSEXT_ERR_ALERT_FATAL:
+                                ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+                                al = SSL_AD_INTERNAL_ERROR;
+                                goto err;
+                        }
+                }
+        else
+                s->tlsext_status_expected = 0;
+
+ err:
+        switch (ret)
+                {
+                case SSL_TLSEXT_ERR_ALERT_FATAL:
+                        ssl3_send_alert(s,SSL3_AL_FATAL,al); 
+                        return -1;
+
+                case SSL_TLSEXT_ERR_ALERT_WARNING:
+                        ssl3_send_alert(s,SSL3_AL_WARNING,al);
+                        return 1; 
+
+                default:
+                        return 1;
+                }
+        }
+
 int ssl_check_serverhello_tlsext(SSL *s)
         {
         int ret=SSL_TLSEXT_ERR_NOACK;
@@ -2189,7 +2344,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
         HMAC_Update(&hctx, etick, eticklen);
         HMAC_Final(&hctx, tick_hmac, NULL);
         HMAC_CTX_cleanup(&hctx);
-        if (timingsafe_bcmp(tick_hmac, etick + eticklen, mlen))
+        if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen))
                 return 2;
         /* Attempt to decrypt session data */
         /* Move p after IV to start of encrypted ticket, update length */
@@ -2319,14 +2474,6 @@ const EVP_MD *tls12_get_hash(unsigned char hash_alg)
         {
         switch(hash_alg)
                 {
-#ifndef OPENSSL_NO_MD5
-                case TLSEXT_hash_md5:
-#ifdef OPENSSL_FIPS
-                if (FIPS_mode())
-                        return NULL;
-#endif
-                return EVP_md5();
-#endif
 #ifndef OPENSSL_NO_SHA
                 case TLSEXT_hash_sha1:
                 return EVP_sha1();
@@ -2414,7 +2561,7 @@ int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
          */
 #ifndef OPENSSL_NO_DSA
         if (!c->pkeys[SSL_PKEY_DSA_SIGN].digest)
-                c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_dss1();
+                c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1();
 #endif
 #ifndef OPENSSL_NO_RSA
         if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest)
@@ -2425,7 +2572,7 @@ int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
 #endif
 #ifndef OPENSSL_NO_ECDSA
         if (!c->pkeys[SSL_PKEY_ECC].digest)
-                c->pkeys[SSL_PKEY_ECC].digest = EVP_ecdsa();
+                c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
 #endif
         return 1;
         }
diff --git a/src/lib/libssl/src/ssl/tls1.h b/src/lib/libssl/src/ssl/tls1.h
index c39c267f0b..c992091e30 100644
--- a/src/lib/libssl/src/ssl/tls1.h
+++ b/src/lib/libssl/src/ssl/tls1.h
@@ -230,6 +230,12 @@ extern "C" {
 /* ExtensionType value from RFC5620 */
 #define TLSEXT_TYPE_heartbeat   15
 
+/* ExtensionType value for TLS padding extension.
+ * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
+ * http://tools.ietf.org/html/draft-agl-tls-padding-03
+ */
+#define TLSEXT_TYPE_padding     21
+
 /* ExtensionType value from RFC4507 */
 #define TLSEXT_TYPE_session_ticket              35
 
diff --git a/src/lib/libssl/src/test/Makefile b/src/lib/libssl/src/test/Makefile
index 09e6848764..4c9eabcc21 100644
--- a/src/lib/libssl/src/test/Makefile
+++ b/src/lib/libssl/src/test/Makefile
@@ -246,7 +246,7 @@ test_ecdh:
 test_verify:
         @echo "The following command should have some OK's and some failures"
         @echo "There are definitly a few expired certificates"
-        ../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs ../certs/*.pem
+        ../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs/demo ../certs/demo/*.pem
 
 test_dh:
         @echo "Generate a set of DH parameters"
diff --git a/src/lib/libssl/src/test/bctest.com b/src/lib/libssl/src/test/bctest.com
deleted file mode 100644
index d7e5ec139e..0000000000
--- a/src/lib/libssl/src/test/bctest.com
+++ /dev/null
@@ -1,152 +0,0 @@
-$!
-$! Check operation of "bc".
-$!
-$! 2010-04-05 SMS.  New.  Based (loosely) on "bctest".
-$!
-$!
-$ tmp_file_name = "tmp.bctest"
-$ failure = ""
-$!
-$! Basic command test.
-$!
-$ on warning then goto bc_fail
-$ bc
-$ on error then exit
-$!
-$! Test for SunOS 5.[78] bc bug.
-$!
-$ if (failure .eqs. "")
-$ then
-$!
-$     define /user_mode sys$output 'tmp_file_name'
-$     bc
-obase=16
-ibase=16
-a=AD88C418F31B3FC712D0425001D522B3AE9134FF3A98C13C1FCC1682211195406C1A6C66C6A\
-CEEC1A0EC16950233F77F1C2F2363D56DD71A36C57E0B2511FC4BA8F22D261FE2E9356D99AF57\
-10F3817C0E05BF79C423C3F66FDF321BE8D3F18F625D91B670931C1EF25F28E489BDA1C5422D1\
-C3F6F7A1AD21585746ECC4F10A14A778AF56F08898E965E9909E965E0CB6F85B514150C644759\
-3BE731877B16EA07B552088FF2EA728AC5E0FF3A23EB939304519AB8B60F2C33D6BA0945B66F0\
-4FC3CADF855448B24A9D7640BCF473E
-b=DCE91E7D120B983EA9A104B5A96D634DD644C37657B1C7860B45E6838999B3DCE5A555583C6\
-9209E41F413422954175A06E67FFEF6746DD652F0F48AEFECC3D8CAC13523BDAAD3F5AF4212BD\
-8B3CD64126E1A82E190228020C05B91C8B141F1110086FC2A4C6ED631EBA129D04BB9A19FC53D\
-3ED0E2017D60A68775B75481449
-(a/b)*b + (a%b) - a
-$     status = $status
-$     output_expected = "0"
-$     gosub check_output
-$     if (output .ne. 1)
-$     then
-$         failure = "SunOStest"
-$     else
-$         delete 'f$parse( tmp_file_name)'
-$     endif
-$ endif
-$!
-$! Test for SCO bc bug.
-$!
-$ if (failure .eqs. "")
-$ then
-$!
-$     define /user_mode sys$output 'tmp_file_name'
-$     bc
-obase=16
-ibase=16
--FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4AEC6F15AC177F176F2274D2\
-9DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7F5ADFACEE54573F5D256A06\
-11B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99FB9812A0E4A5773D8B254117\
-1239157EC6E3D8D50199 * -FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4\
-AEC6F15AC177F176F2274D29DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7\
-F5ADFACEE54573F5D256A0611B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99F\
-B9812A0E4A5773D8B2541171239157EC6E3D8D50199 - FFBACC221682DA464B6D7F123482522\
-02EDAEDCA38C3B69E9B7BBCD6165A9CD8716C4903417F23C09A85B851961F92C217258CEEB866\
-85EFCC5DD131853A02C07A873B8E2AF2E40C6D5ED598CD0E8F35AD49F3C3A17FDB7653E4E2DC4\
-A8D23CC34686EE4AD01F7407A7CD74429AC6D36DBF0CB6A3E302D0E5BDFCD048A3B90C1BE5AA8\
-E16C3D5884F9136B43FF7BB443764153D4AEC176C681B078F4CC53D6EB6AB76285537DDEE7C18\
-8C72441B52EDBDDBC77E02D34E513F2AABF92F44109CAFE8242BD0ECBAC5604A94B02EA44D43C\
-04E9476E6FBC48043916BFA1485C6093603600273C9C33F13114D78064AE42F3DC466C7DA543D\
-89C8D71
-AD534AFBED2FA39EE9F40E20FCF9E2C861024DB98DDCBA1CD118C49CA55EEBC20D6BA51B2271C\
-928B693D6A73F67FEB1B4571448588B46194617D25D910C6A9A130CC963155CF34079CB218A44\
-8A1F57E276D92A33386DDCA3D241DB78C8974ABD71DD05B0FA555709C9910D745185E6FE108E3\
-37F1907D0C56F8BFBF52B9704 % -E557905B56B13441574CAFCE2BD257A750B1A8B2C88D0E36\
-E18EF7C38DAC80D3948E17ED63AFF3B3467866E3B89D09A81B3D16B52F6A3C7134D3C6F5123E9\
-F617E3145BBFBE9AFD0D6E437EA4FF6F04BC67C4F1458B4F0F47B64 - 1C2BBBB19B74E86FD32\
-9E8DB6A8C3B1B9986D57ED5419C2E855F7D5469E35E76334BB42F4C43E3F3A31B9697C171DAC4\
-D97935A7E1A14AD209D6CF811F55C6DB83AA9E6DFECFCD6669DED7171EE22A40C6181615CAF3F\
-5296964
-$     status = $status
-$     output_expected = "0\0"
-$     gosub check_output
-$     if (output .ne. 1)
-$     then
-$         failure = "SCOtest"
-$     else
-$         delete 'f$parse( tmp_file_name)'
-$     endif
-$ endif
-$!
-$! Test for working 'print' command.
-$!
-$ if (failure .eqs. "")
-$ then
-$!
-$     define /user_mode sys$output 'tmp_file_name'
-$     bc
-print "OK"
-$     status = $status
-$     output_expected = "OK"
-$     gosub check_output
-$     if (output .ne. 1)
-$     then
-$         failure = "printtest"
-$     else
-$         delete 'f$parse( tmp_file_name)'
-$     endif
-$ endif
-$!
-$ if (failure .nes. "")
-$ then
-$     write sys$output -
-       "No working bc found.  Consider installing GNU bc."
-$     exit %X00030000 ! %DCL-W-NORMAL
-$ endif
-$!
-$ exit
-$!
-$!
-$! Complete "bc" command failure.
-$!
-$ bc_fail:
-$ write sys$output -
-   "No ""bc"" program/symbol found.  Consider installing GNU bc."
-$ exit %X00030000 ! %DCL-W-NORMAL
-$!
-$!
-$! Output check subroutine.
-$!
-$ check_output:
-$     eof = 0
-$     line_nr = 0
-$     open /read tmp_file 'tmp_file_name'
-$     c_o_loop:
-$         read /error = error_read tmp_file line
-$         goto ok_read
-$         error_read:
-$         eof = 1
-$         ok_read:
-$         line_expected = f$element( line_nr, "\", output_expected)
-$         line_nr = line_nr+ 1
-$     if ((line_expected .nes. "\") .and. (.not. eof) .and. -
-       (line_expected .eqs. line)) then goto c_o_loop
-$!
-$     if ((line_expected .eqs. "\") .and. eof)
-$     then
-$         output = 1
-$     else
-$         output = 0
-$     endif
-$     close tmp_file
-$ return
-$!
diff --git a/src/lib/libssl/src/test/bntest.com b/src/lib/libssl/src/test/bntest.com
deleted file mode 100644
index 6545d2e5a5..0000000000
--- a/src/lib/libssl/src/test/bntest.com
+++ /dev/null
@@ -1,76 +0,0 @@
-$!
-$! Analyze bntest output file.
-$!
-$! Exit status = 1 (success) if all tests passed,
-$!               0 (warning) if any test failed.
-$!
-$! 2011-02-20 SMS.  Added code to skip "#" comments in the input file.
-$!
-$! 2010-04-05 SMS.  New.  Based (loosely) on perl code in bntest-vms.sh.
-$!
-$!                  Expect data like:
-$!                        test test_name1
-$!                        0
-$!                        [...]
-$!                        test test_name2
-$!                        0
-$!                        [...]
-$!                        [...]
-$!
-$!                  Some tests have no following "0" lines.
-$!
-$ result_file_name = f$edit( p1, "TRIM")
-$ if (result_file_name .eqs. "")
-$ then
-$     result_file_name = "bntest-vms.out"
-$ endif
-$!
-$ fail = 0
-$ passed = 0
-$ tests = 0
-$!
-$ on control_c then goto tidy
-$ on error then goto tidy
-$!
-$ open /read result_file 'result_file_name'
-$!
-$ read_loop:
-$     read /end = read_loop_end /error = tidy result_file line
-$     t1 = f$element( 0, " ", line)
-$!
-$!    Skip "#" comment lines.
-$     if (f$extract( 0, 1, f$edit( line, "TRIM")) .eqs. "#") then -
-       goto read_loop
-$!
-$     if (t1 .eqs. "test")
-$     then
-$         passed = passed+ 1
-$         tests = tests+ 1
-$         fail = 1
-$         t2 = f$extract( 5, 1000, line)
-$         write sys$output "verify ''t2'"
-$     else
-$         if (t1 .nes. "0")
-$         then
-$             write sys$output "Failed! bc: ''line'"
-$             passed = passed- fail
-$             fail = 0
-$         endif
-$     endif
-$ goto read_loop
-$ read_loop_end:
-$ write sys$output "''passed'/''tests' tests passed"
-$!
-$ tidy:
-$ if f$trnlnm( "result_file", "LNM$PROCESS_TABLE", , "SUPERVISOR", , "CONFINE")
-$ then
-$     close result_file
-$ endif
-$!
-$ if ((tests .gt. 0) .and. (tests .eq. passed))
-$ then
-$    exit 1
-$ else
-$    exit 0
-$ endif
-$!
diff --git a/src/lib/libssl/src/test/clean_test.com b/src/lib/libssl/src/test/clean_test.com
deleted file mode 100755
index 7df633fbef..0000000000
--- a/src/lib/libssl/src/test/clean_test.com
+++ /dev/null
@@ -1,35 +0,0 @@
-$!
-$! Delete various test results files.
-$!
-$ def_orig = f$environment( "default")
-$ proc = f$environment( "procedure")
-$ proc_dev_dir = f$parse( "A.;", proc) - "A.;"
-$!
-$ on control_c then goto tidy
-$ on error then goto tidy
-$!
-$ set default 'proc_dev_dir'
-$!
-$ files := *.cms;*, *.srl;*, *.ss;*, -
-   cms.err;*, cms.out;*, newreq.pem;*, -
-   p.txt-zlib-cipher;*, -
-   smtst.txt;*, testkey.pem;*, testreq.pem;*, -
-   test_*.err;*, test_*.out;*, -
-   .rnd;*
-$!
-$ delim = ","
-$ i = 0
-$ loop:
-$    file = f$edit( f$element( i, delim, files), "trim")
-$    if (file .eqs. delim) then goto loop_end
-$    if (f$search( file) .nes. "") then -
-      delete 'p1' 'file'
-$    i = i+ 1
-$ goto loop
-$ loop_end:
-$!
-$ tidy:
-$ 
-$ if (f$type( def_orig) .nes. "") then -
-   set default 'def_orig'
-$!
diff --git a/src/lib/libssl/src/test/maketests.com b/src/lib/libssl/src/test/maketests.com
deleted file mode 100644
index 9b64cba234..0000000000
--- a/src/lib/libssl/src/test/maketests.com
+++ /dev/null
@@ -1,1087 +0,0 @@
-$!
-$!  MAKETESTS.COM
-$!  Written By:  Robert Byer
-$!               Vice-President
-$!               A-Com Computing, Inc.
-$!               byer@mail.all-net.net
-$!
-$!  Changes by Richard Levitte <richard@levitte.org>
-$!
-$!  This command files compiles and creates all the various different
-$!  "test" programs for the different types of encryption for OpenSSL.
-$!  It was written so it would try to determine what "C" compiler to
-$!  use or you can specify which "C" compiler to use.
-$!
-$!  The test "executables" will be placed in a directory called
-$!  [.xxx.EXE.TEST] where "xxx" denotes ALPHA, IA64, or VAX, depending
-$!  on your machine architecture.
-$!
-$!  Specify DEBUG or NODEBUG P1 to compile with or without debugger
-$!  information.
-$!
-$!  Specify which compiler at P2 to try to compile under.
-$!
-$!         VAXC  For VAX C.
-$!         DECC  For DEC C.
-$!         GNUC  For GNU C.
-$!
-$!  If you don't specify a compiler, it will try to determine which
-$!  "C" compiler to use.
-$!
-$!  P3, if defined, sets a TCP/IP library to use, through one of the following
-$!  keywords:
-$!
-$!      UCX             for UCX
-$!      SOCKETSHR       for SOCKETSHR+NETLIB
-$!
-$!  P4, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
-$!
-$!
-$!  P5, if defined, specifies the C pointer size.  Ignored on VAX.
-$!      ("64=ARGV" gives more efficient code with HP C V7.3 or newer.)
-$!      Supported values are:
-$!
-$!      ""       Compile with default (/NOPOINTER_SIZE)
-$!      32       Compile with /POINTER_SIZE=32 (SHORT)
-$!      64       Compile with /POINTER_SIZE=64[=ARGV] (LONG[=ARGV])
-$!               (Automatically select ARGV if compiler supports it.)
-$!      64=      Compile with /POINTER_SIZE=64 (LONG).
-$!      64=ARGV  Compile with /POINTER_SIZE=64=ARGV (LONG=ARGV).
-$!
-$!  P6, if defined, specifies a directory where ZLIB files (zlib.h,
-$!  libz.olb) may be found.  Optionally, a non-default object library
-$!  name may be included ("dev:[dir]libz_64.olb", for example).
-$!
-$!
-$! Announce/identify.
-$!
-$ proc = f$environment( "procedure")
-$ write sys$output "@@@ "+ -
-   f$parse( proc, , , "name")+ f$parse( proc, , , "type")
-$!
-$! Define A TCP/IP Library That We Will Need To Link To.
-$! (That is, If We Need To Link To One.)
-$!
-$ TCPIP_LIB = ""
-$ ZLIB_LIB = ""
-$!
-$! Check Which Architecture We Are Using.
-$!
-$ if (f$getsyi( "cpu") .lt. 128)
-$ then
-$    ARCH = "VAX"
-$ else
-$    ARCH = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$    if (ARCH .eqs. "") then ARCH = "UNK"
-$ endif
-$!
-$ ARCHD = ARCH
-$ LIB32 = "32"
-$ OPT_FILE = ""
-$ POINTER_SIZE = ""
-$!
-$! Check To Make Sure We Have Valid Command Line Parameters.
-$!
-$ GOSUB CHECK_OPTIONS
-$!
-$! Define The OBJ and EXE Directories.
-$!
-$ OBJ_DIR := SYS$DISK:[-.'ARCHD'.OBJ.TEST]
-$ EXE_DIR := SYS$DISK:[-.'ARCHD'.EXE.TEST]
-$!
-$! Specify the destination directory in any /MAP option.
-$!
-$ if (LINKMAP .eqs. "MAP")
-$ then
-$   LINKMAP = LINKMAP+ "=''EXE_DIR'"
-$ endif
-$!
-$! Add the location prefix to the linker options file name.
-$!
-$ if (OPT_FILE .nes. "")
-$ then
-$   OPT_FILE = EXE_DIR+ OPT_FILE
-$ endif
-$!
-$! Initialise logical names and such
-$!
-$ GOSUB INITIALISE
-$!
-$! Tell The User What Kind of Machine We Run On.
-$!
-$ WRITE SYS$OUTPUT "Host system architecture: ''ARCHD'"
-$!
-$! Define The CRYPTO-LIB We Are To Use.
-$!
-$ CRYPTO_LIB := SYS$DISK:[-.'ARCHD'.EXE.CRYPTO]SSL_LIBCRYPTO'LIB32'.OLB
-$!
-$! Define The SSL We Are To Use.
-$!
-$ SSL_LIB := SYS$DISK:[-.'ARCHD'.EXE.SSL]SSL_LIBSSL'LIB32'.OLB
-$!
-$! Create the OBJ and EXE Directories, if needed.
-$!
-$ IF (F$PARSE(OBJ_DIR).EQS."") THEN -
-   CREATE /DIRECTORY 'OBJ_DIR'
-$ IF (F$PARSE(EXE_DIR).EQS."") THEN -
-   CREATE /DIRECTORY 'EXE_DIR'
-$!
-$! Check To See If We Have The Proper Libraries.
-$!
-$ GOSUB LIB_CHECK
-$!
-$! Check To See If We Have A Linker Option File.
-$!
-$ GOSUB CHECK_OPT_FILE
-$!
-$! Define The TEST Files.
-$! NOTE: Some might think this list ugly.  However, it's made this way to
-$! reflect the EXE variable in Makefile as closely as possible,
-$! thereby making it fairly easy to verify that the lists are the same.
-$!
-$ TEST_FILES = "BNTEST,ECTEST,ECDSATEST,ECDHTEST,IDEATEST,"+ -
-               "MD2TEST,MD4TEST,MD5TEST,HMACTEST,WP_TEST,"+ -
-               "RC2TEST,RC4TEST,RC5TEST,"+ -
-               "DESTEST,SHATEST,SHA1TEST,SHA256T,SHA512T,"+ -
-               "MDC2TEST,RMDTEST,"+ -
-               "RANDTEST,DHTEST,ENGINETEST,"+ -
-               "BFTEST,CASTTEST,SSLTEST,EXPTEST,DSATEST,RSA_TEST,"+ -
-               "EVP_TEST,IGETEST,JPAKETEST,SRPTEST,"+ -
-               "ASN1TEST"
-$! Should we add MTTEST,PQ_TEST,LH_TEST,DIVTEST,TABTEST as well?
-$!
-$! Additional directory information.
-$ T_D_BNTEST     := [-.crypto.bn]
-$ T_D_ECTEST     := [-.crypto.ec]
-$ T_D_ECDSATEST  := [-.crypto.ecdsa]
-$ T_D_ECDHTEST   := [-.crypto.ecdh]
-$ T_D_IDEATEST   := [-.crypto.idea]
-$ T_D_MD2TEST    := [-.crypto.md2]
-$ T_D_MD4TEST    := [-.crypto.md4]
-$ T_D_MD5TEST    := [-.crypto.md5]
-$ T_D_HMACTEST   := [-.crypto.hmac]
-$ T_D_WP_TEST    := [-.crypto.whrlpool]
-$ T_D_RC2TEST    := [-.crypto.rc2]
-$ T_D_RC4TEST    := [-.crypto.rc4]
-$ T_D_RC5TEST    := [-.crypto.rc5]
-$ T_D_DESTEST    := [-.crypto.des]
-$ T_D_SHATEST    := [-.crypto.sha]
-$ T_D_SHA1TEST   := [-.crypto.sha]
-$ T_D_SHA256T    := [-.crypto.sha]
-$ T_D_SHA512T    := [-.crypto.sha]
-$ T_D_MDC2TEST   := [-.crypto.mdc2]
-$ T_D_RMDTEST    := [-.crypto.ripemd]
-$ T_D_RANDTEST   := [-.crypto.rand]
-$ T_D_DHTEST     := [-.crypto.dh]
-$ T_D_ENGINETEST := [-.crypto.engine]
-$ T_D_BFTEST     := [-.crypto.bf]
-$ T_D_CASTTEST   := [-.crypto.cast]
-$ T_D_SSLTEST    := [-.ssl]
-$ T_D_EXPTEST    := [-.crypto.bn]
-$ T_D_DSATEST    := [-.crypto.dsa]
-$ T_D_RSA_TEST   := [-.crypto.rsa]
-$ T_D_EVP_TEST   := [-.crypto.evp]
-$ T_D_IGETEST    := [-.test]
-$ T_D_JPAKETEST  := [-.crypto.jpake]
-$ T_D_SRPTEST    := [-.crypto.srp]
-$ T_D_ASN1TEST   := [-.test]
-$!
-$ TCPIP_PROGRAMS = ",,"
-$ IF COMPILER .EQS. "VAXC" THEN -
-     TCPIP_PROGRAMS = ",SSLTEST,"
-$!
-$! Define A File Counter And Set It To "0".
-$!
-$ FILE_COUNTER = 0
-$!
-$! Top Of The File Loop.
-$!
-$ NEXT_FILE:
-$!
-$! O.K, Extract The File Name From The File List.
-$!
-$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",TEST_FILES)
-$!
-$! Check To See If We Are At The End Of The File List.
-$!
-$ IF (FILE_NAME.EQS.",") THEN GOTO FILE_DONE
-$!
-$! Increment The Counter.
-$!
-$ FILE_COUNTER = FILE_COUNTER + 1
-$!
-$! Create The Source File Name.
-$!
-$ SOURCE_FILE = "SYS$DISK:" + T_D_'FILE_NAME' + FILE_NAME + ".C"
-$!
-$! Create The Object File Name.
-$!
-$ OBJECT_FILE = OBJ_DIR + FILE_NAME + ".OBJ"
-$!
-$! Create The Executable File Name.
-$!
-$ EXE_FILE = EXE_DIR + FILE_NAME + ".EXE"
-$ ON WARNING THEN GOTO NEXT_FILE
-$!
-$! Check To See If The File We Want To Compile Actually Exists.
-$!
-$ IF (F$SEARCH(SOURCE_FILE).EQS."")
-$ THEN
-$!
-$!  Tell The User That The File Dosen't Exist.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Dosen't Exist."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Exit The Build.
-$!
-$   GOTO EXIT
-$ ENDIF
-$!
-$! Tell The User What We Are Building.
-$!
-$ WRITE SYS$OUTPUT "Building The ",FILE_NAME," Test Program."
-$!
-$! Compile The File.
-$!
-$ ON ERROR THEN GOTO NEXT_FILE
-$ CC /OBJECT='OBJECT_FILE' 'SOURCE_FILE'
-$ ON WARNING THEN GOTO NEXT_FILE
-$!
-$! Check If What We Are About To Compile Works Without A TCP/IP Library.
-$!
-$ IF ((TCPIP_LIB.EQS."").AND.((TCPIP_PROGRAMS-FILE_NAME).NES.TCPIP_PROGRAMS))
-$ THEN
-$!
-$!  Inform The User That A TCP/IP Library Is Needed To Compile This Program.
-$!
-$   WRITE SYS$OUTPUT -
-          FILE_NAME," Needs A TCP/IP Library.  Can't Link.  Skipping..."
-$   GOTO NEXT_FILE
-$!
-$! End The TCP/IP Library Check.
-$!
-$ ENDIF
-$!
-$! Link The Program, Check To See If We Need To Link With RSAREF Or Not.
-$! Check To See If We Are To Link With A Specific TCP/IP Library.
-$!
-$!  Don't Link With The RSAREF Routines And TCP/IP Library.
-$!
-$ LINK /'DEBUGGER' /'LINKMAP' /'TRACEBACK' /EXECTABLE = 'EXE_FILE' -
-   'OBJECT_FILE', -
-   'SSL_LIB' /LIBRARY, -
-   'CRYPTO_LIB' /LIBRARY -
-   'TCPIP_LIB' -
-   'ZLIB_LIB' -
-   ,'OPT_FILE' /OPTIONS
-$!
-$! Go Back And Do It Again.
-$!
-$ GOTO NEXT_FILE
-$!
-$! All Done With This Library Part.
-$!
-$ FILE_DONE:
-$!
-$! All Done, Time To Exit.
-$!
-$ EXIT:
-$ GOSUB CLEANUP
-$ EXIT
-$!
-$! Check For The Link Option FIle.
-$!
-$ CHECK_OPT_FILE:
-$!
-$! Check To See If We Need To Make A VAX C Option File.
-$!
-$ IF (COMPILER.EQS."VAXC")
-$ THEN
-$!
-$!  Check To See If We Already Have A VAX C Linker Option File.
-$!
-$   IF (F$SEARCH(OPT_FILE).EQS."")
-$   THEN
-$!
-$!    We Need A VAX C Linker Option File.
-$!
-$     CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File To Link Against 
-! The Sharable VAX C Runtime Library.
-!
-SYS$SHARE:VAXCRTL.EXE /SHAREABLE
-$EOD
-$!
-$!  End The Option File Check.
-$!
-$   ENDIF
-$!
-$! End The VAXC Check.
-$!
-$ ENDIF
-$!
-$! Check To See If We Need A GNU C Option File.
-$!
-$ IF (COMPILER.EQS."GNUC")
-$ THEN
-$!
-$!  Check To See If We Already Have A GNU C Linker Option File.
-$!
-$   IF (F$SEARCH(OPT_FILE).EQS."")
-$   THEN
-$!
-$!    We Need A GNU C Linker Option File.
-$!
-$     CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File To Link Against 
-! The Sharable C Runtime Library.
-!
-GNU_CC:[000000]GCCLIB.OLB /LIBRARY
-SYS$SHARE:VAXCRTL.EXE /SHAREABLE
-$EOD
-$!
-$!  End The Option File Check.
-$!
-$   ENDIF
-$!
-$! End The GNU C Check.
-$!
-$ ENDIF
-$!
-$! Check To See If We Need A DEC C Option File.
-$!
-$ IF (COMPILER.EQS."DECC")
-$ THEN
-$!
-$!  Check To See If We Already Have A DEC C Linker Option File.
-$!
-$   IF (F$SEARCH(OPT_FILE).EQS."")
-$   THEN
-$!
-$!    Figure Out If We Need A non-VAX Or A VAX Linker Option File.
-$!
-$     IF (ARCH.EQS."VAX")
-$     THEN
-$!
-$!      We Need A DEC C Linker Option File For VAX.
-$!
-$       CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File To Link Against 
-! The Sharable DEC C Runtime Library.
-!
-SYS$SHARE:DECC$SHR.EXE /SHAREABLE
-$EOD
-$!
-$!    Else...
-$!
-$     ELSE
-$!
-$!      Create The non-VAX Linker Option File.
-$!
-$       CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File For non-VAX To Link Against 
-! The Sharable C Runtime Library.
-!
-SYS$SHARE:CMA$OPEN_LIB_SHR.EXE /SHAREABLE
-SYS$SHARE:CMA$OPEN_RTL.EXE /SHAREABLE
-$EOD
-$!
-$!    End The DEC C Option File Check.
-$!
-$     ENDIF
-$!
-$!  End The Option File Search.
-$!
-$   ENDIF
-$!
-$! End The DEC C Check.
-$!
-$ ENDIF
-$!
-$!  Tell The User What Linker Option File We Are Using.
-$!
-$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"."     
-$!
-$! Time To RETURN.
-$!
-$ RETURN
-$!
-$! Check To See If We Have The Appropiate Libraries.
-$!
-$ LIB_CHECK:
-$!
-$! Look For The Library LIBCRYPTO.OLB.
-$!
-$ IF (F$SEARCH(CRYPTO_LIB).EQS."")
-$ THEN
-$!
-$!  Tell The User We Can't Find The LIBCRYPTO.OLB Library.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "Can't Find The Library ",CRYPTO_LIB,"."
-$   WRITE SYS$OUTPUT "We Can't Link Without It."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Since We Can't Link Without It, Exit.
-$!
-$   EXIT
-$!
-$! End The Crypto Library Check.
-$!
-$ ENDIF
-$!
-$! Look For The Library LIBSSL.OLB.
-$!
-$ IF (F$SEARCH(SSL_LIB).EQS."")
-$ THEN
-$!
-$!  Tell The User We Can't Find The LIBSSL.OLB Library.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "Can't Find The Library ",SSL_LIB,"."
-$   WRITE SYS$OUTPUT "Some Of The Test Programs Need To Link To It."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Since We Can't Link Without It, Exit.
-$!
-$   EXIT
-$!
-$! End The SSL Library Check.
-$!
-$ ENDIF
-$!
-$! Time To Return.
-$!
-$ RETURN
-$!
-$! Check The User's Options.
-$!
-$ CHECK_OPTIONS:
-$!
-$! Set basic C compiler /INCLUDE directories.
-$!
-$ CC_INCLUDES = "SYS$DISK:[-],SYS$DISK:[-.CRYPTO]"
-$!
-$! Check To See If P1 Is Blank.
-$!
-$ IF (P1.EQS."NODEBUG")
-$ THEN
-$!
-$!  P1 Is NODEBUG, So Compile Without Debugger Information.
-$!
-$   DEBUGGER  = "NODEBUG"
-$   LINKMAP = "NOMAP"
-$   TRACEBACK = "NOTRACEBACK" 
-$   GCC_OPTIMIZE = "OPTIMIZE"
-$   CC_OPTIMIZE = "OPTIMIZE"
-$   WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
-$   WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$!  Check To See If We Are To Compile With Debugger Information.
-$!
-$   IF (P1.EQS."DEBUG")
-$   THEN
-$!
-$!    Compile With Debugger Information.
-$!
-$     DEBUGGER  = "DEBUG"
-$     LINKMAP = "MAP"
-$     TRACEBACK = "TRACEBACK"
-$     GCC_OPTIMIZE = "NOOPTIMIZE"
-$     CC_OPTIMIZE = "NOOPTIMIZE"
-$     WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile."
-$     WRITE SYS$OUTPUT "Compiling Without Compiler Optimization."
-$!
-$!  Else...
-$!
-$   ELSE
-$!
-$!    Tell The User Entered An Invalid Option.
-$!
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "The Option ",P1," Is Invalid.  The Valid Options Are:"
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "    DEBUG    :  Compile With The Debugger Information."
-$     WRITE SYS$OUTPUT "    NODEBUG  :  Compile Without The Debugger Information."
-$     WRITE SYS$OUTPUT ""
-$!
-$!    Time To EXIT.
-$!
-$     EXIT
-$!
-$!  End The Valid Argument Check.
-$!
-$   ENDIF
-$!
-$! End The P1 Check.
-$!
-$ ENDIF
-$!
-$! Check P5 (POINTER_SIZE).
-$!
-$ IF (P5 .NES. "") .AND. (ARCH .NES. "VAX")
-$ THEN
-$!
-$   IF (P5 .EQS. "32")
-$   THEN
-$     POINTER_SIZE = " /POINTER_SIZE=32"
-$   ELSE
-$     POINTER_SIZE = F$EDIT( P5, "COLLAPSE, UPCASE")
-$     IF ((POINTER_SIZE .EQS. "64") .OR. -
-       (POINTER_SIZE .EQS. "64=") .OR. -
-       (POINTER_SIZE .EQS. "64=ARGV"))
-$     THEN
-$       ARCHD = ARCH+ "_64"
-$       LIB32 = ""
-$       IF (F$EXTRACT( 2, 1, POINTER_SIZE) .EQS. "=")
-$       THEN
-$!        Explicit user choice: "64" or "64=ARGV".
-$         IF (POINTER_SIZE .EQS. "64=") THEN POINTER_SIZE = "64"
-$       ELSE
-$         SET NOON
-$         DEFINE /USER_MODE SYS$OUTPUT NL:
-$         DEFINE /USER_MODE SYS$ERROR NL:
-$         CC /NOLIST /NOOBJECT /POINTER_SIZE=64=ARGV NL:
-$         IF ($STATUS .AND. %X0FFF0000) .EQ. %X00030000
-$         THEN
-$           ! If we got here, it means DCL complained like this:
-$           ! %DCL-W-NOVALU, value not allowed - remove value specification
-$           !  \64=\
-$           !
-$           ! If the compiler was run, logicals defined in /USER would
-$           ! have been deassigned automatically.  However, when DCL
-$           ! complains, they aren't, so we do it here (it might be
-$           ! unnecessary, but just in case there will be another error
-$           ! message further on that we don't want to miss)
-$           DEASSIGN /USER_MODE SYS$ERROR
-$           DEASSIGN /USER_MODE SYS$OUTPUT
-$         ELSE
-$           POINTER_SIZE = POINTER_SIZE + "=ARGV"
-$         ENDIF
-$         SET ON
-$       ENDIF
-$       POINTER_SIZE = " /POINTER_SIZE=''POINTER_SIZE'"
-$     ELSE
-$!
-$!      Tell The User Entered An Invalid Option.
-$!
-$       WRITE SYS$OUTPUT ""
-$       WRITE SYS$OUTPUT "The Option ", P5, -
-         " Is Invalid.  The Valid Options Are:"
-$       WRITE SYS$OUTPUT ""
-$       WRITE SYS$OUTPUT -
-         "    """"  :  Compile with default (short) pointers."
-$       WRITE SYS$OUTPUT -
-         "    32  :  Compile with 32-bit (short) pointers."
-$       WRITE SYS$OUTPUT -
-         "    64       :  Compile with 64-bit (long) pointers (auto ARGV)."
-$       WRITE SYS$OUTPUT -
-         "    64=      :  Compile with 64-bit (long) pointers (no ARGV)."
-$       WRITE SYS$OUTPUT -
-         "    64=ARGV  :  Compile with 64-bit (long) pointers (ARGV)."
-$       WRITE SYS$OUTPUT ""
-$! 
-$!      Time To EXIT.
-$!
-$       EXIT
-$!
-$     ENDIF
-$!
-$   ENDIF
-$!
-$! End The P5 (POINTER_SIZE) Check.
-$!
-$ ENDIF
-$!
-$! Check To See If P2 Is Blank.
-$!
-$ IF (P2.EQS."")
-$ THEN
-$!
-$!  O.K., The User Didn't Specify A Compiler, Let's Try To
-$!  Find Out Which One To Use.
-$!
-$!  Check To See If We Have GNU C.
-$!
-$   IF (F$TRNLNM("GNU_CC").NES."")
-$   THEN
-$!
-$!    Looks Like GNUC, Set To Use GNUC.
-$!
-$     P2 = "GNUC"
-$!
-$!  End The GNU C Compiler Check.
-$!
-$   ELSE
-$!
-$!  Check To See If We Have VAXC Or DECC.
-$!
-$     IF (ARCH.NES."VAX").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
-$     THEN 
-$!
-$!      Looks Like DECC, Set To Use DECC.
-$!
-$       P2 = "DECC"
-$!
-$!      Else...
-$!
-$     ELSE
-$!
-$!      Looks Like VAXC, Set To Use VAXC.
-$!
-$       P2 = "VAXC"
-$!
-$!    End The VAXC Compiler Check.
-$!
-$     ENDIF
-$!
-$!  End The DECC & VAXC Compiler Check.
-$!
-$   ENDIF
-$!
-$!  End The Compiler Check.
-$!
-$ ENDIF
-$!
-$! Check To See If We Have A Option For P3.
-$!
-$ IF (P3.EQS."")
-$ THEN
-$!
-$!  Find out what socket library we have available
-$!
-$   IF F$PARSE("SOCKETSHR:") .NES. ""
-$   THEN
-$!
-$!    We have SOCKETSHR, and it is my opinion that it's the best to use.
-$!
-$     P3 = "SOCKETSHR"
-$!
-$!    Tell the user
-$!
-$     WRITE SYS$OUTPUT "Using SOCKETSHR for TCP/IP"
-$!
-$!    Else, let's look for something else
-$!
-$   ELSE
-$!
-$!    Like UCX (the reason to do this before Multinet is that the UCX
-$!    emulation is easier to use...)
-$!
-$     IF F$TRNLNM("UCX$IPC_SHR") .NES. "" -
-         .OR. F$PARSE("SYS$SHARE:UCX$IPC_SHR.EXE") .NES. "" -
-         .OR. F$PARSE("SYS$LIBRARY:UCX$IPC.OLB") .NES. ""
-$     THEN
-$!
-$!      Last resort: a UCX or UCX-compatible library
-$!
-$       P3 = "UCX"
-$!
-$!      Tell the user
-$!
-$       WRITE SYS$OUTPUT "Using UCX or an emulation thereof for TCP/IP"
-$!
-$!      That was all...
-$!
-$     ENDIF
-$   ENDIF
-$ ENDIF
-$!
-$! Set Up Initial CC Definitions, Possibly With User Ones
-$!
-$ CCDEFS = "TCPIP_TYPE_''P3'"
-$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
-$ CCEXTRAFLAGS = ""
-$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = "" !!! "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
-$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
-        CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
-$!
-$! Check To See If We Have A ZLIB Option.
-$!
-$ ZLIB = P6
-$ IF (ZLIB .NES. "")
-$ THEN
-$!
-$!  Check for expected ZLIB files.
-$!
-$   err = 0
-$   file1 = f$parse( "zlib.h", ZLIB, , , "SYNTAX_ONLY")
-$   if (f$search( file1) .eqs. "")
-$   then
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid."
-$     WRITE SYS$OUTPUT "    Can't find header: ''file1'"
-$     err = 1
-$   endif
-$   file1 = f$parse( "A.;", ZLIB)- "A.;"
-$!
-$   file2 = f$parse( ZLIB, "libz.olb", , , "SYNTAX_ONLY")
-$   if (f$search( file2) .eqs. "")
-$   then
-$     if (err .eq. 0)
-$     then
-$       WRITE SYS$OUTPUT ""
-$       WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid."
-$     endif
-$     WRITE SYS$OUTPUT "    Can't find library: ''file2'"
-$     WRITE SYS$OUTPUT ""
-$     err = err+ 2
-$   endif
-$   if (err .eq. 1)
-$   then
-$     WRITE SYS$OUTPUT ""
-$   endif
-$!
-$   if (err .ne. 0)
-$   then
-$     GOTO EXIT
-$   endif
-$!
-$   CCDEFS = """ZLIB=1"", "+ CCDEFS
-$   CC_INCLUDES = CC_INCLUDES+ ", "+ file1
-$   ZLIB_LIB = ", ''file2' /library"
-$!
-$!  Print info
-$!
-$   WRITE SYS$OUTPUT "ZLIB library spec: ", file2
-$!
-$! End The P8 Check.
-$!
-$ ENDIF
-$!
-$!  Check To See If The User Entered A Valid Parameter.
-$!
-$ IF (P2.EQS."VAXC").OR.(P2.EQS."DECC").OR.(P2.EQS."GNUC")
-$ THEN
-$!
-$!  Check To See If The User Wanted DECC.
-$!
-$   IF (P2.EQS."DECC")
-$   THEN
-$!
-$!    Looks Like DECC, Set To Use DECC.
-$!
-$     COMPILER = "DECC"
-$!
-$!    Tell The User We Are Using DECC.
-$!
-$     WRITE SYS$OUTPUT "Using DECC 'C' Compiler."
-$!
-$!    Use DECC...
-$!
-$     CC = "CC"
-$     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
-         THEN CC = "CC /DECC"
-$     CC = CC + " /''CC_OPTIMIZE' /''DEBUGGER' /STANDARD=RELAXED"+ -
-       "''POINTER_SIZE' /NOLIST /PREFIX=ALL" + -
-       " /INCLUDE=(''CC_INCLUDES') " + CCEXTRAFLAGS
-$!
-$!    Define The Linker Options File Name.
-$!
-$     OPT_FILE = "VAX_DECC_OPTIONS.OPT"
-$!
-$!  End DECC Check.
-$!
-$   ENDIF
-$!
-$!  Check To See If We Are To Use VAXC.
-$!
-$   IF (P2.EQS."VAXC")
-$   THEN
-$!
-$!    Looks Like VAXC, Set To Use VAXC.
-$!
-$     COMPILER = "VAXC"
-$!
-$!    Tell The User We Are Using VAX C.
-$!
-$     WRITE SYS$OUTPUT "Using VAXC 'C' Compiler."
-$!
-$!    Compile Using VAXC.
-$!
-$     CC = "CC"
-$     IF ARCH.NES."VAX"
-$     THEN
-$       WRITE SYS$OUTPUT "There is no VAX C on ''ARCH'!"
-$       EXIT
-$     ENDIF
-$     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC /VAXC"
-$     CC = CC + "/''CC_OPTIMIZE' /''DEBUGGER' /NOLIST" + -
-           "/INCLUDE=(''CC_INCLUDES')" + CCEXTRAFLAGS
-$     CCDEFS = CCDEFS + ",""VAXC"""
-$!
-$!    Define <sys> As SYS$COMMON:[SYSLIB]
-$!
-$     DEFINE /NOLOG SYS SYS$COMMON:[SYSLIB]
-$!
-$!    Define The Linker Options File Name.
-$!
-$     OPT_FILE = "VAX_VAXC_OPTIONS.OPT"
-$!
-$!  End VAXC Check
-$!
-$   ENDIF
-$!
-$!  Check To See If We Are To Use GNU C.
-$!
-$   IF (P2.EQS."GNUC")
-$   THEN
-$!
-$!    Looks Like GNUC, Set To Use GNUC.
-$!
-$     COMPILER = "GNUC"
-$!
-$!    Tell The User We Are Using GNUC.
-$!
-$     WRITE SYS$OUTPUT "Using GNU 'C' Compiler."
-$!
-$!    Use GNU C...
-$!
-$     CC = "GCC /NOCASE_HACK /''GCC_OPTIMIZE' /''DEBUGGER' /NOLIST" + -
-           "/INCLUDE=(''CC_INCLUDES')" + CCEXTRAFLAGS
-$!
-$!    Define The Linker Options File Name.
-$!
-$     OPT_FILE = "VAX_GNUC_OPTIONS.OPT"
-$!
-$!  End The GNU C Check.
-$!
-$   ENDIF
-$!
-$!  Set up default defines
-$!
-$   CCDEFS = """FLAT_INC=1""," + CCDEFS
-$!
-$!  Finish up the definition of CC.
-$!
-$   IF COMPILER .EQS. "DECC"
-$   THEN
-$     IF CCDISABLEWARNINGS .EQS. ""
-$     THEN
-$       CC4DISABLEWARNINGS = "DOLLARID"
-$     ELSE
-$       CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID"
-$       CCDISABLEWARNINGS = " /WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
-$     ENDIF
-$     CC4DISABLEWARNINGS = " /WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
-$   ELSE
-$     CCDISABLEWARNINGS = ""
-$     CC4DISABLEWARNINGS = ""
-$   ENDIF
-$   CC = CC + " /DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
-$!
-$!  Show user the result
-$!
-$   WRITE /SYMBOL SYS$OUTPUT "Main Compiling Command: ", CC
-$!
-$!  Else The User Entered An Invalid Argument.
-$!
-$ ELSE
-$!
-$!  Tell The User We Don't Know What They Want.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The Option ",P2," Is Invalid.  The Valid Options Are:"
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "    VAXC  :  To Compile With VAX C."
-$   WRITE SYS$OUTPUT "    DECC  :  To Compile With DEC C."
-$   WRITE SYS$OUTPUT "    GNUC  :  To Compile With GNU C."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Time To EXIT.
-$!
-$   EXIT
-$ ENDIF
-$!
-$! Time to check the contents, and to make sure we get the correct library.
-$!
-$ IF P3.EQS."SOCKETSHR" .OR. P3.EQS."MULTINET" .OR. P3.EQS."UCX" -
-     .OR. P3.EQS."TCPIP" .OR. P3.EQS."NONE"
-$ THEN
-$!
-$!  Check to see if SOCKETSHR was chosen
-$!
-$   IF P3.EQS."SOCKETSHR"
-$   THEN
-$!
-$!    Set the library to use SOCKETSHR
-$!
-$     TCPIP_LIB = ",SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT /OPTIONS"
-$!
-$!    Done with SOCKETSHR
-$!
-$   ENDIF
-$!
-$!  Check to see if MULTINET was chosen
-$!
-$   IF P3.EQS."MULTINET"
-$   THEN
-$!
-$!    Set the library to use UCX emulation.
-$!
-$     P3 = "UCX"
-$!
-$!    Done with MULTINET
-$!
-$   ENDIF
-$!
-$!  Check to see if UCX was chosen
-$!
-$   IF P3.EQS."UCX"
-$   THEN
-$!
-$!    Set the library to use UCX.
-$!
-$     TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT /OPTIONS"
-$     IF F$TRNLNM("UCX$IPC_SHR") .NES. ""
-$     THEN
-$       TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT /OPTIONS"
-$     ELSE
-$       IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN -
-          TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT /OPTIONS"
-$     ENDIF
-$!
-$!    Done with UCX
-$!
-$   ENDIF
-$!
-$!  Check to see if TCPIP was chosen
-$!
-$   IF P3.EQS."TCPIP"
-$   THEN
-$!
-$!    Set the library to use TCPIP (post UCX).
-$!
-$     TCPIP_LIB = ",SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT /OPTIONS"
-$!
-$!    Done with TCPIP
-$!
-$   ENDIF
-$!
-$!  Check to see if NONE was chosen
-$!
-$   IF P3.EQS."NONE"
-$   THEN
-$!
-$!    Do not use a TCPIP library.
-$!
-$     TCPIP_LIB = ""
-$!
-$!    Done with NONE
-$!
-$   ENDIF
-$!
-$!  Print info
-$!
-$   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB- ","
-$!
-$!  Else The User Entered An Invalid Argument.
-$!
-$ ELSE
-$!
-$!  Tell The User We Don't Know What They Want.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The Option ",P3," Is Invalid.  The Valid Options Are:"
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "    SOCKETSHR  :  To link with SOCKETSHR TCP/IP library."
-$   WRITE SYS$OUTPUT "    UCX        :  To link with UCX TCP/IP library."
-$   WRITE SYS$OUTPUT "    TCPIP      :  To link with TCPIP (post UCX) TCP/IP library."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Time To EXIT.
-$!
-$   EXIT
-$!
-$!  Done with TCP/IP libraries
-$!
-$ ENDIF
-$!
-$! Special Threads For OpenVMS v7.1 Or Later
-$!
-$! Written By:  Richard Levitte
-$!              richard@levitte.org
-$!
-$!
-$! Check To See If We Have A Option For P4.
-$!
-$ IF (P4.EQS."")
-$ THEN
-$!
-$!  Get The Version Of VMS We Are Using.
-$!
-$   ISSEVEN :=
-$   TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION")))
-$   TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP))
-$!
-$!  Check To See If The VMS Version Is v7.1 Or Later.
-$!
-$   IF (TMP.GE.71)
-$   THEN
-$!
-$!    We Have OpenVMS v7.1 Or Later, So Use The Special Threads.
-$!
-$     ISSEVEN := ,PTHREAD_USE_D4
-$!
-$!  End The VMS Version Check.
-$!
-$   ENDIF
-$!
-$! End The P4 Check.
-$!
-$ ENDIF
-$!
-$!  Time To RETURN...
-$!
-$ RETURN
-$!
-$ INITIALISE:
-$!
-$! Save old value of the logical name OPENSSL
-$!
-$ __SAVE_OPENSSL = F$TRNLNM("OPENSSL","LNM$PROCESS_TABLE")
-$!
-$! Save directory information
-$!
-$ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A.;"
-$ __HERE = F$EDIT(__HERE,"UPCASE")
-$ __TOP = __HERE - "TEST]"
-$ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
-$!
-$! Set up the logical name OPENSSL to point at the include directory
-$!
-$ DEFINE OPENSSL /NOLOG '__INCLUDE'
-$!
-$! Done
-$!
-$ RETURN
-$!
-$ CLEANUP:
-$!
-$! Restore the logical name OPENSSL if it had a value
-$!
-$ IF __SAVE_OPENSSL .EQS. ""
-$ THEN
-$   DEASSIGN OPENSSL
-$ ELSE
-$   DEFINE /NOLOG OPENSSL '__SAVE_OPENSSL'
-$ ENDIF
-$!
-$! Done
-$!
-$ RETURN
diff --git a/src/lib/libssl/src/test/tcrl.com b/src/lib/libssl/src/test/tcrl.com
deleted file mode 100644
index dd96a2b6dd..0000000000
--- a/src/lib/libssl/src/test/tcrl.com
+++ /dev/null
@@ -1,88 +0,0 @@
-$! TCRL.COM  --  Tests crl keys
-$
-$       __arch = "VAX"
-$       if f$getsyi("cpu") .ge. 128 then -
-           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$       if __arch .eqs. "" then __arch = "UNK"
-$!
-$       if (p2 .eqs. "64") then __arch = __arch+ "_64"
-$!
-$       exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
-$
-$       cmd = "mcr ''exe_dir'openssl crl"
-$
-$       t = "testcrl.pem"
-$       if p1 .nes. "" then t = p1
-$
-$       write sys$output "testing CRL conversions"
-$       if f$search("fff.*") .nes "" then delete fff.*;*
-$       if f$search("ff.*") .nes "" then delete ff.*;*
-$       if f$search("f.*") .nes "" then delete f.*;*
-$       convert/fdl=sys$input: 't' fff.p
-RECORD
-        FORMAT STREAM_LF
-$
-$       write sys$output "p -> d"
-$       'cmd' -in fff.p -inform p -outform d -out f.d
-$       if $severity .ne. 1 then exit 3
-$!      write sys$output "p -> t"
-$!      'cmd' -in fff.p -inform p -outform t -out f.t
-$!      if $severity .ne. 1 then exit 3
-$       write sys$output "p -> p"
-$       'cmd' -in fff.p -inform p -outform p -out f.p
-$       if $severity .ne. 1 then exit 3
-$
-$       write sys$output "d -> d"
-$       'cmd' -in f.d -inform d -outform d -out ff.d1
-$       if $severity .ne. 1 then exit 3
-$!      write sys$output "t -> d"
-$!      'cmd' -in f.t -inform t -outform d -out ff.d2
-$!      if $severity .ne. 1 then exit 3
-$       write sys$output "p -> d"
-$       'cmd' -in f.p -inform p -outform d -out ff.d3
-$       if $severity .ne. 1 then exit 3
-$
-$!      write sys$output "d -> t"
-$!      'cmd' -in f.d -inform d -outform t -out ff.t1
-$!      if $severity .ne. 1 then exit 3
-$!      write sys$output "t -> t"
-$!      'cmd' -in f.t -inform t -outform t -out ff.t2
-$!      if $severity .ne. 1 then exit 3
-$!      write sys$output "p -> t"
-$!      'cmd' -in f.p -inform p -outform t -out ff.t3
-$!      if $severity .ne. 1 then exit 3
-$
-$       write sys$output "d -> p"
-$       'cmd' -in f.d -inform d -outform p -out ff.p1
-$       if $severity .ne. 1 then exit 3
-$!      write sys$output "t -> p"
-$!      'cmd' -in f.t -inform t -outform p -out ff.p2
-$!      if $severity .ne. 1 then exit 3
-$       write sys$output "p -> p"
-$       'cmd' -in f.p -inform p -outform p -out ff.p3
-$       if $severity .ne. 1 then exit 3
-$
-$       backup/compare fff.p f.p
-$       if $severity .ne. 1 then exit 3
-$       backup/compare fff.p ff.p1
-$       if $severity .ne. 1 then exit 3
-$!      backup/compare fff.p ff.p2
-$!      if $severity .ne. 1 then exit 3
-$       backup/compare fff.p ff.p3
-$       if $severity .ne. 1 then exit 3
-$
-$!      backup/compare f.t ff.t1
-$!      if $severity .ne. 1 then exit 3
-$!      backup/compare f.t ff.t2
-$!      if $severity .ne. 1 then exit 3
-$!      backup/compare f.t ff.t3
-$!      if $severity .ne. 1 then exit 3
-$
-$       backup/compare f.p ff.p1
-$       if $severity .ne. 1 then exit 3
-$!      backup/compare f.p ff.p2
-$!      if $severity .ne. 1 then exit 3
-$       backup/compare f.p ff.p3
-$       if $severity .ne. 1 then exit 3
-$
-$       delete f.*;*,ff.*;*,fff.*;*
diff --git a/src/lib/libssl/src/test/testca.com b/src/lib/libssl/src/test/testca.com
deleted file mode 100644
index 78cda9ec5a..0000000000
--- a/src/lib/libssl/src/test/testca.com
+++ /dev/null
@@ -1,52 +0,0 @@
-$! TESTCA.COM
-$
-$       __arch = "VAX"
-$       if f$getsyi("cpu") .ge. 128 then -
-           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$       if __arch .eqs. "" then __arch = "UNK"
-$!
-$       if (p1 .eqs. "64") then __arch = __arch+ "_64"
-$
-$       openssl = "mcr ''exe_dir'openssl"
-$
-$       SSLEAY_CONFIG="-config ""CAss.cnf"""
-$
-$       set noon
-$       if f$search("demoCA.dir") .nes. ""
-$       then
-$           @[-.util]deltree [.demoCA]*.*
-$           set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) demoCA.dir;*
-$           delete demoCA.dir;*
-$       endif
-$       set on
-$       open/read sys$ca_input VMSca-response.1
-$       @[-.apps]CA.com -input sys$ca_input -newca
-$       close sys$ca_input
-$       if $severity .ne. 1 then exit 3
-$
-$
-$       SSLEAY_CONFIG="-config ""Uss.cnf"""
-$       @[-.apps]CA.com -newreq
-$       if $severity .ne. 1 then exit 3
-$
-$
-$       SSLEAY_CONFIG="-config [-.apps]openssl-vms.cnf"
-$       open/read sys$ca_input VMSca-response.2
-$       @[-.apps]CA.com -input sys$ca_input -sign
-$       close sys$ca_input
-$       if $severity .ne. 1 then exit 3
-$
-$
-$       @[-.apps]CA.com -verify newcert.pem
-$       if $severity .ne. 1 then exit 3
-$
-$       set noon
-$       @[-.util]deltree [.demoCA]*.*
-$       set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) demoCA.dir;*
-$       delete demoCA.dir;*
-$       if f$search("newcert.pem") .nes. "" then delete newcert.pem;*
-$       if f$search("newcert.pem") .nes. "" then delete newreq.pem;*
-$       set on
-$!      #usage: CA -newcert|-newreq|-newca|-sign|-verify
-$
-$       exit
diff --git a/src/lib/libssl/src/test/testenc.com b/src/lib/libssl/src/test/testenc.com
deleted file mode 100644
index 75acd6f07f..0000000000
--- a/src/lib/libssl/src/test/testenc.com
+++ /dev/null
@@ -1,66 +0,0 @@
-$! TESTENC.COM  --  Test encoding and decoding
-$
-$       __arch = "VAX"
-$       if f$getsyi("cpu") .ge. 128 then -
-           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$       if __arch .eqs. "" then __arch = "UNK"
-$!
-$       if (p1 .eqs. 64) then __arch = __arch+ "_64"
-$
-$       exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
-$       testsrc = "makefile."
-$       test = "p.txt"
-$       cmd = "mcr ''exe_dir'openssl"
-$
-$       if f$search(test) .nes. "" then delete 'test';*
-$       convert/fdl=sys$input: 'testsrc' 'test'
-RECORD
-        FORMAT STREAM_LF
-$
-$       if f$search(test+"-cipher") .nes. "" then delete 'test'-cipher;*
-$       if f$search(test+"-clear") .nes. "" then delete 'test'-clear;*
-$
-$       write sys$output "cat"
-$       'cmd' enc -in 'test' -out 'test'-cipher
-$       'cmd' enc -in 'test'-cipher -out 'test'-clear
-$       backup/compare 'test' 'test'-clear
-$       if $severity .ne. 1 then exit 3
-$       delete 'test'-cipher;*,'test'-clear;*
-$
-$       write sys$output "base64"
-$       'cmd' enc -a -e -in 'test' -out 'test'-cipher
-$       'cmd' enc -a -d -in 'test'-cipher -out 'test'-clear
-$       backup/compare 'test' 'test'-clear
-$       if $severity .ne. 1 then exit 3
-$       delete 'test'-cipher;*,'test'-clear;*
-$
-$       define/user sys$output 'test'-cipher-commands
-$       'cmd' list-cipher-commands
-$       open/read f 'test'-cipher-commands
-$ loop_cipher_commands:
-$       read/end=loop_cipher_commands_end f i
-$       write sys$output i
-$
-$       if f$search(test+"-"+i+"-cipher") .nes. "" then -
-                delete 'test'-'i'-cipher;*
-$       if f$search(test+"-"+i+"-clear") .nes. "" then -
-                delete 'test'-'i'-clear;*
-$
-$       'cmd' 'i' -bufsize 113 -e -k test -in 'test' -out 'test'-'i'-cipher
-$       'cmd' 'i' -bufsize 157 -d -k test -in 'test'-'i'-cipher -out 'test'-'i'-clear
-$       backup/compare 'test' 'test'-'i'-clear
-$       if $severity .ne. 1 then exit 3
-$       delete 'test'-'i'-cipher;*,'test'-'i'-clear;*
-$
-$       write sys$output i," base64"
-$       'cmd' 'i' -bufsize 113 -a -e -k test -in 'test' -out 'test'-'i'-cipher
-$       'cmd' 'i' -bufsize 157 -a -d -k test -in 'test'-'i'-cipher -out 'test'-'i'-clear
-$       backup/compare 'test' 'test'-'i'-clear
-$       if $severity .ne. 1 then exit 3
-$       delete 'test'-'i'-cipher;*,'test'-'i'-clear;*
-$
-$       goto loop_cipher_commands
-$ loop_cipher_commands_end:
-$       close f
-$       delete 'test'-cipher-commands;*
-$       delete 'test';*
diff --git a/src/lib/libssl/src/test/testgen.com b/src/lib/libssl/src/test/testgen.com
deleted file mode 100644
index e076da2f30..0000000000
--- a/src/lib/libssl/src/test/testgen.com
+++ /dev/null
@@ -1,58 +0,0 @@
-$! TESTGEN.COM
-$
-$       __arch = "VAX"
-$       if f$getsyi("cpu") .ge. 128 then -
-           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$       if __arch .eqs. "" then __arch = "UNK"
-$       if (p1 .eqs. 64) then __arch = __arch+ "_64"
-$       exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
-$
-$       T = "testcert"
-$       KEY = 512
-$       CA = "[-.certs]testca.pem"
-$
-$       set noon
-$       if f$search(T+".1;*") .nes. "" then delete 'T'.1;*
-$       if f$search(T+".2;*") .nes. "" then delete 'T'.2;*
-$       if f$search(T+".key;*") .nes. "" then delete 'T'.key;*
-$       set on
-$
-$       write sys$output "generating certificate request"
-$
-$       append/new nl: .rnd
-$       open/append random_file .rnd
-$       write random_file -
-         "string to make the random number generator think it has entropy"
-$       close random_file
-$
-$       set noon
-$       define/user sys$output nla0:
-$       mcr 'exe_dir'openssl no-rsa
-$       save_severity=$SEVERITY
-$       set on
-$       if save_severity
-$       then
-$           req_new="-newkey dsa:[-.apps]dsa512.pem"
-$       else
-$           req_new="-new"
-$           write sys$output -
-             "There should be a 2 sequences of .'s and some +'s."
-$           write sys$output -
-             "There should not be more that at most 80 per line"
-$       endif
-$
-$       write sys$output "This could take some time."
-$
-$       mcr 'exe_dir'openssl req -config test.cnf 'req_new' -out testreq.pem
-$       if $severity .ne. 1
-$       then
-$           write sys$output "problems creating request"
-$           exit 3
-$       endif
-$
-$       mcr 'exe_dir'openssl req -config test.cnf -verify -in testreq.pem -noout
-$       if $severity .ne. 1
-$       then
-$           write sys$output "signature on req is wrong"
-$           exit 3
-$       endif
diff --git a/src/lib/libssl/src/test/tests.com b/src/lib/libssl/src/test/tests.com
deleted file mode 100644
index a840d5078f..0000000000
--- a/src/lib/libssl/src/test/tests.com
+++ /dev/null
@@ -1,375 +0,0 @@
-$! TESTS.COM  --  Performs the necessary tests
-$!
-$! P1   tests to be performed.  Empty means all.
-$! P2   Pointer size: "", "32", or "64".
-$!
-$! Announce/identify.
-$!
-$       proc = f$environment( "procedure")
-$       write sys$output "@@@ "+ -
-         f$parse( proc, , , "name")+ f$parse( proc, , , "type")
-$!
-$       __proc = f$element(0,";",f$environment("procedure"))
-$       __here = f$parse(f$parse("A.;",__proc) - "A.;","[]A.;") - "A.;"
-$       __save_default = f$environment("default")
-$       __arch = "VAX"
-$       if f$getsyi("cpu") .ge. 128 then -
-           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$       if __arch .eqs. "" then __arch = "UNK"
-$!
-$       __archd = __arch
-$       pointer_size = ""
-$       if (p2 .eq. "64")
-$       then
-$         pointer_size = "64"
-$         __archd = __arch+ "_64"
-$       endif
-$!
-$       texe_dir := sys$disk:[-.'__archd'.exe.test]
-$       exe_dir := sys$disk:[-.'__archd'.exe.apps]
-$
-$       set default '__here'
-$
-$       ROOT = F$PARSE("sys$disk:[-]A.;0",,,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
-$       ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
-$       ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
-                   - ".][000000" - "[000000." - "][" - "[" - "]"
-$       ROOT = ROOT_DEV + "[" + ROOT_DIR
-$       DEFINE/NOLOG SSLROOT 'ROOT'.APPS.] /TRANS=CONC
-$       openssl_conf := sslroot:[000000]openssl-vms.cnf
-$
-$       on control_y then goto exit
-$       on error then goto exit
-$
-$       if p1 .nes. ""
-$       then
-$           tests = p1
-$       else
-$! NOTE: This list reflects the list of dependencies following the
-$! "alltests" target in Makefile.  This should make it easy to see
-$! if there's a difference that needs to be taken care of.
-$           tests := -
-        test_des,test_idea,test_sha,test_md4,test_md5,test_hmac,-
-        test_md2,test_mdc2,test_wp,-
-        test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,test_aes,-
-        test_rand,test_bn,test_ec,test_ecdsa,test_ecdh,-
-        test_enc,test_x509,test_rsa,test_crl,test_sid,-
-        test_gen,test_req,test_pkcs7,test_verify,test_dh,test_dsa,-
-        test_ss,test_ca,test_engine,test_evp,test_ssl,test_tsa,test_ige,-
-        test_jpake,test_srp,test_cms
-$       endif
-$       tests = f$edit(tests,"COLLAPSE")
-$
-$       BNTEST :=       bntest
-$       ECTEST :=       ectest
-$       ECDSATEST :=    ecdsatest
-$       ECDHTEST :=     ecdhtest
-$       EXPTEST :=      exptest
-$       IDEATEST :=     ideatest
-$       SHATEST :=      shatest
-$       SHA1TEST :=     sha1test
-$       SHA256TEST :=   sha256t
-$       SHA512TEST :=   sha512t
-$       MDC2TEST :=     mdc2test
-$       RMDTEST :=      rmdtest
-$       MD2TEST :=      md2test
-$       MD4TEST :=      md4test
-$       MD5TEST :=      md5test
-$       HMACTEST :=     hmactest
-$       WPTEST :=       wp_test
-$       RC2TEST :=      rc2test
-$       RC4TEST :=      rc4test
-$       RC5TEST :=      rc5test
-$       BFTEST :=       bftest
-$       CASTTEST :=     casttest
-$       DESTEST :=      destest
-$       RANDTEST :=     randtest
-$       DHTEST :=       dhtest
-$       DSATEST :=      dsatest
-$       METHTEST :=     methtest
-$       SSLTEST :=      ssltest
-$       RSATEST :=      rsa_test
-$       ENGINETEST :=   enginetest
-$       EVPTEST :=      evp_test
-$       IGETEST :=      igetest
-$       JPAKETEST :=    jpaketest
-$       SRPTEST :=      srptest
-$       ASN1TEST :=     asn1test
-$!
-$       tests_i = 0
-$ loop_tests:
-$       tests_e = f$element(tests_i,",",tests)
-$       tests_i = tests_i + 1
-$       if tests_e .eqs. "," then goto exit
-$       write sys$output "---> ''tests_e'"
-$       gosub 'tests_e'
-$       goto loop_tests
-$
-$ test_evp:
-$       mcr 'texe_dir''evptest' 'ROOT'.CRYPTO.EVP]evptests.txt
-$       return
-$ test_des:
-$       mcr 'texe_dir''destest'
-$       return
-$ test_idea:
-$       mcr 'texe_dir''ideatest'
-$       return
-$ test_sha:
-$       mcr 'texe_dir''shatest'
-$       mcr 'texe_dir''sha1test'
-$       mcr 'texe_dir''sha256test'
-$       mcr 'texe_dir''sha512test'
-$       return
-$ test_mdc2:
-$       mcr 'texe_dir''mdc2test'
-$       return
-$ test_md5:
-$       mcr 'texe_dir''md5test'
-$       return
-$ test_md4:
-$       mcr 'texe_dir''md4test'
-$       return
-$ test_hmac:
-$       mcr 'texe_dir''hmactest'
-$       return
-$ test_wp:
-$       mcr 'texe_dir''wptest'
-$       return
-$ test_md2:
-$       mcr 'texe_dir''md2test'
-$       return
-$ test_rmd:
-$       mcr 'texe_dir''rmdtest'
-$       return
-$ test_bf:
-$       mcr 'texe_dir''bftest'
-$       return
-$ test_cast:
-$       mcr 'texe_dir''casttest'
-$       return
-$ test_rc2:
-$       mcr 'texe_dir''rc2test'
-$       return
-$ test_rc4:
-$       mcr 'texe_dir''rc4test'
-$       return
-$ test_rc5:
-$       mcr 'texe_dir''rc5test'
-$       return
-$ test_rand:
-$       mcr 'texe_dir''randtest'
-$       return
-$ test_enc:
-$       @testenc.com 'pointer_size'
-$       return
-$ test_x509:
-$       set noon
-$       define sys$error test_x509.err
-$       write sys$output "test normal x509v1 certificate"
-$       @tx509.com "" 'pointer_size'
-$       write sys$output "test first x509v3 certificate"
-$       @tx509.com v3-cert1.pem 'pointer_size'
-$       write sys$output "test second x509v3 certificate"
-$       @tx509.com v3-cert2.pem 'pointer_size'
-$       deassign sys$error
-$       set on
-$       return
-$ test_rsa:
-$       set noon
-$       define sys$error test_rsa.err
-$       @trsa.com "" 'pointer_size'
-$       deassign sys$error
-$       mcr 'texe_dir''rsatest'
-$       set on
-$       return
-$ test_crl:
-$       set noon
-$       define sys$error test_crl.err
-$       @tcrl.com "" 'pointer_size'
-$       deassign sys$error
-$       set on
-$       return
-$ test_sid:
-$       set noon
-$       define sys$error test_sid.err
-$       @tsid.com "" 'pointer_size'
-$       deassign sys$error
-$       set on
-$       return
-$ test_req:
-$       set noon
-$       define sys$error test_req.err
-$       @treq.com "" 'pointer_size'
-$       @treq.com testreq2.pem 'pointer_size'
-$       deassign sys$error
-$       set on
-$       return
-$ test_pkcs7:
-$       set noon
-$       define sys$error test_pkcs7.err
-$       @tpkcs7.com "" 'pointer_size'
-$       @tpkcs7d.com "" 'pointer_size'
-$       deassign sys$error
-$       set on
-$       return
-$ test_bn:
-$       write sys$output -
-              "starting big number library test, could take a while..."
-$       set noon
-$       define sys$error test_bn.err
-$       define sys$output test_bn.out
-$       @ bctest.com
-$       status = $status
-$       deassign sys$error
-$       deassign sys$output
-$       set on
-$       if (status)
-$       then
-$           create /fdl = sys$input bntest-vms.tmp
-FILE
-        ORGANIZATION    sequential
-RECORD
-        FORMAT          stream_lf
-$           define /user_mode sys$output bntest-vms.tmp
-$           mcr 'texe_dir''bntest'
-$           define /user_mode sys$input bntest-vms.tmp
-$           define /user_mode sys$output bntest-vms.out
-$           bc
-$           @ bntest.com bntest-vms.out
-$           status = $status
-$           if (status)
-$           then
-$               delete bntest-vms.out;*
-$               delete bntest-vms.tmp;*
-$           endif
-$       else
-$           create /fdl = sys$input bntest-vms.sh
-FILE
-        ORGANIZATION    sequential
-RECORD
-        FORMAT          stream_lf
-$           open /append bntest_file bntest-vms.sh
-$           type /output = bntest_file sys$input:
-<< __FOO__ sh -c "`sh ./bctest`" | perl -e '$i=0; while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $1";} elsif (!/^0$/) {die "\nFailed! bc: $_";} else {print STDERR "."; $i++;}} print STDERR "\n$i tests passed\n"'
-$           define /user_mode sys$output bntest-vms.tmp
-$           mcr 'texe_dir''bntest'
-$           copy bntest-vms.tmp bntest_file
-$           delete bntest-vms.tmp;*
-$           type /output = bntest_file sys$input:
-__FOO__
-$           close bntest_file
-$           write sys$output "-- copy the [.test]bntest-vms.sh and [.test]bctest files to a Unix system and"
-$           write sys$output "-- run bntest-vms.sh through sh or bash to verify that the bignum operations"
-$           write sys$output "-- went well."
-$           write sys$output ""
-$       endif
-$       write sys$output "test a^b%c implementations"
-$       mcr 'texe_dir''exptest'
-$       return
-$ test_ec:
-$       write sys$output "test elliptic curves"
-$       mcr 'texe_dir''ectest'
-$       return
-$ test_ecdsa:
-$       write sys$output "test ecdsa"
-$       mcr 'texe_dir''ecdsatest'
-$       return
-$ test_ecdh:
-$       write sys$output "test ecdh"
-$       mcr 'texe_dir''ecdhtest'
-$       return
-$ test_verify:
-$       write sys$output "The following command should have some OK's and some failures"
-$       write sys$output "There are definitly a few expired certificates"
-$       @tverify.com 'pointer_size'
-$       return
-$ test_dh:
-$       write sys$output "Generate a set of DH parameters"
-$       mcr 'texe_dir''dhtest'
-$       return
-$ test_dsa:
-$       write sys$output "Generate a set of DSA parameters"
-$       mcr 'texe_dir''dsatest'
-$       return
-$ test_gen:
-$       write sys$output "Generate and verify a certificate request"
-$       @testgen.com 'pointer_size'
-$       return
-$ maybe_test_ss:
-$       testss_RDT = f$cvtime(f$file_attributes("testss.com","RDT"))
-$       if f$cvtime(f$file_attributes("keyU.ss","RDT")) .les. testss_RDT then -
-                goto test_ss
-$       if f$cvtime(f$file_attributes("certU.ss","RDT")) .les. testss_RDT then -
-                goto test_ss
-$       if f$cvtime(f$file_attributes("certCA.ss","RDT")) .les. testss_RDT then -
-                goto test_ss
-$       return
-$ test_ss:
-$       write sys$output "Generate and certify a test certificate"
-$       @testss.com 'pointer_size'
-$       return
-$ test_engine: 
-$       write sys$output "Manipulate the ENGINE structures"
-$       mcr 'texe_dir''enginetest'
-$       return
-$ test_ssl:
-$       write sys$output "test SSL protocol"
-$       gosub maybe_test_ss
-$       @testssl.com keyU.ss certU.ss certCA.ss 'pointer_size'
-$       return
-$ test_ca:
-$       set noon
-$       define /user_mode sys$output test_ca.out
-$       mcr 'exe_dir'openssl no-rsa
-$       save_severity=$SEVERITY
-$       set on
-$       if save_severity
-$       then
-$           write sys$output "skipping CA.com test -- requires RSA"
-$       else
-$           write sys$output "Generate and certify a test certificate via the 'ca' program"
-$           @testca.com 'pointer_size'
-$       endif
-$       return
-$ test_aes: 
-$!      write sys$output "test AES"
-$!      !mcr 'texe_dir''aestest'
-$       return
-$ test_tsa:
-$       set noon
-$       define /user_mode sys$output nla0:
-$       mcr 'exe_dir'openssl no-rsa
-$       save_severity=$SEVERITY
-$       set on
-$       if save_severity
-$       then
-$           write sys$output "skipping testtsa.com test -- requires RSA"
-$       else
-$           @testtsa.com "" "" "" 'pointer_size'
-$       endif
-$       return
-$ test_ige: 
-$       write sys$output "Test IGE mode"
-$       mcr 'texe_dir''igetest'
-$       return
-$ test_jpake: 
-$       write sys$output "Test JPAKE"
-$       mcr 'texe_dir''jpaketest'
-$       return
-$ test_cms:
-$       write sys$output "CMS consistency test"
-$       ! Define the logical name used to find openssl.exe in the perl script.
-$       define /user_mode osslx 'exe_dir'
-$       perl CMS-TEST.PL
-$       return
-$ test_srp: 
-$       write sys$output "Test SRP"
-$       mcr 'texe_dir''srptest'
-$       return
-$
-$
-$ exit:
-$       mcr 'exe_dir'openssl version -a
-$       set default '__save_default'
-$       deassign sslroot
-$       exit
diff --git a/src/lib/libssl/src/test/testss.com b/src/lib/libssl/src/test/testss.com
deleted file mode 100644
index 32a74d0fc2..0000000000
--- a/src/lib/libssl/src/test/testss.com
+++ /dev/null
@@ -1,123 +0,0 @@
-$! TESTSS.COM
-$
-$       __arch = "VAX"
-$       if f$getsyi("cpu") .ge. 128 then -
-           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$       if __arch .eqs. "" then __arch = "UNK"
-$!
-$       if (p1 .eqs. "64") then __arch = __arch+ "_64"
-$!
-$       exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
-$
-$       digest="-md5"
-$       reqcmd = "mcr ''exe_dir'openssl req"
-$       x509cmd = "mcr ''exe_dir'openssl x509 ''digest'"
-$       verifycmd = "mcr ''exe_dir'openssl verify"
-$       dummycnf = "sys$disk:[-.apps]openssl-vms.cnf"
-$
-$       CAkey="""keyCA.ss"""
-$       CAcert="""certCA.ss"""
-$       CAreq="""reqCA.ss"""
-$       CAconf="""CAss.cnf"""
-$       CAreq2="""req2CA.ss"""  ! temp
-$
-$       Uconf="""Uss.cnf"""
-$       Ukey="""keyU.ss"""
-$       Ureq="""reqU.ss"""
-$       Ucert="""certU.ss"""
-$
-$       write sys$output ""
-$       write sys$output "make a certificate request using 'req'"
-$
-$       set noon
-$       define/user sys$output nla0:
-$       mcr 'exe_dir'openssl no-rsa
-$       save_severity=$SEVERITY
-$       set on
-$       if save_severity
-$       then
-$           req_new="-newkey dsa:[-.apps]dsa512.pem"
-$       else
-$           req_new="-new"
-$       endif
-$
-$       'reqcmd' -config 'CAconf' -out 'CAreq' -keyout 'CAkey' 'req_new' ! -out err.ss
-$       if $severity .ne. 1
-$       then
-$               write sys$output "error using 'req' to generate a certificate request"
-$               exit 3
-$       endif
-$       write sys$output ""
-$       write sys$output "convert the certificate request into a self signed certificate using 'x509'"
-$       define /user sys$output err.ss
-$       'x509cmd' "-CAcreateserial" -in 'CAreq' -days 30 -req -out 'CAcert' -signkey 'CAkey'
-$       if $severity .ne. 1
-$       then
-$               write sys$output "error using 'x509' to self sign a certificate request"
-$               exit 3
-$       endif
-$
-$       write sys$output ""
-$       write sys$output "convert a certificate into a certificate request using 'x509'"
-$       define /user sys$output err.ss
-$       'x509cmd' -in 'CAcert' -x509toreq -signkey 'CAkey' -out 'CAreq2'
-$       if $severity .ne. 1
-$       then
-$               write sys$output "error using 'x509' convert a certificate to a certificate request"
-$               exit 3
-$       endif
-$
-$       'reqcmd' -config 'dummycnf' -verify -in 'CAreq' -noout
-$       if $severity .ne. 1
-$       then
-$               write sys$output "first generated request is invalid"
-$               exit 3
-$       endif
-$
-$       'reqcmd' -config 'dummycnf' -verify -in 'CAreq2' -noout
-$       if $severity .ne. 1
-$       then
-$               write sys$output "second generated request is invalid"
-$               exit 3
-$       endif
-$
-$       'verifycmd' "-CAfile" 'CAcert' 'CAcert'
-$       if $severity .ne. 1
-$       then
-$               write sys$output "first generated cert is invalid"
-$               exit 3
-$       endif
-$
-$       write sys$output ""
-$       write sys$output "make another certificate request using 'req'"
-$       define /user sys$output err.ss
-$       'reqcmd' -config 'Uconf' -out 'Ureq' -keyout 'Ukey' 'req_new'
-$       if $severity .ne. 1
-$       then
-$               write sys$output "error using 'req' to generate a certificate request"
-$               exit 3
-$       endif
-$
-$       write sys$output ""
-$       write sys$output "sign certificate request with the just created CA via 'x509'"
-$       define /user sys$output err.ss
-$       'x509cmd' "-CAcreateserial" -in 'Ureq' -days 30 -req -out 'Ucert' "-CA" 'CAcert' "-CAkey" 'CAkey'
-$       if $severity .ne. 1
-$       then
-$               write sys$output "error using 'x509' to sign a certificate request"
-$               exit 3
-$       endif
-$
-$       'verifycmd' "-CAfile" 'CAcert' 'Ucert'
-$       write sys$output ""
-$       write sys$output "Certificate details"
-$       'x509cmd' -subject -issuer -startdate -enddate -noout -in 'Ucert'
-$
-$       write sys$output ""
-$       write sys$output "The generated CA certificate is ",CAcert
-$       write sys$output "The generated CA private key is ",CAkey
-$
-$       write sys$output "The generated user certificate is ",Ucert
-$       write sys$output "The generated user private key is ",Ukey
-$
-$       if f$search("err.ss;*") .nes. "" then delete err.ss;*
diff --git a/src/lib/libssl/src/test/testssl b/src/lib/libssl/src/test/testssl
index 5ae4dc8720..4e8542b556 100644
--- a/src/lib/libssl/src/test/testssl
+++ b/src/lib/libssl/src/test/testssl
@@ -119,6 +119,23 @@ $ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1
 echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
 $ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
 
+echo "Testing ciphersuites"
+for protocol in TLSv1.2 SSLv3; do
+  echo "Testing ciphersuites for $protocol"
+  for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do
+    echo "Testing $cipher"
+    prot=""
+    if [ $protocol = "SSLv3" ] ; then
+      prot="-ssl3"
+    fi
+    $ssltest -cipher $cipher $prot
+    if [ $? -ne 0 ] ; then
+          echo "Failed $cipher"
+          exit 1
+    fi
+  done
+done
+
 #############################################################################
 
 if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
diff --git a/src/lib/libssl/src/test/testssl.com b/src/lib/libssl/src/test/testssl.com
deleted file mode 100644
index f19edc4719..0000000000
--- a/src/lib/libssl/src/test/testssl.com
+++ /dev/null
@@ -1,208 +0,0 @@
-$! TESTSSL.COM
-$
-$       __arch = "VAX"
-$       if f$getsyi("cpu") .ge. 128 then -
-           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$       if __arch .eqs. "" then __arch = "UNK"
-$!
-$       if (p4 .eqs. "64") then __arch = __arch+ "_64"
-$!
-$       texe_dir = "sys$disk:[-.''__arch'.exe.test]"
-$       exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
-$
-$       if p1 .eqs. ""
-$       then
-$           key="[-.apps]server.pem"
-$       else
-$           key=p1
-$       endif
-$       if p2 .eqs. ""
-$       then
-$           cert="[-.apps]server.pem"
-$       else
-$           cert=p2
-$       endif
-$       ssltest = "mcr ''texe_dir'ssltest -key ''key'"+ -
-         " -cert ''cert' -c_key ''key' -c_cert ''cert'"
-$!
-$       set noon
-$       define/user sys$output testssl-x509-output.
-$       define/user sys$error nla0:
-$       mcr 'exe_dir'openssl x509 -in 'cert' -text -noout
-$       define/user sys$error nla0:
-$       search/output=nla0: testssl-x509-output. "DSA Public Key"/exact
-$       if $severity .eq. 1
-$       then
-$           dsa_cert = "YES"
-$       else
-$           dsa_cert = "NO"
-$       endif
-$       delete testssl-x509-output.;*
-$
-$       if p3 .eqs. ""
-$       then
-$           copy/concatenate [-.certs]*.pem certs.tmp
-$           CA = """-CAfile"" certs.tmp"
-$       else
-$           CA = """-CAfile"" "+p3
-$       endif
-$
-$!###########################################################################
-$
-$       write sys$output "test sslv2"
-$       'ssltest' -ssl2
-$       if $severity .ne. 1 then goto exit3
-$
-$       write sys$output "test sslv2 with server authentication"
-$       'ssltest' -ssl2 -server_auth 'CA'
-$       if $severity .ne. 1 then goto exit3
-$
-$       if .not. dsa_cert
-$       then
-$           write sys$output "test sslv2 with client authentication"
-$           'ssltest' -ssl2 -client_auth 'CA'
-$           if $severity .ne. 1 then goto exit3
-$
-$           write sys$output "test sslv2 with both client and server authentication"
-$           'ssltest' -ssl2 -server_auth -client_auth 'CA'
-$           if $severity .ne. 1 then goto exit3
-$       endif
-$
-$       write sys$output "test sslv3"
-$       'ssltest' -ssl3
-$       if $severity .ne. 1 then goto exit3
-$
-$       write sys$output "test sslv3 with server authentication"
-$       'ssltest' -ssl3 -server_auth 'CA'
-$       if $severity .ne. 1 then goto exit3
-$
-$       write sys$output "test sslv3 with client authentication"
-$       'ssltest' -ssl3 -client_auth 'CA'
-$       if $severity .ne. 1 then goto exit3
-$
-$       write sys$output "test sslv3 with both client and server authentication"
-$       'ssltest' -ssl3 -server_auth -client_auth 'CA'
-$       if $severity .ne. 1 then goto exit3
-$
-$       write sys$output "test sslv2/sslv3"
-$       'ssltest'
-$       if $severity .ne. 1 then goto exit3
-$
-$       write sys$output "test sslv2/sslv3 with server authentication"
-$       'ssltest' -server_auth 'CA'
-$       if $severity .ne. 1 then goto exit3
-$
-$       write sys$output "test sslv2/sslv3 with client authentication"
-$       'ssltest' -client_auth 'CA'
-$       if $severity .ne. 1 then goto exit3
-$
-$       write sys$output "test sslv2/sslv3 with both client and server authentication"
-$       'ssltest' -server_auth -client_auth 'CA'
-$       if $severity .ne. 1 then goto exit3
-$
-$       write sys$output "test sslv2 via BIO pair"
-$       'ssltest' -bio_pair -ssl2 
-$       if $severity .ne. 1 then goto exit3
-$
-$       write sys$output "test sslv2 with server authentication via BIO pair"
-$       'ssltest' -bio_pair -ssl2 -server_auth 'CA' 
-$       if $severity .ne. 1 then goto exit3
-$
-$       if .not. dsa_cert
-$       then
-$           write sys$output "test sslv2 with client authentication via BIO pair"
-$           'ssltest' -bio_pair -ssl2 -client_auth 'CA' 
-$           if $severity .ne. 1 then goto exit3
-$
-$           write sys$output "test sslv2 with both client and server authentication via BIO pair"
-$           'ssltest' -bio_pair -ssl2 -server_auth -client_auth 'CA' 
-$           if $severity .ne. 1 then goto exit3
-$       endif
-$
-$       write sys$output "test sslv3 via BIO pair"
-$       'ssltest' -bio_pair -ssl3 
-$       if $severity .ne. 1 then goto exit3
-$
-$       write sys$output "test sslv3 with server authentication via BIO pair"
-$       'ssltest' -bio_pair -ssl3 -server_auth 'CA' 
-$       if $severity .ne. 1 then goto exit3
-$
-$       write sys$output "test sslv3 with client authentication via BIO pair"
-$       'ssltest' -bio_pair -ssl3 -client_auth 'CA' 
-$       if $severity .ne. 1 then goto exit3
- 
-$       write sys$output "test sslv3 with both client and server authentication via BIO pair"
-$       'ssltest' -bio_pair -ssl3 -server_auth -client_auth 'CA' 
-$       if $severity .ne. 1 then goto exit3
-$
-$       write sys$output "test sslv2/sslv3 via BIO pair"
-$       'ssltest' 
-$       if $severity .ne. 1 then goto exit3
-$
-$       if .not. dsa_cert
-$       then
-$           write sys$output "test sslv2/sslv3 w/o DHE via BIO pair"
-$           'ssltest' -bio_pair -no_dhe
-$           if $severity .ne. 1 then goto exit3
-$       endif
-$
-$       write sys$output "test sslv2/sslv3 with 1024 bit DHE via BIO pair"
-$       'ssltest' -bio_pair -dhe1024dsa -v
-$       if $severity .ne. 1 then goto exit3
-$
-$       write sys$output "test sslv2/sslv3 with server authentication"
-$       'ssltest' -bio_pair -server_auth 'CA' 
-$       if $severity .ne. 1 then goto exit3
-$
-$       write sys$output "test sslv2/sslv3 with client authentication via BIO pair"
-$       'ssltest' -bio_pair -client_auth 'CA' 
-$       if $severity .ne. 1 then goto exit3
-$
-$       write sys$output "test sslv2/sslv3 with both client and server authentication via BIO pair"
-$       'ssltest' -bio_pair -server_auth -client_auth 'CA' 
-$       if $severity .ne. 1 then goto exit3
-$
-$!###########################################################################
-$
-$       define/user sys$output nla0:
-$       mcr 'exe_dir'openssl no-rsa
-$       no_rsa=$SEVERITY
-$       define/user sys$output nla0:
-$       mcr 'exe_dir'openssl no-dh
-$       no_dh=$SEVERITY
-$
-$       if no_dh
-$       then
-$           write sys$output "skipping anonymous DH tests"
-$       else
-$           write sys$output "test tls1 with 1024bit anonymous DH, multiple handshakes"
-$           'ssltest' -v -bio_pair -tls1 -cipher "ADH" -dhe1024dsa -num 10 -f -time
-$           if $severity .ne. 1 then goto exit3
-$       endif
-$
-$       if no_rsa
-$       then
-$           write sys$output "skipping RSA tests"
-$       else
-$           write sys$output "test tls1 with 1024bit RSA, no DHE, multiple handshakes"
-$           mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -no_dhe -num 10 -f -time
-$           if $severity .ne. 1 then goto exit3
-$
-$           if no_dh
-$           then
-$               write sys$output "skipping RSA+DHE tests"
-$           else
-$               write sys$output "test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes"
-$               mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -dhe1024dsa -num 10 -f -time
-$               if $severity .ne. 1 then goto exit3
-$           endif
-$       endif
-$
-$       RET = 1
-$       goto exit
-$ exit3:
-$       RET = 3
-$ exit:
-$       if p3 .eqs. "" then delete certs.tmp;*
-$       set on
-$       exit 'RET'
diff --git a/src/lib/libssl/src/test/testtsa.com b/src/lib/libssl/src/test/testtsa.com
deleted file mode 100644
index 29fb1d0e63..0000000000
--- a/src/lib/libssl/src/test/testtsa.com
+++ /dev/null
@@ -1,255 +0,0 @@
-$!
-$! A few very basic tests for the 'ts' time stamping authority command.
-$!
-$
-$       __arch = "VAX"
-$       if f$getsyi("cpu") .ge. 128 then -
-           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$       if __arch .eqs. "" then __arch = "UNK"
-$!
-$       if (p4 .eqs. "64") then __arch = __arch+ "_64"
-$!
-$       exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
-$
-$       openssl = "mcr ''f$parse(exe_dir+"openssl.exe")'"
-$       OPENSSL_CONF = "[-]CAtsa.cnf"
-$       ! Because that's what ../apps/CA.sh really looks at
-$       SSLEAY_CONFIG = "-config " + OPENSSL_CONF
-$
-$ error:
-$       subroutine
-$               write sys$error "TSA test failed!"
-$               exit 3
-$       endsubroutine
-$
-$ setup_dir:
-$       subroutine
-$
-$               if f$search("tsa.dir") .nes ""
-$               then
-$                       @[-.util]deltree [.tsa]*.*
-$                       set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;*
-$                       delete tsa.dir;*
-$               endif
-$
-$               create/dir [.tsa]
-$               set default [.tsa]
-$       endsubroutine
-$
-$ clean_up_dir:
-$       subroutine
-$
-$               set default [-]
-$               @[-.util]deltree [.tsa]*.*
-$               set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;*
-$               delete tsa.dir;*
-$       endsubroutine
-$
-$ create_ca:
-$       subroutine
-$
-$               write sys$output "Creating a new CA for the TSA tests..."
-$               TSDNSECT = "ts_ca_dn"
-$               openssl req -new -x509 -nodes -
-                        -out tsaca.pem -keyout tsacakey.pem
-$               if $severity .ne. 1 then call error
-$       endsubroutine
-$
-$ create_tsa_cert:
-$       subroutine
-$
-$               INDEX=p1
-$               EXT=p2
-$               TSDNSECT = "ts_cert_dn"
-$
-$               openssl req -new -
-                        -out tsa_req'INDEX'.pem -keyout tsa_key'INDEX'.pem
-$               if $severity .ne. 1 then call error
-$
-$               write sys$output "Using extension ''EXT'"
-$               openssl x509 -req -
-                        -in tsa_req'INDEX'.pem -out tsa_cert'INDEX'.pem -
-                        "-CA" tsaca.pem "-CAkey" tsacakey.pem "-CAcreateserial" -
-                        -extfile 'OPENSSL_CONF' -extensions "''EXT'"
-$               if $severity .ne. 1 then call error
-$       endsubroutine
-$
-$ print_request:
-$       subroutine
-$
-$               openssl ts -query -in 'p1' -text
-$       endsubroutine
-$
-$ create_time_stamp_request1: subroutine
-$
-$               openssl ts -query -data [-]testtsa.com -policy tsa_policy1 -
-                        -cert -out req1.tsq
-$               if $severity .ne. 1 then call error
-$       endsubroutine
-$
-$ create_time_stamp_request2: subroutine
-$
-$               openssl ts -query -data [-]testtsa.com -policy tsa_policy2 -
-                        -no_nonce -out req2.tsq
-$               if $severity .ne. 1 then call error
-$       endsubroutine
-$
-$ create_time_stamp_request3: subroutine
-$
-$               openssl ts -query -data [-]CAtsa.cnf -no_nonce -out req3.tsq
-$               if $severity .ne. 1 then call error
-$       endsubroutine
-$
-$ print_response:
-$       subroutine
-$
-$               openssl ts -reply -in 'p1' -text
-$               if $severity .ne. 1 then call error
-$       endsubroutine
-$
-$ create_time_stamp_response:
-$       subroutine
-$
-$               openssl ts -reply -section 'p3' -queryfile 'p1' -out 'p2'
-$               if $severity .ne. 1 then call error
-$       endsubroutine
-$
-$ time_stamp_response_token_test:
-$       subroutine
-$
-$               RESPONSE2 = p2+ "-copy_tsr"
-$               TOKEN_DER = p2+ "-token_der"
-$               openssl ts -reply -in 'p2' -out 'TOKEN_DER' -token_out
-$               if $severity .ne. 1 then call error
-$               openssl ts -reply -in 'TOKEN_DER' -token_in -out 'RESPONSE2'
-$               if $severity .ne. 1 then call error
-$               backup/compare 'RESPONSE2' 'p2'
-$               if $severity .ne. 1 then call error
-$               openssl ts -reply -in 'p2' -text -token_out
-$               if $severity .ne. 1 then call error
-$               openssl ts -reply -in 'TOKEN_DER' -token_in -text -token_out
-$               if $severity .ne. 1 then call error
-$               openssl ts -reply -queryfile 'p1' -text -token_out
-$               if $severity .ne. 1 then call error
-$       endsubroutine
-$
-$ verify_time_stamp_response:
-$       subroutine
-$
-$               openssl ts -verify -queryfile 'p1' -in 'p2' -
-                        "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
-$               if $severity .ne. 1 then call error
-$               openssl ts -verify -data 'p3' -in 'p2' -
-                        "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
-$               if $severity .ne. 1 then call error
-$       endsubroutine
-$
-$ verify_time_stamp_token:
-$       subroutine
-$
-$               ! create the token from the response first
-$               openssl ts -reply -in "''p2'" -out "''p2'-token" -token_out
-$               if $severity .ne. 1 then call error
-$               openssl ts -verify -queryfile "''p1'" -in "''p2'-token" -
-                 -token_in "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
-$               if $severity .ne. 1 then call error
-$               openssl ts -verify -data "''p3'" -in "''p2'-token" -
-                 -token_in "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
-$               if $severity .ne. 1 then call error
-$       endsubroutine
-$
-$ verify_time_stamp_response_fail:
-$       subroutine
-$
-$               openssl ts -verify -queryfile 'p1' -in 'p2' -
-                        "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
-$               ! Checks if the verification failed, as it should have.
-$               if $severity .eq. 1 then call error
-$               write sys$output "Ok"
-$       endsubroutine
-$
-$       ! Main body ----------------------------------------------------------
-$
-$       set noon
-$
-$       write sys$output "Setting up TSA test directory..."
-$       call setup_dir
-$
-$       write sys$output "Creating CA for TSA tests..."
-$       call create_ca
-$
-$       write sys$output "Creating tsa_cert1.pem TSA server cert..."
-$       call create_tsa_cert 1 "tsa_cert"
-$
-$       write sys$output "Creating tsa_cert2.pem non-TSA server cert..."
-$       call create_tsa_cert 2 "non_tsa_cert"
-$
-$       write sys$output "Creating req1.req time stamp request for file testtsa..."
-$       call create_time_stamp_request1
-$
-$       write sys$output "Printing req1.req..."
-$       call print_request "req1.tsq"
-$
-$       write sys$output "Generating valid response for req1.req..."
-$       call create_time_stamp_response "req1.tsq" "resp1.tsr" "tsa_config1"
-$
-$       write sys$output "Printing response..."
-$       call print_response "resp1.tsr"
-$
-$       write sys$output "Verifying valid response..."
-$       call verify_time_stamp_response "req1.tsq" "resp1.tsr" "[-]testtsa.com"
-$
-$       write sys$output "Verifying valid token..."
-$       call verify_time_stamp_token "req1.tsq" "resp1.tsr" "[-]testtsa.com"
-$
-$       ! The tests below are commented out, because invalid signer certificates
-$       ! can no longer be specified in the config file.
-$
-$       ! write sys$output "Generating _invalid_ response for req1.req..."
-$       ! call create_time_stamp_response "req1.tsq" "resp1_bad.tsr" "tsa_config2"
-$
-$       ! write sys$output "Printing response..."
-$       ! call print_response "resp1_bad.tsr"
-$
-$       ! write sys$output "Verifying invalid response, it should fail..."
-$       ! call verify_time_stamp_response_fail "req1.tsq" "resp1_bad.tsr"
-$
-$       write sys$output "Creating req2.req time stamp request for file testtsa..."
-$       call create_time_stamp_request2
-$
-$       write sys$output "Printing req2.req..."
-$       call print_request "req2.tsq"
-$
-$       write sys$output "Generating valid response for req2.req..."
-$       call create_time_stamp_response "req2.tsq" "resp2.tsr" "tsa_config1"
-$
-$       write sys$output "Checking '-token_in' and '-token_out' options with '-reply'..."
-$       call time_stamp_response_token_test "req2.tsq" "resp2.tsr"
-$
-$       write sys$output "Printing response..."
-$       call print_response "resp2.tsr"
-$
-$       write sys$output "Verifying valid response..."
-$       call verify_time_stamp_response "req2.tsq" "resp2.tsr" "[-]testtsa.com"
-$
-$       write sys$output "Verifying response against wrong request, it should fail..."
-$       call verify_time_stamp_response_fail "req1.tsq" "resp2.tsr"
-$
-$       write sys$output "Verifying response against wrong request, it should fail..."
-$       call verify_time_stamp_response_fail "req2.tsq" "resp1.tsr"
-$
-$       write sys$output "Creating req3.req time stamp request for file CAtsa.cnf..."
-$       call create_time_stamp_request3
-$
-$       write sys$output "Printing req3.req..."
-$       call print_request "req3.tsq"
-$
-$       write sys$output "Verifying response against wrong request, it should fail..."
-$       call verify_time_stamp_response_fail "req3.tsq" "resp1.tsr"
-$
-$       write sys$output "Cleaning up..."
-$       call clean_up_dir
-$
-$       set on
-$
-$       exit
diff --git a/src/lib/libssl/src/test/tpkcs7.com b/src/lib/libssl/src/test/tpkcs7.com
deleted file mode 100644
index 3fc4982bb0..0000000000
--- a/src/lib/libssl/src/test/tpkcs7.com
+++ /dev/null
@@ -1,59 +0,0 @@
-$! TPKCS7.COM  --  Tests pkcs7 keys
-$
-$       __arch = "VAX"
-$       if f$getsyi("cpu") .ge. 128 then -
-           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$       if __arch .eqs. "" then __arch = "UNK"
-$!
-$       if (p2 .eqs. "64") then __arch = __arch+ "_64"
-$!
-$       exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
-$
-$       cmd = "mcr ''exe_dir'openssl pkcs7"
-$
-$       t = "testp7.pem"
-$       if p1 .nes. "" then t = p1
-$
-$       write sys$output "testing PKCS7 conversions"
-$       if f$search("fff.*") .nes "" then delete fff.*;*
-$       if f$search("ff.*") .nes "" then delete ff.*;*
-$       if f$search("f.*") .nes "" then delete f.*;*
-$       convert/fdl=sys$input: 't' fff.p
-RECORD
-        FORMAT STREAM_LF
-$
-$       write sys$output "p -> d"
-$       'cmd' -in fff.p -inform p -outform d -out f.d
-$       if $severity .ne. 1 then exit 3
-$       write sys$output "p -> p"
-$       'cmd' -in fff.p -inform p -outform p -out f.p
-$       if $severity .ne. 1 then exit 3
-$
-$       write sys$output "d -> d"
-$       'cmd' -in f.d -inform d -outform d -out ff.d1
-$       if $severity .ne. 1 then exit 3
-$       write sys$output "p -> d"
-$       'cmd' -in f.p -inform p -outform d -out ff.d3
-$       if $severity .ne. 1 then exit 3
-$
-$
-$       write sys$output "d -> p"
-$       'cmd' -in f.d -inform d -outform p -out ff.p1
-$       if $severity .ne. 1 then exit 3
-$       write sys$output "p -> p"
-$       'cmd' -in f.p -inform p -outform p -out ff.p3
-$       if $severity .ne. 1 then exit 3
-$
-$       backup/compare fff.p f.p
-$       if $severity .ne. 1 then exit 3
-$       backup/compare fff.p ff.p1
-$       if $severity .ne. 1 then exit 3
-$       backup/compare fff.p ff.p3
-$       if $severity .ne. 1 then exit 3
-$
-$       backup/compare f.p ff.p1
-$       if $severity .ne. 1 then exit 3
-$       backup/compare f.p ff.p3
-$       if $severity .ne. 1 then exit 3
-$
-$       delete f.*;*,ff.*;*,fff.*;*
diff --git a/src/lib/libssl/src/test/tpkcs7d.com b/src/lib/libssl/src/test/tpkcs7d.com
deleted file mode 100644
index eea8c888ee..0000000000
--- a/src/lib/libssl/src/test/tpkcs7d.com
+++ /dev/null
@@ -1,52 +0,0 @@
-$! TPKCS7.COM  --  Tests pkcs7 keys
-$
-$       __arch = "VAX"
-$       if f$getsyi("cpu") .ge. 128 then -
-           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$       if __arch .eqs. "" then __arch = "UNK"
-$!
-$       if (p2 .eqs. "64") then __arch = __arch+ "_64"
-$!
-$       exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
-$
-$       cmd = "mcr ''exe_dir'openssl pkcs7"
-$
-$       t = "pkcs7-1.pem"
-$       if p1 .nes. "" then t = p1
-$
-$       write sys$output "testing PKCS7 conversions (2)"
-$       if f$search("fff.*") .nes "" then delete fff.*;*
-$       if f$search("ff.*") .nes "" then delete ff.*;*
-$       if f$search("f.*") .nes "" then delete f.*;*
-$       convert/fdl=sys$input: 't' fff.p
-RECORD
-        FORMAT STREAM_LF
-$
-$       write sys$output "p -> d"
-$       'cmd' -in fff.p -inform p -outform d -out f.d
-$       if $severity .ne. 1 then exit 3
-$       write sys$output "p -> p"
-$       'cmd' -in fff.p -inform p -outform p -out f.p
-$       if $severity .ne. 1 then exit 3
-$
-$       write sys$output "d -> d"
-$       'cmd' -in f.d -inform d -outform d -out ff.d1
-$       if $severity .ne. 1 then exit 3
-$       write sys$output "p -> d"
-$       'cmd' -in f.p -inform p -outform d -out ff.d3
-$       if $severity .ne. 1 then exit 3
-$
-$
-$       write sys$output "d -> p"
-$       'cmd' -in f.d -inform d -outform p -out ff.p1
-$       if $severity .ne. 1 then exit 3
-$       write sys$output "p -> p"
-$       'cmd' -in f.p -inform p -outform p -out ff.p3
-$       if $severity .ne. 1 then exit 3
-$
-$       backup/compare f.p ff.p1
-$       if $severity .ne. 1 then exit 3
-$       backup/compare f.p ff.p3
-$       if $severity .ne. 1 then exit 3
-$
-$       delete f.*;*,ff.*;*,fff.*;*
diff --git a/src/lib/libssl/src/test/treq.com b/src/lib/libssl/src/test/treq.com
deleted file mode 100644
index acf08b79ef..0000000000
--- a/src/lib/libssl/src/test/treq.com
+++ /dev/null
@@ -1,88 +0,0 @@
-$! TREQ.COM  --  Tests req keys
-$
-$       __arch = "VAX"
-$       if f$getsyi("cpu") .ge. 128 then -
-           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$       if __arch .eqs. "" then __arch = "UNK"
-$!
-$       if (p2 .eqs. "64") then __arch = __arch+ "_64"
-$!
-$       exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
-$
-$       cmd = "mcr ''exe_dir'openssl req -config [-.apps]openssl-vms.cnf"
-$
-$       t = "testreq.pem"
-$       if p1 .nes. "" then t = p1
-$
-$       write sys$output "testing req conversions"
-$       if f$search("fff.*") .nes "" then delete fff.*;*
-$       if f$search("ff.*") .nes "" then delete ff.*;*
-$       if f$search("f.*") .nes "" then delete f.*;*
-$       convert/fdl=sys$input: 't' fff.p
-RECORD
-        FORMAT STREAM_LF
-$
-$       write sys$output "p -> d"
-$       'cmd' -in fff.p -inform p -outform d -out f.d
-$       if $severity .ne. 1 then exit 3
-$!      write sys$output "p -> t"
-$!      'cmd' -in fff.p -inform p -outform t -out f.t
-$!      if $severity .ne. 1 then exit 3
-$       write sys$output "p -> p"
-$       'cmd' -in fff.p -inform p -outform p -out f.p
-$       if $severity .ne. 1 then exit 3
-$
-$       write sys$output "d -> d"
-$       'cmd' -verify -in f.d -inform d -outform d -out ff.d1
-$       if $severity .ne. 1 then exit 3
-$!      write sys$output "t -> d"
-$!      'cmd' -verify -in f.t -inform t -outform d -out ff.d2
-$!      if $severity .ne. 1 then exit 3
-$       write sys$output "p -> d"
-$       'cmd' -verify -in f.p -inform p -outform d -out ff.d3
-$       if $severity .ne. 1 then exit 3
-$
-$!      write sys$output "d -> t"
-$!      'cmd' -in f.d -inform d -outform t -out ff.t1
-$!      if $severity .ne. 1 then exit 3
-$!      write sys$output "t -> t"
-$!      'cmd' -in f.t -inform t -outform t -out ff.t2
-$!      if $severity .ne. 1 then exit 3
-$!      write sys$output "p -> t"
-$!      'cmd' -in f.p -inform p -outform t -out ff.t3
-$!      if $severity .ne. 1 then exit 3
-$
-$       write sys$output "d -> p"
-$       'cmd' -in f.d -inform d -outform p -out ff.p1
-$       if $severity .ne. 1 then exit 3
-$!      write sys$output "t -> p"
-$!      'cmd' -in f.t -inform t -outform p -out ff.p2
-$!      if $severity .ne. 1 then exit 3
-$       write sys$output "p -> p"
-$       'cmd' -in f.p -inform p -outform p -out ff.p3
-$       if $severity .ne. 1 then exit 3
-$
-$       backup/compare fff.p f.p
-$       if $severity .ne. 1 then exit 3
-$       backup/compare fff.p ff.p1
-$       if $severity .ne. 1 then exit 3
-$!      backup/compare fff.p ff.p2
-$!      if $severity .ne. 1 then exit 3
-$       backup/compare fff.p ff.p3
-$       if $severity .ne. 1 then exit 3
-$
-$!      backup/compare f.t ff.t1
-$!      if $severity .ne. 1 then exit 3
-$!      backup/compare f.t ff.t2
-$!      if $severity .ne. 1 then exit 3
-$!      backup/compare f.t ff.t3
-$!      if $severity .ne. 1 then exit 3
-$
-$       backup/compare f.p ff.p1
-$       if $severity .ne. 1 then exit 3
-$!      backup/compare f.p ff.p2
-$!      if $severity .ne. 1 then exit 3
-$       backup/compare f.p ff.p3
-$       if $severity .ne. 1 then exit 3
-$
-$       delete f.*;*,ff.*;*,fff.*;*
diff --git a/src/lib/libssl/src/test/trsa.com b/src/lib/libssl/src/test/trsa.com
deleted file mode 100644
index 54180843ee..0000000000
--- a/src/lib/libssl/src/test/trsa.com
+++ /dev/null
@@ -1,99 +0,0 @@
-$! TRSA.COM  --  Tests rsa keys
-$
-$       __arch = "VAX"
-$       if f$getsyi("cpu") .ge. 128 then -
-           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$       if __arch .eqs. "" then __arch = "UNK"
-$!
-$       if (p2 .eqs. "64") then __arch = __arch+ "_64"
-$!
-$       exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
-$
-$       set noon
-$       define/user sys$output nla0:
-$       mcr 'exe_dir'openssl no-rsa
-$       save_severity=$SEVERITY
-$       set on
-$       if save_severity
-$       then
-$           write sys$output "skipping RSA conversion test"
-$           exit
-$       endif
-$
-$       cmd = "mcr ''exe_dir'openssl rsa"
-$
-$       t = "testrsa.pem"
-$       if p1 .nes. "" then t = p1
-$
-$       write sys$output "testing RSA conversions"
-$       if f$search("fff.*") .nes "" then delete fff.*;*
-$       if f$search("ff.*") .nes "" then delete ff.*;*
-$       if f$search("f.*") .nes "" then delete f.*;*
-$       convert/fdl=sys$input: 't' fff.p
-RECORD
-        FORMAT STREAM_LF
-$
-$       write sys$output "p -> d"
-$       'cmd' -in fff.p -inform p -outform d -out f.d
-$       if $severity .ne. 1 then exit 3
-$!      write sys$output "p -> t"
-$!      'cmd' -in fff.p -inform p -outform t -out f.t
-$!      if $severity .ne. 1 then exit 3
-$       write sys$output "p -> p"
-$       'cmd' -in fff.p -inform p -outform p -out f.p
-$       if $severity .ne. 1 then exit 3
-$
-$       write sys$output "d -> d"
-$       'cmd' -in f.d -inform d -outform d -out ff.d1
-$       if $severity .ne. 1 then exit 3
-$!      write sys$output "t -> d"
-$!      'cmd' -in f.t -inform t -outform d -out ff.d2
-$!      if $severity .ne. 1 then exit 3
-$       write sys$output "p -> d"
-$       'cmd' -in f.p -inform p -outform d -out ff.d3
-$       if $severity .ne. 1 then exit 3
-$
-$!      write sys$output "d -> t"
-$!      'cmd' -in f.d -inform d -outform t -out ff.t1
-$!      if $severity .ne. 1 then exit 3
-$!      write sys$output "t -> t"
-$!      'cmd' -in f.t -inform t -outform t -out ff.t2
-$!      if $severity .ne. 1 then exit 3
-$!      write sys$output "p -> t"
-$!      'cmd' -in f.p -inform p -outform t -out ff.t3
-$!      if $severity .ne. 1 then exit 3
-$
-$       write sys$output "d -> p"
-$       'cmd' -in f.d -inform d -outform p -out ff.p1
-$       if $severity .ne. 1 then exit 3
-$!      write sys$output "t -> p"
-$!      'cmd' -in f.t -inform t -outform p -out ff.p2
-$!      if $severity .ne. 1 then exit 3
-$       write sys$output "p -> p"
-$       'cmd' -in f.p -inform p -outform p -out ff.p3
-$       if $severity .ne. 1 then exit 3
-$
-$       backup/compare fff.p f.p
-$       if $severity .ne. 1 then exit 3
-$       backup/compare fff.p ff.p1
-$       if $severity .ne. 1 then exit 3
-$!      backup/compare fff.p ff.p2
-$!      if $severity .ne. 1 then exit 3
-$       backup/compare fff.p ff.p3
-$       if $severity .ne. 1 then exit 3
-$
-$!      backup/compare f.t ff.t1
-$!      if $severity .ne. 1 then exit 3
-$!      backup/compare f.t ff.t2
-$!      if $severity .ne. 1 then exit 3
-$!      backup/compare f.t ff.t3
-$!      if $severity .ne. 1 then exit 3
-$
-$       backup/compare f.p ff.p1
-$       if $severity .ne. 1 then exit 3
-$!      backup/compare f.p ff.p2
-$!      if $severity .ne. 1 then exit 3
-$       backup/compare f.p ff.p3
-$       if $severity .ne. 1 then exit 3
-$
-$       delete f.*;*,ff.*;*,fff.*;*
diff --git a/src/lib/libssl/src/test/tsid.com b/src/lib/libssl/src/test/tsid.com
deleted file mode 100644
index b6c4e49473..0000000000
--- a/src/lib/libssl/src/test/tsid.com
+++ /dev/null
@@ -1,88 +0,0 @@
-$! TSID.COM  --  Tests sid keys
-$
-$       __arch = "VAX"
-$       if f$getsyi("cpu") .ge. 128 then -
-           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$       if __arch .eqs. "" then __arch = "UNK"
-$!
-$       if (p2 .eqs. "64") then __arch = __arch+ "_64"
-$!
-$       exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
-$
-$       cmd = "mcr ''exe_dir'openssl sess_id"
-$
-$       t = "testsid.pem"
-$       if p1 .nes. "" then t = p1
-$
-$       write sys$output "testing session-id conversions"
-$       if f$search("fff.*") .nes "" then delete fff.*;*
-$       if f$search("ff.*") .nes "" then delete ff.*;*
-$       if f$search("f.*") .nes "" then delete f.*;*
-$       convert/fdl=sys$input: 't' fff.p
-RECORD
-        FORMAT STREAM_LF
-$
-$       write sys$output "p -> d"
-$       'cmd' -in fff.p -inform p -outform d -out f.d
-$       if $severity .ne. 1 then exit 3
-$!      write sys$output "p -> t"
-$!      'cmd' -in fff.p -inform p -outform t -out f.t
-$!      if $severity .ne. 1 then exit 3
-$       write sys$output "p -> p"
-$       'cmd' -in fff.p -inform p -outform p -out f.p
-$       if $severity .ne. 1 then exit 3
-$
-$       write sys$output "d -> d"
-$       'cmd' -in f.d -inform d -outform d -out ff.d1
-$       if $severity .ne. 1 then exit 3
-$!      write sys$output "t -> d"
-$!      'cmd' -in f.t -inform t -outform d -out ff.d2
-$!      if $severity .ne. 1 then exit 3
-$       write sys$output "p -> d"
-$       'cmd' -in f.p -inform p -outform d -out ff.d3
-$       if $severity .ne. 1 then exit 3
-$
-$!      write sys$output "d -> t"
-$!      'cmd' -in f.d -inform d -outform t -out ff.t1
-$!      if $severity .ne. 1 then exit 3
-$!      write sys$output "t -> t"
-$!      'cmd' -in f.t -inform t -outform t -out ff.t2
-$!      if $severity .ne. 1 then exit 3
-$!      write sys$output "p -> t"
-$!      'cmd' -in f.p -inform p -outform t -out ff.t3
-$!      if $severity .ne. 1 then exit 3
-$
-$       write sys$output "d -> p"
-$       'cmd' -in f.d -inform d -outform p -out ff.p1
-$       if $severity .ne. 1 then exit 3
-$!      write sys$output "t -> p"
-$!      'cmd' -in f.t -inform t -outform p -out ff.p2
-$!      if $severity .ne. 1 then exit 3
-$       write sys$output "p -> p"
-$       'cmd' -in f.p -inform p -outform p -out ff.p3
-$       if $severity .ne. 1 then exit 3
-$
-$       backup/compare fff.p f.p
-$       if $severity .ne. 1 then exit 3
-$       backup/compare fff.p ff.p1
-$       if $severity .ne. 1 then exit 3
-$!      backup/compare fff.p ff.p2
-$!      if $severity .ne. 1 then exit 3
-$       backup/compare fff.p ff.p3
-$       if $severity .ne. 1 then exit 3
-$
-$!      backup/compare f.t ff.t1
-$!      if $severity .ne. 1 then exit 3
-$!      backup/compare f.t ff.t2
-$!      if $severity .ne. 1 then exit 3
-$!      backup/compare f.t ff.t3
-$!      if $severity .ne. 1 then exit 3
-$
-$       backup/compare f.p ff.p1
-$       if $severity .ne. 1 then exit 3
-$!      backup/compare f.p ff.p2
-$!      if $severity .ne. 1 then exit 3
-$       backup/compare f.p ff.p3
-$       if $severity .ne. 1 then exit 3
-$
-$       delete f.*;*,ff.*;*,fff.*;*
diff --git a/src/lib/libssl/src/test/tverify.com b/src/lib/libssl/src/test/tverify.com
deleted file mode 100644
index d888344637..0000000000
--- a/src/lib/libssl/src/test/tverify.com
+++ /dev/null
@@ -1,65 +0,0 @@
-$! TVERIFY.COM
-$
-$       __arch = "VAX"
-$       if f$getsyi("cpu") .ge. 128 then -
-           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$       if __arch .eqs. "" then __arch = "UNK"
-$!
-$       if (p1 .eqs. "64") then __arch = __arch+ "_64"
-$!
-$       line_max = 255 ! Could be longer on modern non-VAX.
-$       temp_file_name = "certs_"+ f$getjpi( "", "PID")+ ".tmp"
-$       exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
-$       cmd = "mcr ''exe_dir'openssl verify ""-CAfile"" ''temp_file_name'"
-$       cmd_len = f$length( cmd)
-$       pems = "[-.certs...]*.pem"
-$!
-$!      Concatenate all the certificate files.
-$!
-$       copy /concatenate 'pems' 'temp_file_name'
-$!
-$!      Loop through all the certificate files.
-$!
-$       args = ""
-$       old_f = ""
-$ loop_file: 
-$           f = f$search( pems)
-$           if ((f .nes. "") .and. (f .nes. old_f))
-$           then
-$             old_f = f
-$!
-$!            If this file name would over-extend the command line, then
-$!            run the command now.
-$!
-$             if (cmd_len+ f$length( args)+ 1+ f$length( f) .gt. line_max)
-$             then
-$                if (args .eqs. "") then goto disaster
-$                'cmd''args'
-$                args = ""
-$             endif
-$!            Add the next file to the argument list.
-$             args = args+ " "+ f
-$          else
-$!            No more files in the list
-$             goto loop_file_end
-$          endif
-$       goto loop_file
-$       loop_file_end:
-$!
-$!      Run the command for any left-over arguments.
-$!
-$       if (args .nes. "")
-$       then
-$          'cmd''args'
-$       endif
-$!
-$!      Delete the temporary file.
-$!
-$       if (f$search( "''temp_file_name';*") .nes. "") then -
-         delete 'temp_file_name';*
-$!
-$       exit
-$!
-$       disaster:
-$       write sys$output "   Command line too long.  Doomed."
-$!
diff --git a/src/lib/libssl/src/test/tx509.com b/src/lib/libssl/src/test/tx509.com
deleted file mode 100644
index 93ce988b41..0000000000
--- a/src/lib/libssl/src/test/tx509.com
+++ /dev/null
@@ -1,88 +0,0 @@
-$! TX509.COM  --  Tests x509 certificates
-$
-$       __arch = "VAX"
-$       if f$getsyi("cpu") .ge. 128 then -
-           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$       if __arch .eqs. "" then __arch = "UNK"
-$!
-$       if (p2 .eqs. "64") then __arch = __arch+ "_64"
-$!
-$       exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
-$
-$       cmd = "mcr ''exe_dir'openssl x509"
-$
-$       t = "testx509.pem"
-$       if p1 .nes. "" then t = p1
-$
-$       write sys$output "testing X509 conversions"
-$       if f$search("fff.*") .nes "" then delete fff.*;*
-$       if f$search("ff.*") .nes "" then delete ff.*;*
-$       if f$search("f.*") .nes "" then delete f.*;*
-$       convert/fdl=sys$input: 't' fff.p
-RECORD
-        FORMAT STREAM_LF
-$
-$       write sys$output "p -> d"
-$       'cmd' -in fff.p -inform p -outform d -out f.d
-$       if $severity .ne. 1 then exit 3
-$       write sys$output "p -> n"
-$       'cmd' -in fff.p -inform p -outform n -out f.n
-$       if $severity .ne. 1 then exit 3
-$       write sys$output "p -> p"
-$       'cmd' -in fff.p -inform p -outform p -out f.p
-$       if $severity .ne. 1 then exit 3
-$
-$       write sys$output "d -> d"
-$       'cmd' -in f.d -inform d -outform d -out ff.d1
-$       if $severity .ne. 1 then exit 3
-$       write sys$output "n -> d"
-$       'cmd' -in f.n -inform n -outform d -out ff.d2
-$       if $severity .ne. 1 then exit 3
-$       write sys$output "p -> d"
-$       'cmd' -in f.p -inform p -outform d -out ff.d3
-$       if $severity .ne. 1 then exit 3
-$
-$       write sys$output "d -> n"
-$       'cmd' -in f.d -inform d -outform n -out ff.n1
-$       if $severity .ne. 1 then exit 3
-$       write sys$output "n -> n"
-$       'cmd' -in f.n -inform n -outform n -out ff.n2
-$       if $severity .ne. 1 then exit 3
-$       write sys$output "p -> n"
-$       'cmd' -in f.p -inform p -outform n -out ff.n3
-$       if $severity .ne. 1 then exit 3
-$
-$       write sys$output "d -> p"
-$       'cmd' -in f.d -inform d -outform p -out ff.p1
-$       if $severity .ne. 1 then exit 3
-$       write sys$output "n -> p"
-$       'cmd' -in f.n -inform n -outform p -out ff.p2
-$       if $severity .ne. 1 then exit 3
-$       write sys$output "p -> p"
-$       'cmd' -in f.p -inform p -outform p -out ff.p3
-$       if $severity .ne. 1 then exit 3
-$
-$       backup/compare fff.p f.p
-$       if $severity .ne. 1 then exit 3
-$       backup/compare fff.p ff.p1
-$       if $severity .ne. 1 then exit 3
-$       backup/compare fff.p ff.p2
-$       if $severity .ne. 1 then exit 3
-$       backup/compare fff.p ff.p3
-$       if $severity .ne. 1 then exit 3
-$
-$       backup/compare f.n ff.n1
-$       if $severity .ne. 1 then exit 3
-$       backup/compare f.n ff.n2
-$       if $severity .ne. 1 then exit 3
-$       backup/compare f.n ff.n3
-$       if $severity .ne. 1 then exit 3
-$
-$       backup/compare f.p ff.p1
-$       if $severity .ne. 1 then exit 3
-$       backup/compare f.p ff.p2
-$       if $severity .ne. 1 then exit 3
-$       backup/compare f.p ff.p3
-$       if $severity .ne. 1 then exit 3
-$
-$       delete f.*;*,ff.*;*,fff.*;*
diff --git a/src/lib/libssl/src/util/deltree.com b/src/lib/libssl/src/util/deltree.com
deleted file mode 100644
index 9f36b1a5e9..0000000000
--- a/src/lib/libssl/src/util/deltree.com
+++ /dev/null
@@ -1,34 +0,0 @@
-$! DELTREE.COM
-$
-$ call deltree 'p1'
-$ exit $status
-$
-$ deltree: subroutine ! P1 is a name of a directory
-$       on control_y then goto dt_STOP
-$       on warning then goto dt_exit
-$       _dt_def = f$trnlnm("SYS$DISK")+f$directory()
-$       if f$parse(p1) .eqs. "" then exit
-$       set default 'f$parse(p1,,,"DEVICE")''f$parse(p1,,,"DIRECTORY")'
-$       p1 = f$parse(p1,,,"NAME") + f$parse(p1,,,"TYPE")
-$       _fp = f$parse(".DIR",p1)
-$ dt_loop:
-$       _f = f$search(_fp)
-$       if _f .eqs. "" then goto dt_loopend
-$       call deltree [.'f$parse(_f,,,"NAME")']*.*
-$       goto dt_loop
-$ dt_loopend:
-$       _fp = f$parse(p1,".;*")
-$       if f$search(_fp) .eqs. "" then goto dt_exit
-$       set noon
-$       set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) '_fp'
-$       set on
-$       delete/nolog '_fp'
-$ dt_exit:
-$       set default '_dt_def'
-$       goto dt_end
-$ dt_STOP:
-$       set default '_dt_def'
-$       stop/id=""
-$       exit
-$ dt_end:
-$       endsubroutine
diff --git a/src/lib/libssl/src/util/libeay.num b/src/lib/libssl/src/util/libeay.num
index 93f80ba0c6..aa86b2b8b1 100644
--- a/src/lib/libssl/src/util/libeay.num
+++ b/src/lib/libssl/src/util/libeay.num
@@ -3510,6 +3510,8 @@ BIO_get_callback_arg                    3902	EXIST::FUNCTION:
 BIO_set_callback                        3903    EXIST::FUNCTION:
 d2i_ASIdOrRange                         3904    EXIST::FUNCTION:RFC3779
 i2d_ASIdentifiers                       3905    EXIST::FUNCTION:RFC3779
+CRYPTO_memcmp                           3906    EXIST::FUNCTION:
+BN_consttime_swap                       3907    EXIST::FUNCTION:
 SEED_decrypt                            3908    EXIST::FUNCTION:SEED
 SEED_encrypt                            3909    EXIST::FUNCTION:SEED
 SEED_cbc_encrypt                        3910    EXIST::FUNCTION:SEED
@@ -3687,7 +3689,7 @@ FIPS_dh_new                             4073	NOEXIST::FUNCTION:
 FIPS_corrupt_dsa_keygen                 4074    NOEXIST::FUNCTION:
 FIPS_dh_free                            4075    NOEXIST::FUNCTION:
 fips_pkey_signature_test                4076    NOEXIST::FUNCTION:
-EVP_add_alg_module                      4077    NOEXIST::FUNCTION:
+EVP_add_alg_module                      4077    EXIST::FUNCTION:
 int_RAND_init_engine_callbacks          4078    NOEXIST::FUNCTION:
 int_EVP_CIPHER_set_engine_callbacks     4079    NOEXIST::FUNCTION:
 int_EVP_MD_init_engine_callbacks        4080    NOEXIST::FUNCTION:
diff --git a/src/lib/libssl/src/util/mk1mf.pl b/src/lib/libssl/src/util/mk1mf.pl
index 458f830401..72fa089f6b 100644
--- a/src/lib/libssl/src/util/mk1mf.pl
+++ b/src/lib/libssl/src/util/mk1mf.pl
@@ -1222,7 +1222,7 @@ sub read_options
                                 }
                         }
                 }
-        elsif (/^([^=]*)=(.*)$/ && !/^-D/){ $VARS{$1}=$2; }
+        elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; }
         elsif (/^-[lL].*$/)     { $l_flags.="$_ "; }
         elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/)
                 { $c_flags.="$_ "; }
diff --git a/src/lib/libssl/src/util/pl/BC-32.pl b/src/lib/libssl/src/util/pl/BC-32.pl
index 1f1e13fb40..b41bb45e82 100644
--- a/src/lib/libssl/src/util/pl/BC-32.pl
+++ b/src/lib/libssl/src/util/pl/BC-32.pl
@@ -18,7 +18,7 @@ $out_def="out32";
 $tmp_def="tmp32";
 $inc_def="inc32";
 #enable max error messages, disable most common warnings
-$cflags="-DWIN32_LEAN_AND_MEAN -q -w-ccc -w-rch -w-pia -w-aus -w-par -w-inl  -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp -D_strnicmp=strnicmp ";
+$cflags="-DWIN32_LEAN_AND_MEAN -q -w-ccc -w-rch -w-pia -w-aus -w-par -w-inl  -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp -D_strnicmp=strnicmp -D_timeb=timeb -D_ftime=ftime ";
 if ($debug)
 {
     $cflags.="-Od -y -v -vi- -D_DEBUG";
@@ -38,7 +38,7 @@ $efile="";
 $exep='.exe';
 if ($no_sock)
         { $ex_libs=""; }
-else    { $ex_libs="cw32mt.lib import32.lib"; }
+else    { $ex_libs="cw32mt.lib import32.lib crypt32.lib ws2_32.lib"; }
 
 # static library stuff
 $mklib='tlib /P64';
@@ -51,8 +51,8 @@ $lfile='';
 $shlib_ex_obj="";
 $app_ex_obj="c0x32.obj"; 
 
-$asm='nasmw -f obj -d__omf__';
-$asm.=" /Zi" if $debug;
+$asm=(`nasm -v 2>NUL` ge `nasmw -v 2>NUL`?"nasm":"nasmw")." -f obj -d__omf__";
+$asm.=" -g" if $debug;
 $afile='-o';
 
 $bn_mulw_obj='';
diff --git a/src/lib/libssl/src/util/pl/VC-32.pl b/src/lib/libssl/src/util/pl/VC-32.pl
index c503bd52b9..3705fc73b7 100644
--- a/src/lib/libssl/src/util/pl/VC-32.pl
+++ b/src/lib/libssl/src/util/pl/VC-32.pl
@@ -27,6 +27,8 @@ $zlib_lib="zlib1.lib";
 $l_flags =~ s/-L("\[^"]+")/\/libpath:$1/g;
 $l_flags =~ s/-L(\S+)/\/libpath:$1/g;
 
+my $ff = "";
+
 # C compiler stuff
 $cc='cl';
 if ($FLAVOR =~ /WIN64/)
@@ -118,7 +120,7 @@ elsif ($FLAVOR =~ /CE/)
     $base_cflags.=' -I$(WCECOMPAT)/include'             if (defined($ENV{'WCECOMPAT'}));
     $base_cflags.=' -I$(PORTSDK_LIBPATH)/../../include' if (defined($ENV{'PORTSDK_LIBPATH'}));
     $opt_cflags=' /MC /O1i';    # optimize for space, but with intrinsics...
-    $dbg_clfags=' /MC /Od -DDEBUG -D_DEBUG';
+    $dbg_cflags=' /MC /Od -DDEBUG -D_DEBUG';
     $lflags="/nologo /opt:ref $wcelflag";
     }
 else    # Win32
@@ -126,6 +128,7 @@ else	# Win32
     $base_cflags= " $mf_cflag";
     my $f = $shlib || $fips ?' /MD':' /MT';
     $lib_cflag='/Zl' if (!$shlib);      # remove /DEFAULTLIBs from static lib
+    $ff = "/fixed";
     $opt_cflags=$f.' /Ox /O2 /Ob2';
     $dbg_cflags=$f.'d /Od -DDEBUG -D_DEBUG';
     $lflags="/nologo /subsystem:console /opt:ref";
@@ -318,7 +321,7 @@ sub do_lib_rule
                         $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";
                         $ret.="\tSET FIPS_TARGET=$target\n";
                         $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";
-                        $ret.="\t\$(FIPSLINK) \$(MLFLAGS) /map $base_arg $efile$target ";
+                        $ret.="\t\$(FIPSLINK) \$(MLFLAGS) $ff /map $base_arg $efile$target ";
                         $ret.="$name @<<\n  \$(SHLIB_EX_OBJ) $objs \$(EX_LIBS) ";
                         $ret.="\$(OBJ_D)${o}fips_premain.obj $ex\n<<\n";
                         }
@@ -355,7 +358,7 @@ sub do_link_rule
                 $ret.="\tSET FIPS_TARGET=$target\n";
                 $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";
                 $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";
-                $ret.="\t\$(FIPSLINK) \$(LFLAGS) /map $efile$target @<<\n";
+                $ret.="\t\$(FIPSLINK) \$(LFLAGS) $ff /map $efile$target @<<\n";
                 $ret.="\t\$(APP_EX_OBJ) $files \$(OBJ_D)${o}fips_premain.obj $libs\n<<\n";
                 }
         else
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 8b0c2a2dac..7219a0e64b 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -493,6 +493,9 @@ struct ssl_session_st
         char *psk_identity_hint;
         char *psk_identity;
 #endif
+        /* Used to indicate that session resumption is not allowed.
+         * Applications can also set this bit for a new session via
+         * not_resumable_session_cb to disable session caching and tickets. */
         int not_resumable;
 
         /* The cert is the certificate used to establish this connection */
@@ -535,7 +538,7 @@ struct ssl_session_st
 #endif /* OPENSSL_NO_EC */
         /* RFC4507 info */
         unsigned char *tlsext_tick;     /* Session ticket */
-        size_t  tlsext_ticklen;         /* Session ticket length */     
+        size_t tlsext_ticklen;          /* Session ticket length */
         long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
 #endif
 #ifndef OPENSSL_NO_SRP
@@ -552,11 +555,14 @@ struct ssl_session_st
 #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG         0x00000008L
 #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG              0x00000010L
 #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER               0x00000020L
-#define SSL_OP_MSIE_SSLV2_RSA_PADDING                   0x00000040L /* no effect since 0.9.7h and 0.9.8b */
+#define SSL_OP_SAFARI_ECDHE_ECDSA_BUG                   0x00000040L
 #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG                 0x00000080L
 #define SSL_OP_TLS_D5_BUG                               0x00000100L
 #define SSL_OP_TLS_BLOCK_PADDING_BUG                    0x00000200L
 
+/* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */
+#define SSL_OP_MSIE_SSLV2_RSA_PADDING                   0x0
+
 /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
  * in OpenSSL 0.9.6d.  Usually (depending on the application protocol)
  * the workaround is not needed.  Unfortunately some broken SSL/TLS
@@ -638,6 +644,12 @@ struct ssl_session_st
  * TLS only.)  "Released" buffers are put onto a free-list in the context
  * or just freed (depending on the context's setting for freelist_max_len). */
 #define SSL_MODE_RELEASE_BUFFERS 0x00000010L
+/* Send the current time in the Random fields of the ClientHello and
+ * ServerHello records for compatibility with hypothetical implementations
+ * that require it.
+ */
+#define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L
+#define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L
 
 /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
  * they cannot be used to clear bits. */
@@ -903,7 +915,7 @@ struct ssl_ctx_st
          */
         unsigned int max_send_fragment;
 
-#ifndef OPENSSL_ENGINE
+#ifndef OPENSSL_NO_ENGINE
         /* Engine to pass requests for client certs to
          */
         ENGINE *client_cert_engine;
@@ -927,6 +939,7 @@ struct ssl_ctx_st
         /* Callback for status request */
         int (*tlsext_status_cb)(SSL *ssl, void *arg);
         void *tlsext_status_arg;
+
         /* draft-rescorla-tls-opaque-prf-input-00.txt information */
         int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg);
         void *tlsext_opaque_prf_input_callback_arg;
@@ -952,6 +965,7 @@ struct ssl_ctx_st
 #endif
 
 #ifndef OPENSSL_NO_TLSEXT
+
 # ifndef OPENSSL_NO_NEXTPROTONEG
         /* Next protocol negotiation information */
         /* (for experimental NPN extension). */
@@ -2206,6 +2220,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL_GET_NEW_SESSION                        181
 #define SSL_F_SSL_GET_PREV_SESSION                       217
 #define SSL_F_SSL_GET_SERVER_SEND_CERT                   182
+#define SSL_F_SSL_GET_SERVER_SEND_PKEY                   317
 #define SSL_F_SSL_GET_SIGN_PKEY                          183
 #define SSL_F_SSL_INIT_WBIO_BUFFER                       184
 #define SSL_F_SSL_LOAD_CLIENT_CA_FILE                    185
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h
index 112e627de0..cb8b2492ec 100644
--- a/src/lib/libssl/ssl3.h
+++ b/src/lib/libssl/ssl3.h
@@ -539,6 +539,15 @@ typedef struct ssl3_state_st
         /* Set if we saw the Next Protocol Negotiation extension from our peer. */
         int next_proto_neg_seen;
 #endif
+
+#ifndef OPENSSL_NO_TLSEXT
+#ifndef OPENSSL_NO_EC
+        /* This is set to true if we believe that this is a version of Safari
+         * running on OS X 10.6 or newer. We wish to know this because Safari
+         * on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */
+        char is_probably_safari;
+#endif /* !OPENSSL_NO_EC */
+#endif /* !OPENSSL_NO_TLSEXT */
         } SSL3_STATE;
 
 #endif
@@ -578,8 +587,10 @@ typedef struct ssl3_state_st
 #define SSL3_ST_CW_CERT_VRFY_B          (0x191|SSL_ST_CONNECT)
 #define SSL3_ST_CW_CHANGE_A             (0x1A0|SSL_ST_CONNECT)
 #define SSL3_ST_CW_CHANGE_B             (0x1A1|SSL_ST_CONNECT)
+#ifndef OPENSSL_NO_NEXTPROTONEG
 #define SSL3_ST_CW_NEXT_PROTO_A         (0x200|SSL_ST_CONNECT)
 #define SSL3_ST_CW_NEXT_PROTO_B         (0x201|SSL_ST_CONNECT)
+#endif
 #define SSL3_ST_CW_FINISHED_A           (0x1B0|SSL_ST_CONNECT)
 #define SSL3_ST_CW_FINISHED_B           (0x1B1|SSL_ST_CONNECT)
 /* read from server */
@@ -629,8 +640,10 @@ typedef struct ssl3_state_st
 #define SSL3_ST_SR_CERT_VRFY_B          (0x1A1|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_CHANGE_A             (0x1B0|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_CHANGE_B             (0x1B1|SSL_ST_ACCEPT)
+#ifndef OPENSSL_NO_NEXTPROTONEG
 #define SSL3_ST_SR_NEXT_PROTO_A         (0x210|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_NEXT_PROTO_B         (0x211|SSL_ST_ACCEPT)
+#endif
 #define SSL3_ST_SR_FINISHED_A           (0x1C0|SSL_ST_ACCEPT)
 #define SSL3_ST_SR_FINISHED_B           (0x1C1|SSL_ST_ACCEPT)
 /* write to client */
@@ -655,7 +668,9 @@ typedef struct ssl3_state_st
 #define SSL3_MT_CLIENT_KEY_EXCHANGE             16
 #define SSL3_MT_FINISHED                        20
 #define SSL3_MT_CERTIFICATE_STATUS              22
+#ifndef OPENSSL_NO_NEXTPROTONEG
 #define SSL3_MT_NEXT_PROTO                      67
+#endif
 #define DTLS1_MT_HELLO_VERIFY_REQUEST    3
 
 
diff --git a/src/lib/libssl/ssl_algs.c b/src/lib/libssl/ssl_algs.c
index d443143c59..9c34d19725 100644
--- a/src/lib/libssl/ssl_algs.c
+++ b/src/lib/libssl/ssl_algs.c
@@ -94,6 +94,7 @@ int SSL_library_init(void)
         EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1());
         EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
 #endif
+
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
         EVP_add_cipher(EVP_camellia_128_cbc());
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
index 917be31876..5123a89182 100644
--- a/src/lib/libssl/ssl_cert.c
+++ b/src/lib/libssl/ssl_cert.c
@@ -164,14 +164,14 @@ static void ssl_cert_set_default_md(CERT *cert)
         {
         /* Set digest values to defaults */
 #ifndef OPENSSL_NO_DSA
-        cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_dss1();
+        cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1();
 #endif
 #ifndef OPENSSL_NO_RSA
         cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
         cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
 #endif
 #ifndef OPENSSL_NO_ECDSA
-        cert->pkeys[SSL_PKEY_ECC].digest = EVP_ecdsa();
+        cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
 #endif
         }
 
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index 92d1e94d6a..0aba8e048c 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -312,6 +312,7 @@ static const SSL_CIPHER cipher_aliases[]={
         {0,SSL_TXT_SSLV2,0,   0,0,0,0,SSL_SSLV2, 0,0,0,0},
         {0,SSL_TXT_SSLV3,0,   0,0,0,0,SSL_SSLV3, 0,0,0,0},
         {0,SSL_TXT_TLSV1,0,   0,0,0,0,SSL_TLSV1, 0,0,0,0},
+        {0,SSL_TXT_TLSV1_2,0, 0,0,0,0,SSL_TLSV1_2, 0,0,0,0},
 
         /* export flag */
         {0,SSL_TXT_EXP,0,     0,0,0,0,0,SSL_EXPORT,0,0,0},
@@ -1150,9 +1151,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
                         while ( ((ch >= 'A') && (ch <= 'Z')) ||
                                 ((ch >= '0') && (ch <= '9')) ||
                                 ((ch >= 'a') && (ch <= 'z')) ||
-                                 (ch == '-'))
+                                 (ch == '-') || (ch == '.'))
 #else
-                        while ( isalnum(ch) || (ch == '-'))
+                        while ( isalnum(ch) || (ch == '-') || (ch == '.'))
 #endif
                                  {
                                  ch = *(++l);
diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c
index 2577c6895a..370fb57e3b 100644
--- a/src/lib/libssl/ssl_err.c
+++ b/src/lib/libssl/ssl_err.c
@@ -228,6 +228,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION),   "SSL_GET_NEW_SESSION"},
 {ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION),  "SSL_GET_PREV_SESSION"},
 {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT),      "SSL_GET_SERVER_SEND_CERT"},
+{ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_PKEY),      "SSL_GET_SERVER_SEND_PKEY"},
 {ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY),     "SSL_GET_SIGN_PKEY"},
 {ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER),  "SSL_INIT_WBIO_BUFFER"},
 {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE),       "SSL_load_client_CA_file"},
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index c91f0018e4..f052deeb97 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -597,8 +597,10 @@ void SSL_free(SSL *s)
                 OPENSSL_free(s->next_proto_negotiated);
 #endif
 
+#ifndef OPENSSL_NO_SRTP
         if (s->srtp_profiles)
             sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
+#endif
 
         OPENSSL_free(s);
         }
@@ -1792,7 +1794,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
         CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
 
         ret->extra_certs=NULL;
-        ret->comp_methods=SSL_COMP_get_compression_methods();
+        /* No compression for DTLS */
+        if (meth->version != DTLS1_VERSION)
+                ret->comp_methods=SSL_COMP_get_compression_methods();
 
         ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
 
@@ -1949,8 +1953,10 @@ void SSL_CTX_free(SSL_CTX *a)
         a->comp_methods = NULL;
 #endif
 
+#ifndef OPENSSL_NO_SRTP
         if (a->srtp_profiles)
                 sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
+#endif
 
 #ifndef OPENSSL_NO_PSK
         if (a->psk_identity_hint)
@@ -2284,7 +2290,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
 #endif
 
 /* THIS NEEDS CLEANING UP */
-X509 *ssl_get_server_send_cert(SSL *s)
+CERT_PKEY *ssl_get_server_send_pkey(const SSL *s)
         {
         unsigned long alg_k,alg_a;
         CERT *c;
@@ -2339,12 +2345,20 @@ X509 *ssl_get_server_send_cert(SSL *s)
                 i=SSL_PKEY_GOST01;
         else /* if (alg_a & SSL_aNULL) */
                 {
-                SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,ERR_R_INTERNAL_ERROR);
+                SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY,ERR_R_INTERNAL_ERROR);
                 return(NULL);
                 }
-        if (c->pkeys[i].x509 == NULL) return(NULL);
 
-        return(c->pkeys[i].x509);
+        return c->pkeys + i;
+        }
+
+X509 *ssl_get_server_send_cert(const SSL *s)
+        {
+        CERT_PKEY *cpk;
+        cpk = ssl_get_server_send_pkey(s);
+        if (!cpk)
+                return NULL;
+        return cpk->x509;
         }
 
 EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher, const EVP_MD **pmd)
@@ -2605,7 +2619,7 @@ const char *SSL_get_version(const SSL *s)
                 return("TLSv1.2");
         else if (s->version == TLS1_1_VERSION)
                 return("TLSv1.1");
-        if (s->version == TLS1_VERSION)
+        else if (s->version == TLS1_VERSION)
                 return("TLSv1");
         else if (s->version == SSL3_VERSION)
                 return("SSLv3");
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index c3c4c21d38..e485907748 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -841,13 +841,15 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk);
 int ssl_undefined_function(SSL *s);
 int ssl_undefined_void_function(void);
 int ssl_undefined_const_function(const SSL *s);
-X509 *ssl_get_server_send_cert(SSL *);
+CERT_PKEY *ssl_get_server_send_pkey(const SSL *s);
+X509 *ssl_get_server_send_cert(const SSL *);
 EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *c, const EVP_MD **pmd);
 int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
 void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher);
 STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
 int ssl_verify_alarm_type(long type);
 void ssl_load_ciphers(void);
+int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len);
 
 int ssl2_enc_init(SSL *s, int client);
 int ssl2_generate_key_material(SSL *s);
@@ -1099,7 +1101,8 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d,
 int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
 int ssl_prepare_clienthello_tlsext(SSL *s);
 int ssl_prepare_serverhello_tlsext(SSL *s);
-int ssl_check_clienthello_tlsext(SSL *s);
+int ssl_check_clienthello_tlsext_early(SSL *s);
+int ssl_check_clienthello_tlsext_late(SSL *s);
 int ssl_check_serverhello_tlsext(SSL *s);
 
 #ifndef OPENSSL_NO_HEARTBEATS
diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c
index c0960b5712..60e7b66859 100644
--- a/src/lib/libssl/ssl_rsa.c
+++ b/src/lib/libssl/ssl_rsa.c
@@ -710,7 +710,7 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
 
         ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */
 
-        in=BIO_new(BIO_s_file_internal());
+        in = BIO_new(BIO_s_file_internal());
         if (in == NULL)
                 {
                 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB);
@@ -723,14 +723,16 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
                 goto end;
                 }
 
-        x=PEM_read_bio_X509_AUX(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
+        x=PEM_read_bio_X509_AUX(in,NULL,ctx->default_passwd_callback,
+                                ctx->default_passwd_callback_userdata);
         if (x == NULL)
                 {
                 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB);
                 goto end;
                 }
 
-        ret=SSL_CTX_use_certificate(ctx,x);
+        ret = SSL_CTX_use_certificate(ctx, x);
+
         if (ERR_peek_error() != 0)
                 ret = 0;  /* Key/certificate mismatch doesn't imply ret==0 ... */
         if (ret)
@@ -742,13 +744,15 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
                 int r;
                 unsigned long err;
                 
-                if (ctx->extra_certs != NULL) 
+                if (ctx->extra_certs != NULL)
                         {
                         sk_X509_pop_free(ctx->extra_certs, X509_free);
                         ctx->extra_certs = NULL;
                         }
 
-                while ((ca = PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata))
+                while ((ca = PEM_read_bio_X509(in, NULL,
+                                        ctx->default_passwd_callback,
+                                        ctx->default_passwd_callback_userdata))
                         != NULL)
                         {
                         r = SSL_CTX_add_extra_chain_cert(ctx, ca);
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 638405ec39..0c4cddedf8 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -361,7 +361,7 @@ int tls1_change_cipher_state(SSL *s, int which)
         {
         int i;
         for (i=0; i<s->s3->tmp.key_block_length; i++)
-                printf("%02x", key_block[i]);  printf("\n");
+                printf("%02x", s->s3->tmp.key_block[i]);  printf("\n");
         }
 #endif  /* KSSL_DEBUG */
 
@@ -427,7 +427,7 @@ int tls1_change_cipher_state(SSL *s, int which)
                         s->write_hash = mac_ctx;
                         }
                 else
-                       mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
+                        mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
 #ifndef OPENSSL_NO_COMP
                 if (s->compress != NULL)
                         {
@@ -929,8 +929,8 @@ int tls1_final_finish_mac(SSL *s,
                         else
                                 {
                                 if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) ||
-                                    !EVP_DigestFinal_ex(&ctx,q,&i) ||
-                                    (i != (unsigned int)hashsize))
+                                        !EVP_DigestFinal_ex(&ctx,q,&i) ||
+                                        (i != (unsigned int)hashsize))
                                         err = 1;
                                 q+=hashsize;
                                 }
@@ -986,7 +986,8 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
                 }
                 else
                 {
-                        EVP_MD_CTX_copy(&hmac,hash);
+                        if (!EVP_MD_CTX_copy(&hmac,hash))
+                                return -1;
                         mac_ctx = &hmac;
                 }
 
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index a649dafba9..bddffd92cc 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -342,19 +342,11 @@ static unsigned char tls12_sigalgs[] = {
 #ifndef OPENSSL_NO_SHA
         tlsext_sigalg(TLSEXT_hash_sha1)
 #endif
-#ifndef OPENSSL_NO_MD5
-        tlsext_sigalg_rsa(TLSEXT_hash_md5)
-#endif
 };
 
 int tls12_get_req_sig_algs(SSL *s, unsigned char *p)
         {
         size_t slen = sizeof(tls12_sigalgs);
-#ifdef OPENSSL_FIPS
-        /* If FIPS mode don't include MD5 which is last */
-        if (FIPS_mode())
-                slen -= 2;
-#endif
         if (p)
                 memcpy(p, tls12_sigalgs, slen);
         return (int)slen;
@@ -649,6 +641,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
                 }
 #endif
 
+#ifndef OPENSSL_NO_SRTP
         if(SSL_get_srtp_profiles(s))
                 {
                 int el;
@@ -667,6 +660,37 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
                         }
                 ret += el;
                 }
+#endif
+
+#ifdef TLSEXT_TYPE_padding
+        /* Add padding to workaround bugs in F5 terminators.
+         * See https://tools.ietf.org/html/draft-agl-tls-padding-03
+         *
+         * NB: because this code works out the length of all existing
+         * extensions it MUST always appear last.
+         */
+        {
+        int hlen = ret - (unsigned char *)s->init_buf->data;
+        /* The code in s23_clnt.c to build ClientHello messages includes the
+         * 5-byte record header in the buffer, while the code in s3_clnt.c does
+         * not. */
+        if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
+                hlen -= 5;
+        if (hlen > 0xff && hlen < 0x200)
+                {
+                hlen = 0x200 - hlen;
+                if (hlen >= 4)
+                        hlen -= 4;
+                else
+                        hlen = 0;
+
+                s2n(TLSEXT_TYPE_padding, ret);
+                s2n(hlen, ret);
+                memset(ret, 0, hlen);
+                ret += hlen;
+                }
+        }
+#endif
 
         if ((extdatalen = ret-p-2)== 0) 
                 return p;
@@ -781,6 +805,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
                 }
 #endif
 
+#ifndef OPENSSL_NO_SRTP
         if(s->srtp_profile)
                 {
                 int el;
@@ -799,6 +824,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
                         }
                 ret+=el;
                 }
+#endif
 
         if (((s->s3->tmp.new_cipher->id & 0xFFFF)==0x80 || (s->s3->tmp.new_cipher->id & 0xFFFF)==0x81) 
                 && (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG))
@@ -862,6 +888,89 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
         return ret;
         }
 
+#ifndef OPENSSL_NO_EC
+/* ssl_check_for_safari attempts to fingerprint Safari using OS X
+ * SecureTransport using the TLS extension block in |d|, of length |n|.
+ * Safari, since 10.6, sends exactly these extensions, in this order:
+ *   SNI,
+ *   elliptic_curves
+ *   ec_point_formats
+ *
+ * We wish to fingerprint Safari because they broke ECDHE-ECDSA support in 10.8,
+ * but they advertise support. So enabling ECDHE-ECDSA ciphers breaks them.
+ * Sadly we cannot differentiate 10.6, 10.7 and 10.8.4 (which work), from
+ * 10.8..10.8.3 (which don't work).
+ */
+static void ssl_check_for_safari(SSL *s, const unsigned char *data, const unsigned char *d, int n) {
+        unsigned short type, size;
+        static const unsigned char kSafariExtensionsBlock[] = {
+                0x00, 0x0a,  /* elliptic_curves extension */
+                0x00, 0x08,  /* 8 bytes */
+                0x00, 0x06,  /* 6 bytes of curve ids */
+                0x00, 0x17,  /* P-256 */
+                0x00, 0x18,  /* P-384 */
+                0x00, 0x19,  /* P-521 */
+
+                0x00, 0x0b,  /* ec_point_formats */
+                0x00, 0x02,  /* 2 bytes */
+                0x01,        /* 1 point format */
+                0x00,        /* uncompressed */
+        };
+
+        /* The following is only present in TLS 1.2 */
+        static const unsigned char kSafariTLS12ExtensionsBlock[] = {
+                0x00, 0x0d,  /* signature_algorithms */
+                0x00, 0x0c,  /* 12 bytes */
+                0x00, 0x0a,  /* 10 bytes */
+                0x05, 0x01,  /* SHA-384/RSA */
+                0x04, 0x01,  /* SHA-256/RSA */
+                0x02, 0x01,  /* SHA-1/RSA */
+                0x04, 0x03,  /* SHA-256/ECDSA */
+                0x02, 0x03,  /* SHA-1/ECDSA */
+        };
+
+        if (data >= (d+n-2))
+                return;
+        data += 2;
+
+        if (data > (d+n-4))
+                return;
+        n2s(data,type);
+        n2s(data,size);
+
+        if (type != TLSEXT_TYPE_server_name)
+                return;
+
+        if (data+size > d+n)
+                return;
+        data += size;
+
+        if (TLS1_get_client_version(s) >= TLS1_2_VERSION)
+                {
+                const size_t len1 = sizeof(kSafariExtensionsBlock);
+                const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock);
+
+                if (data + len1 + len2 != d+n)
+                        return;
+                if (memcmp(data, kSafariExtensionsBlock, len1) != 0)
+                        return;
+                if (memcmp(data + len1, kSafariTLS12ExtensionsBlock, len2) != 0)
+                        return;
+                }
+        else
+                {
+                const size_t len = sizeof(kSafariExtensionsBlock);
+
+                if (data + len != d+n)
+                        return;
+                if (memcmp(data, kSafariExtensionsBlock, len) != 0)
+                        return;
+                }
+
+        s->s3->is_probably_safari = 1;
+}
+#endif /* !OPENSSL_NO_EC */
+
 int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al)
         {
         unsigned short type;
@@ -882,6 +991,11 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                                SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
 #endif
 
+#ifndef OPENSSL_NO_EC
+        if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
+                ssl_check_for_safari(s, data, d, n);
+#endif /* !OPENSSL_NO_EC */
+
         if (data >= (d+n-2))
                 goto ri_check;
         n2s(data,len);
@@ -1077,7 +1191,8 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                         int ellipticcurvelist_length = (*(sdata++) << 8);
                         ellipticcurvelist_length += (*(sdata++));
 
-                        if (ellipticcurvelist_length != size - 2)
+                        if (ellipticcurvelist_length != size - 2 ||
+                                ellipticcurvelist_length < 1)
                                 {
                                 *al = TLS1_AD_DECODE_ERROR;
                                 return 0;
@@ -1176,7 +1291,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                                 }
                         }
                 else if (type == TLSEXT_TYPE_status_request &&
-                         s->version != DTLS1_VERSION && s->ctx->tlsext_status_cb)
+                         s->version != DTLS1_VERSION)
                         {
                 
                         if (size < 5) 
@@ -1328,12 +1443,14 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 #endif
 
                 /* session ticket processed earlier */
+#ifndef OPENSSL_NO_SRTP
                 else if (type == TLSEXT_TYPE_use_srtp)
-                        {
+                        {
                         if(ssl_parse_clienthello_use_srtp_ext(s, data, size,
                                                               al))
                                 return 0;
-                        }
+                        }
+#endif
 
                 data+=size;
                 }
@@ -1433,7 +1550,8 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                         unsigned char *sdata = data;
                         int ecpointformatlist_length = *(sdata++);
 
-                        if (ecpointformatlist_length != size - 1)
+                        if (ecpointformatlist_length != size - 1 || 
+                                ecpointformatlist_length < 1)
                                 {
                                 *al = TLS1_AD_DECODE_ERROR;
                                 return 0;
@@ -1527,7 +1645,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                         unsigned char selected_len;
 
                         /* We must have requested it. */
-                        if ((s->ctx->next_proto_select_cb == NULL))
+                        if (s->ctx->next_proto_select_cb == NULL)
                                 {
                                 *al = TLS1_AD_UNSUPPORTED_EXTENSION;
                                 return 0;
@@ -1577,12 +1695,14 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                                 }
                         }
 #endif
+#ifndef OPENSSL_NO_SRTP
                 else if (type == TLSEXT_TYPE_use_srtp)
-                        {
+                        {
                         if(ssl_parse_serverhello_use_srtp_ext(s, data, size,
                                                               al))
                                 return 0;
-                        }
+                        }
+#endif
 
                 data+=size;             
                 }
@@ -1763,7 +1883,7 @@ int ssl_prepare_serverhello_tlsext(SSL *s)
         return 1;
         }
 
-int ssl_check_clienthello_tlsext(SSL *s)
+int ssl_check_clienthello_tlsext_early(SSL *s)
         {
         int ret=SSL_TLSEXT_ERR_NOACK;
         int al = SSL_AD_UNRECOGNIZED_NAME;
@@ -1782,42 +1902,12 @@ int ssl_check_clienthello_tlsext(SSL *s)
         else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)             
                 ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);
 
-        /* If status request then ask callback what to do.
-         * Note: this must be called after servername callbacks in case 
-         * the certificate has changed.
-         */
-        if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb)
-                {
-                int r;
-                r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
-                switch (r)
-                        {
-                        /* We don't want to send a status request response */
-                        case SSL_TLSEXT_ERR_NOACK:
-                                s->tlsext_status_expected = 0;
-                                break;
-                        /* status request response should be sent */
-                        case SSL_TLSEXT_ERR_OK:
-                                if (s->tlsext_ocsp_resp)
-                                        s->tlsext_status_expected = 1;
-                                else
-                                        s->tlsext_status_expected = 0;
-                                break;
-                        /* something bad happened */
-                        case SSL_TLSEXT_ERR_ALERT_FATAL:
-                                ret = SSL_TLSEXT_ERR_ALERT_FATAL;
-                                al = SSL_AD_INTERNAL_ERROR;
-                                goto err;
-                        }
-                }
-        else
-                s->tlsext_status_expected = 0;
-
 #ifdef TLSEXT_TYPE_opaque_prf_input
         {
                 /* This sort of belongs into ssl_prepare_serverhello_tlsext(),
                  * but we might be sending an alert in response to the client hello,
-                 * so this has to happen here in ssl_check_clienthello_tlsext(). */
+                 * so this has to happen here in
+                 * ssl_check_clienthello_tlsext_early(). */
 
                 int r = 1;
         
@@ -1869,8 +1959,8 @@ int ssl_check_clienthello_tlsext(SSL *s)
                         }
         }
 
-#endif
  err:
+#endif
         switch (ret)
                 {
                 case SSL_TLSEXT_ERR_ALERT_FATAL:
@@ -1888,6 +1978,71 @@ int ssl_check_clienthello_tlsext(SSL *s)
                 }
         }
 
+int ssl_check_clienthello_tlsext_late(SSL *s)
+        {
+        int ret = SSL_TLSEXT_ERR_OK;
+        int al;
+
+        /* If status request then ask callback what to do.
+         * Note: this must be called after servername callbacks in case 
+         * the certificate has changed, and must be called after the cipher
+         * has been chosen because this may influence which certificate is sent
+         */
+        if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb)
+                {
+                int r;
+                CERT_PKEY *certpkey;
+                certpkey = ssl_get_server_send_pkey(s);
+                /* If no certificate can't return certificate status */
+                if (certpkey == NULL)
+                        {
+                        s->tlsext_status_expected = 0;
+                        return 1;
+                        }
+                /* Set current certificate to one we will use so
+                 * SSL_get_certificate et al can pick it up.
+                 */
+                s->cert->key = certpkey;
+                r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
+                switch (r)
+                        {
+                        /* We don't want to send a status request response */
+                        case SSL_TLSEXT_ERR_NOACK:
+                                s->tlsext_status_expected = 0;
+                                break;
+                        /* status request response should be sent */
+                        case SSL_TLSEXT_ERR_OK:
+                                if (s->tlsext_ocsp_resp)
+                                        s->tlsext_status_expected = 1;
+                                else
+                                        s->tlsext_status_expected = 0;
+                                break;
+                        /* something bad happened */
+                        case SSL_TLSEXT_ERR_ALERT_FATAL:
+                                ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+                                al = SSL_AD_INTERNAL_ERROR;
+                                goto err;
+                        }
+                }
+        else
+                s->tlsext_status_expected = 0;
+
+ err:
+        switch (ret)
+                {
+                case SSL_TLSEXT_ERR_ALERT_FATAL:
+                        ssl3_send_alert(s,SSL3_AL_FATAL,al); 
+                        return -1;
+
+                case SSL_TLSEXT_ERR_ALERT_WARNING:
+                        ssl3_send_alert(s,SSL3_AL_WARNING,al);
+                        return 1; 
+
+                default:
+                        return 1;
+                }
+        }
+
 int ssl_check_serverhello_tlsext(SSL *s)
         {
         int ret=SSL_TLSEXT_ERR_NOACK;
@@ -2189,7 +2344,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
         HMAC_Update(&hctx, etick, eticklen);
         HMAC_Final(&hctx, tick_hmac, NULL);
         HMAC_CTX_cleanup(&hctx);
-        if (timingsafe_bcmp(tick_hmac, etick + eticklen, mlen))
+        if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen))
                 return 2;
         /* Attempt to decrypt session data */
         /* Move p after IV to start of encrypted ticket, update length */
@@ -2319,14 +2474,6 @@ const EVP_MD *tls12_get_hash(unsigned char hash_alg)
         {
         switch(hash_alg)
                 {
-#ifndef OPENSSL_NO_MD5
-                case TLSEXT_hash_md5:
-#ifdef OPENSSL_FIPS
-                if (FIPS_mode())
-                        return NULL;
-#endif
-                return EVP_md5();
-#endif
 #ifndef OPENSSL_NO_SHA
                 case TLSEXT_hash_sha1:
                 return EVP_sha1();
@@ -2414,7 +2561,7 @@ int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
          */
 #ifndef OPENSSL_NO_DSA
         if (!c->pkeys[SSL_PKEY_DSA_SIGN].digest)
-                c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_dss1();
+                c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1();
 #endif
 #ifndef OPENSSL_NO_RSA
         if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest)
@@ -2425,7 +2572,7 @@ int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
 #endif
 #ifndef OPENSSL_NO_ECDSA
         if (!c->pkeys[SSL_PKEY_ECC].digest)
-                c->pkeys[SSL_PKEY_ECC].digest = EVP_ecdsa();
+                c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
 #endif
         return 1;
         }
diff --git a/src/lib/libssl/test/Makefile b/src/lib/libssl/test/Makefile
index 09e6848764..4c9eabcc21 100644
--- a/src/lib/libssl/test/Makefile
+++ b/src/lib/libssl/test/Makefile
@@ -246,7 +246,7 @@ test_ecdh:
 test_verify:
         @echo "The following command should have some OK's and some failures"
         @echo "There are definitly a few expired certificates"
-        ../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs ../certs/*.pem
+        ../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs/demo ../certs/demo/*.pem
 
 test_dh:
         @echo "Generate a set of DH parameters"
diff --git a/src/lib/libssl/test/bctest.com b/src/lib/libssl/test/bctest.com
deleted file mode 100644
index d7e5ec139e..0000000000
--- a/src/lib/libssl/test/bctest.com
+++ /dev/null
@@ -1,152 +0,0 @@
-$!
-$! Check operation of "bc".
-$!
-$! 2010-04-05 SMS.  New.  Based (loosely) on "bctest".
-$!
-$!
-$ tmp_file_name = "tmp.bctest"
-$ failure = ""
-$!
-$! Basic command test.
-$!
-$ on warning then goto bc_fail
-$ bc
-$ on error then exit
-$!
-$! Test for SunOS 5.[78] bc bug.
-$!
-$ if (failure .eqs. "")
-$ then
-$!
-$     define /user_mode sys$output 'tmp_file_name'
-$     bc
-obase=16
-ibase=16
-a=AD88C418F31B3FC712D0425001D522B3AE9134FF3A98C13C1FCC1682211195406C1A6C66C6A\
-CEEC1A0EC16950233F77F1C2F2363D56DD71A36C57E0B2511FC4BA8F22D261FE2E9356D99AF57\
-10F3817C0E05BF79C423C3F66FDF321BE8D3F18F625D91B670931C1EF25F28E489BDA1C5422D1\
-C3F6F7A1AD21585746ECC4F10A14A778AF56F08898E965E9909E965E0CB6F85B514150C644759\
-3BE731877B16EA07B552088FF2EA728AC5E0FF3A23EB939304519AB8B60F2C33D6BA0945B66F0\
-4FC3CADF855448B24A9D7640BCF473E
-b=DCE91E7D120B983EA9A104B5A96D634DD644C37657B1C7860B45E6838999B3DCE5A555583C6\
-9209E41F413422954175A06E67FFEF6746DD652F0F48AEFECC3D8CAC13523BDAAD3F5AF4212BD\
-8B3CD64126E1A82E190228020C05B91C8B141F1110086FC2A4C6ED631EBA129D04BB9A19FC53D\
-3ED0E2017D60A68775B75481449
-(a/b)*b + (a%b) - a
-$     status = $status
-$     output_expected = "0"
-$     gosub check_output
-$     if (output .ne. 1)
-$     then
-$         failure = "SunOStest"
-$     else
-$         delete 'f$parse( tmp_file_name)'
-$     endif
-$ endif
-$!
-$! Test for SCO bc bug.
-$!
-$ if (failure .eqs. "")
-$ then
-$!
-$     define /user_mode sys$output 'tmp_file_name'
-$     bc
-obase=16
-ibase=16
--FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4AEC6F15AC177F176F2274D2\
-9DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7F5ADFACEE54573F5D256A06\
-11B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99FB9812A0E4A5773D8B254117\
-1239157EC6E3D8D50199 * -FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4\
-AEC6F15AC177F176F2274D29DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7\
-F5ADFACEE54573F5D256A0611B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99F\
-B9812A0E4A5773D8B2541171239157EC6E3D8D50199 - FFBACC221682DA464B6D7F123482522\
-02EDAEDCA38C3B69E9B7BBCD6165A9CD8716C4903417F23C09A85B851961F92C217258CEEB866\
-85EFCC5DD131853A02C07A873B8E2AF2E40C6D5ED598CD0E8F35AD49F3C3A17FDB7653E4E2DC4\
-A8D23CC34686EE4AD01F7407A7CD74429AC6D36DBF0CB6A3E302D0E5BDFCD048A3B90C1BE5AA8\
-E16C3D5884F9136B43FF7BB443764153D4AEC176C681B078F4CC53D6EB6AB76285537DDEE7C18\
-8C72441B52EDBDDBC77E02D34E513F2AABF92F44109CAFE8242BD0ECBAC5604A94B02EA44D43C\
-04E9476E6FBC48043916BFA1485C6093603600273C9C33F13114D78064AE42F3DC466C7DA543D\
-89C8D71
-AD534AFBED2FA39EE9F40E20FCF9E2C861024DB98DDCBA1CD118C49CA55EEBC20D6BA51B2271C\
-928B693D6A73F67FEB1B4571448588B46194617D25D910C6A9A130CC963155CF34079CB218A44\
-8A1F57E276D92A33386DDCA3D241DB78C8974ABD71DD05B0FA555709C9910D745185E6FE108E3\
-37F1907D0C56F8BFBF52B9704 % -E557905B56B13441574CAFCE2BD257A750B1A8B2C88D0E36\
-E18EF7C38DAC80D3948E17ED63AFF3B3467866E3B89D09A81B3D16B52F6A3C7134D3C6F5123E9\
-F617E3145BBFBE9AFD0D6E437EA4FF6F04BC67C4F1458B4F0F47B64 - 1C2BBBB19B74E86FD32\
-9E8DB6A8C3B1B9986D57ED5419C2E855F7D5469E35E76334BB42F4C43E3F3A31B9697C171DAC4\
-D97935A7E1A14AD209D6CF811F55C6DB83AA9E6DFECFCD6669DED7171EE22A40C6181615CAF3F\
-5296964
-$     status = $status
-$     output_expected = "0\0"
-$     gosub check_output
-$     if (output .ne. 1)
-$     then
-$         failure = "SCOtest"
-$     else
-$         delete 'f$parse( tmp_file_name)'
-$     endif
-$ endif
-$!
-$! Test for working 'print' command.
-$!
-$ if (failure .eqs. "")
-$ then
-$!
-$     define /user_mode sys$output 'tmp_file_name'
-$     bc
-print "OK"
-$     status = $status
-$     output_expected = "OK"
-$     gosub check_output
-$     if (output .ne. 1)
-$     then
-$         failure = "printtest"
-$     else
-$         delete 'f$parse( tmp_file_name)'
-$     endif
-$ endif
-$!
-$ if (failure .nes. "")
-$ then
-$     write sys$output -
-       "No working bc found.  Consider installing GNU bc."
-$     exit %X00030000 ! %DCL-W-NORMAL
-$ endif
-$!
-$ exit
-$!
-$!
-$! Complete "bc" command failure.
-$!
-$ bc_fail:
-$ write sys$output -
-   "No ""bc"" program/symbol found.  Consider installing GNU bc."
-$ exit %X00030000 ! %DCL-W-NORMAL
-$!
-$!
-$! Output check subroutine.
-$!
-$ check_output:
-$     eof = 0
-$     line_nr = 0
-$     open /read tmp_file 'tmp_file_name'
-$     c_o_loop:
-$         read /error = error_read tmp_file line
-$         goto ok_read
-$         error_read:
-$         eof = 1
-$         ok_read:
-$         line_expected = f$element( line_nr, "\", output_expected)
-$         line_nr = line_nr+ 1
-$     if ((line_expected .nes. "\") .and. (.not. eof) .and. -
-       (line_expected .eqs. line)) then goto c_o_loop
-$!
-$     if ((line_expected .eqs. "\") .and. eof)
-$     then
-$         output = 1
-$     else
-$         output = 0
-$     endif
-$     close tmp_file
-$ return
-$!
diff --git a/src/lib/libssl/test/bntest.com b/src/lib/libssl/test/bntest.com
deleted file mode 100644
index 6545d2e5a5..0000000000
--- a/src/lib/libssl/test/bntest.com
+++ /dev/null
@@ -1,76 +0,0 @@
-$!
-$! Analyze bntest output file.
-$!
-$! Exit status = 1 (success) if all tests passed,
-$!               0 (warning) if any test failed.
-$!
-$! 2011-02-20 SMS.  Added code to skip "#" comments in the input file.
-$!
-$! 2010-04-05 SMS.  New.  Based (loosely) on perl code in bntest-vms.sh.
-$!
-$!                  Expect data like:
-$!                        test test_name1
-$!                        0
-$!                        [...]
-$!                        test test_name2
-$!                        0
-$!                        [...]
-$!                        [...]
-$!
-$!                  Some tests have no following "0" lines.
-$!
-$ result_file_name = f$edit( p1, "TRIM")
-$ if (result_file_name .eqs. "")
-$ then
-$     result_file_name = "bntest-vms.out"
-$ endif
-$!
-$ fail = 0
-$ passed = 0
-$ tests = 0
-$!
-$ on control_c then goto tidy
-$ on error then goto tidy
-$!
-$ open /read result_file 'result_file_name'
-$!
-$ read_loop:
-$     read /end = read_loop_end /error = tidy result_file line
-$     t1 = f$element( 0, " ", line)
-$!
-$!    Skip "#" comment lines.
-$     if (f$extract( 0, 1, f$edit( line, "TRIM")) .eqs. "#") then -
-       goto read_loop
-$!
-$     if (t1 .eqs. "test")
-$     then
-$         passed = passed+ 1
-$         tests = tests+ 1
-$         fail = 1
-$         t2 = f$extract( 5, 1000, line)
-$         write sys$output "verify ''t2'"
-$     else
-$         if (t1 .nes. "0")
-$         then
-$             write sys$output "Failed! bc: ''line'"
-$             passed = passed- fail
-$             fail = 0
-$         endif
-$     endif
-$ goto read_loop
-$ read_loop_end:
-$ write sys$output "''passed'/''tests' tests passed"
-$!
-$ tidy:
-$ if f$trnlnm( "result_file", "LNM$PROCESS_TABLE", , "SUPERVISOR", , "CONFINE")
-$ then
-$     close result_file
-$ endif
-$!
-$ if ((tests .gt. 0) .and. (tests .eq. passed))
-$ then
-$    exit 1
-$ else
-$    exit 0
-$ endif
-$!
diff --git a/src/lib/libssl/test/clean_test.com b/src/lib/libssl/test/clean_test.com
deleted file mode 100755
index 7df633fbef..0000000000
--- a/src/lib/libssl/test/clean_test.com
+++ /dev/null
@@ -1,35 +0,0 @@
-$!
-$! Delete various test results files.
-$!
-$ def_orig = f$environment( "default")
-$ proc = f$environment( "procedure")
-$ proc_dev_dir = f$parse( "A.;", proc) - "A.;"
-$!
-$ on control_c then goto tidy
-$ on error then goto tidy
-$!
-$ set default 'proc_dev_dir'
-$!
-$ files := *.cms;*, *.srl;*, *.ss;*, -
-   cms.err;*, cms.out;*, newreq.pem;*, -
-   p.txt-zlib-cipher;*, -
-   smtst.txt;*, testkey.pem;*, testreq.pem;*, -
-   test_*.err;*, test_*.out;*, -
-   .rnd;*
-$!
-$ delim = ","
-$ i = 0
-$ loop:
-$    file = f$edit( f$element( i, delim, files), "trim")
-$    if (file .eqs. delim) then goto loop_end
-$    if (f$search( file) .nes. "") then -
-      delete 'p1' 'file'
-$    i = i+ 1
-$ goto loop
-$ loop_end:
-$!
-$ tidy:
-$ 
-$ if (f$type( def_orig) .nes. "") then -
-   set default 'def_orig'
-$!
diff --git a/src/lib/libssl/test/maketests.com b/src/lib/libssl/test/maketests.com
deleted file mode 100644
index 9b64cba234..0000000000
--- a/src/lib/libssl/test/maketests.com
+++ /dev/null
@@ -1,1087 +0,0 @@
-$!
-$!  MAKETESTS.COM
-$!  Written By:  Robert Byer
-$!               Vice-President
-$!               A-Com Computing, Inc.
-$!               byer@mail.all-net.net
-$!
-$!  Changes by Richard Levitte <richard@levitte.org>
-$!
-$!  This command files compiles and creates all the various different
-$!  "test" programs for the different types of encryption for OpenSSL.
-$!  It was written so it would try to determine what "C" compiler to
-$!  use or you can specify which "C" compiler to use.
-$!
-$!  The test "executables" will be placed in a directory called
-$!  [.xxx.EXE.TEST] where "xxx" denotes ALPHA, IA64, or VAX, depending
-$!  on your machine architecture.
-$!
-$!  Specify DEBUG or NODEBUG P1 to compile with or without debugger
-$!  information.
-$!
-$!  Specify which compiler at P2 to try to compile under.
-$!
-$!         VAXC  For VAX C.
-$!         DECC  For DEC C.
-$!         GNUC  For GNU C.
-$!
-$!  If you don't specify a compiler, it will try to determine which
-$!  "C" compiler to use.
-$!
-$!  P3, if defined, sets a TCP/IP library to use, through one of the following
-$!  keywords:
-$!
-$!      UCX             for UCX
-$!      SOCKETSHR       for SOCKETSHR+NETLIB
-$!
-$!  P4, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
-$!
-$!
-$!  P5, if defined, specifies the C pointer size.  Ignored on VAX.
-$!      ("64=ARGV" gives more efficient code with HP C V7.3 or newer.)
-$!      Supported values are:
-$!
-$!      ""       Compile with default (/NOPOINTER_SIZE)
-$!      32       Compile with /POINTER_SIZE=32 (SHORT)
-$!      64       Compile with /POINTER_SIZE=64[=ARGV] (LONG[=ARGV])
-$!               (Automatically select ARGV if compiler supports it.)
-$!      64=      Compile with /POINTER_SIZE=64 (LONG).
-$!      64=ARGV  Compile with /POINTER_SIZE=64=ARGV (LONG=ARGV).
-$!
-$!  P6, if defined, specifies a directory where ZLIB files (zlib.h,
-$!  libz.olb) may be found.  Optionally, a non-default object library
-$!  name may be included ("dev:[dir]libz_64.olb", for example).
-$!
-$!
-$! Announce/identify.
-$!
-$ proc = f$environment( "procedure")
-$ write sys$output "@@@ "+ -
-   f$parse( proc, , , "name")+ f$parse( proc, , , "type")
-$!
-$! Define A TCP/IP Library That We Will Need To Link To.
-$! (That is, If We Need To Link To One.)
-$!
-$ TCPIP_LIB = ""
-$ ZLIB_LIB = ""
-$!
-$! Check Which Architecture We Are Using.
-$!
-$ if (f$getsyi( "cpu") .lt. 128)
-$ then
-$    ARCH = "VAX"
-$ else
-$    ARCH = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$    if (ARCH .eqs. "") then ARCH = "UNK"
-$ endif
-$!
-$ ARCHD = ARCH
-$ LIB32 = "32"
-$ OPT_FILE = ""
-$ POINTER_SIZE = ""
-$!
-$! Check To Make Sure We Have Valid Command Line Parameters.
-$!
-$ GOSUB CHECK_OPTIONS
-$!
-$! Define The OBJ and EXE Directories.
-$!
-$ OBJ_DIR := SYS$DISK:[-.'ARCHD'.OBJ.TEST]
-$ EXE_DIR := SYS$DISK:[-.'ARCHD'.EXE.TEST]
-$!
-$! Specify the destination directory in any /MAP option.
-$!
-$ if (LINKMAP .eqs. "MAP")
-$ then
-$   LINKMAP = LINKMAP+ "=''EXE_DIR'"
-$ endif
-$!
-$! Add the location prefix to the linker options file name.
-$!
-$ if (OPT_FILE .nes. "")
-$ then
-$   OPT_FILE = EXE_DIR+ OPT_FILE
-$ endif
-$!
-$! Initialise logical names and such
-$!
-$ GOSUB INITIALISE
-$!
-$! Tell The User What Kind of Machine We Run On.
-$!
-$ WRITE SYS$OUTPUT "Host system architecture: ''ARCHD'"
-$!
-$! Define The CRYPTO-LIB We Are To Use.
-$!
-$ CRYPTO_LIB := SYS$DISK:[-.'ARCHD'.EXE.CRYPTO]SSL_LIBCRYPTO'LIB32'.OLB
-$!
-$! Define The SSL We Are To Use.
-$!
-$ SSL_LIB := SYS$DISK:[-.'ARCHD'.EXE.SSL]SSL_LIBSSL'LIB32'.OLB
-$!
-$! Create the OBJ and EXE Directories, if needed.
-$!
-$ IF (F$PARSE(OBJ_DIR).EQS."") THEN -
-   CREATE /DIRECTORY 'OBJ_DIR'
-$ IF (F$PARSE(EXE_DIR).EQS."") THEN -
-   CREATE /DIRECTORY 'EXE_DIR'
-$!
-$! Check To See If We Have The Proper Libraries.
-$!
-$ GOSUB LIB_CHECK
-$!
-$! Check To See If We Have A Linker Option File.
-$!
-$ GOSUB CHECK_OPT_FILE
-$!
-$! Define The TEST Files.
-$! NOTE: Some might think this list ugly.  However, it's made this way to
-$! reflect the EXE variable in Makefile as closely as possible,
-$! thereby making it fairly easy to verify that the lists are the same.
-$!
-$ TEST_FILES = "BNTEST,ECTEST,ECDSATEST,ECDHTEST,IDEATEST,"+ -
-               "MD2TEST,MD4TEST,MD5TEST,HMACTEST,WP_TEST,"+ -
-               "RC2TEST,RC4TEST,RC5TEST,"+ -
-               "DESTEST,SHATEST,SHA1TEST,SHA256T,SHA512T,"+ -
-               "MDC2TEST,RMDTEST,"+ -
-               "RANDTEST,DHTEST,ENGINETEST,"+ -
-               "BFTEST,CASTTEST,SSLTEST,EXPTEST,DSATEST,RSA_TEST,"+ -
-               "EVP_TEST,IGETEST,JPAKETEST,SRPTEST,"+ -
-               "ASN1TEST"
-$! Should we add MTTEST,PQ_TEST,LH_TEST,DIVTEST,TABTEST as well?
-$!
-$! Additional directory information.
-$ T_D_BNTEST     := [-.crypto.bn]
-$ T_D_ECTEST     := [-.crypto.ec]
-$ T_D_ECDSATEST  := [-.crypto.ecdsa]
-$ T_D_ECDHTEST   := [-.crypto.ecdh]
-$ T_D_IDEATEST   := [-.crypto.idea]
-$ T_D_MD2TEST    := [-.crypto.md2]
-$ T_D_MD4TEST    := [-.crypto.md4]
-$ T_D_MD5TEST    := [-.crypto.md5]
-$ T_D_HMACTEST   := [-.crypto.hmac]
-$ T_D_WP_TEST    := [-.crypto.whrlpool]
-$ T_D_RC2TEST    := [-.crypto.rc2]
-$ T_D_RC4TEST    := [-.crypto.rc4]
-$ T_D_RC5TEST    := [-.crypto.rc5]
-$ T_D_DESTEST    := [-.crypto.des]
-$ T_D_SHATEST    := [-.crypto.sha]
-$ T_D_SHA1TEST   := [-.crypto.sha]
-$ T_D_SHA256T    := [-.crypto.sha]
-$ T_D_SHA512T    := [-.crypto.sha]
-$ T_D_MDC2TEST   := [-.crypto.mdc2]
-$ T_D_RMDTEST    := [-.crypto.ripemd]
-$ T_D_RANDTEST   := [-.crypto.rand]
-$ T_D_DHTEST     := [-.crypto.dh]
-$ T_D_ENGINETEST := [-.crypto.engine]
-$ T_D_BFTEST     := [-.crypto.bf]
-$ T_D_CASTTEST   := [-.crypto.cast]
-$ T_D_SSLTEST    := [-.ssl]
-$ T_D_EXPTEST    := [-.crypto.bn]
-$ T_D_DSATEST    := [-.crypto.dsa]
-$ T_D_RSA_TEST   := [-.crypto.rsa]
-$ T_D_EVP_TEST   := [-.crypto.evp]
-$ T_D_IGETEST    := [-.test]
-$ T_D_JPAKETEST  := [-.crypto.jpake]
-$ T_D_SRPTEST    := [-.crypto.srp]
-$ T_D_ASN1TEST   := [-.test]
-$!
-$ TCPIP_PROGRAMS = ",,"
-$ IF COMPILER .EQS. "VAXC" THEN -
-     TCPIP_PROGRAMS = ",SSLTEST,"
-$!
-$! Define A File Counter And Set It To "0".
-$!
-$ FILE_COUNTER = 0
-$!
-$! Top Of The File Loop.
-$!
-$ NEXT_FILE:
-$!
-$! O.K, Extract The File Name From The File List.
-$!
-$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",TEST_FILES)
-$!
-$! Check To See If We Are At The End Of The File List.
-$!
-$ IF (FILE_NAME.EQS.",") THEN GOTO FILE_DONE
-$!
-$! Increment The Counter.
-$!
-$ FILE_COUNTER = FILE_COUNTER + 1
-$!
-$! Create The Source File Name.
-$!
-$ SOURCE_FILE = "SYS$DISK:" + T_D_'FILE_NAME' + FILE_NAME + ".C"
-$!
-$! Create The Object File Name.
-$!
-$ OBJECT_FILE = OBJ_DIR + FILE_NAME + ".OBJ"
-$!
-$! Create The Executable File Name.
-$!
-$ EXE_FILE = EXE_DIR + FILE_NAME + ".EXE"
-$ ON WARNING THEN GOTO NEXT_FILE
-$!
-$! Check To See If The File We Want To Compile Actually Exists.
-$!
-$ IF (F$SEARCH(SOURCE_FILE).EQS."")
-$ THEN
-$!
-$!  Tell The User That The File Dosen't Exist.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Dosen't Exist."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Exit The Build.
-$!
-$   GOTO EXIT
-$ ENDIF
-$!
-$! Tell The User What We Are Building.
-$!
-$ WRITE SYS$OUTPUT "Building The ",FILE_NAME," Test Program."
-$!
-$! Compile The File.
-$!
-$ ON ERROR THEN GOTO NEXT_FILE
-$ CC /OBJECT='OBJECT_FILE' 'SOURCE_FILE'
-$ ON WARNING THEN GOTO NEXT_FILE
-$!
-$! Check If What We Are About To Compile Works Without A TCP/IP Library.
-$!
-$ IF ((TCPIP_LIB.EQS."").AND.((TCPIP_PROGRAMS-FILE_NAME).NES.TCPIP_PROGRAMS))
-$ THEN
-$!
-$!  Inform The User That A TCP/IP Library Is Needed To Compile This Program.
-$!
-$   WRITE SYS$OUTPUT -
-          FILE_NAME," Needs A TCP/IP Library.  Can't Link.  Skipping..."
-$   GOTO NEXT_FILE
-$!
-$! End The TCP/IP Library Check.
-$!
-$ ENDIF
-$!
-$! Link The Program, Check To See If We Need To Link With RSAREF Or Not.
-$! Check To See If We Are To Link With A Specific TCP/IP Library.
-$!
-$!  Don't Link With The RSAREF Routines And TCP/IP Library.
-$!
-$ LINK /'DEBUGGER' /'LINKMAP' /'TRACEBACK' /EXECTABLE = 'EXE_FILE' -
-   'OBJECT_FILE', -
-   'SSL_LIB' /LIBRARY, -
-   'CRYPTO_LIB' /LIBRARY -
-   'TCPIP_LIB' -
-   'ZLIB_LIB' -
-   ,'OPT_FILE' /OPTIONS
-$!
-$! Go Back And Do It Again.
-$!
-$ GOTO NEXT_FILE
-$!
-$! All Done With This Library Part.
-$!
-$ FILE_DONE:
-$!
-$! All Done, Time To Exit.
-$!
-$ EXIT:
-$ GOSUB CLEANUP
-$ EXIT
-$!
-$! Check For The Link Option FIle.
-$!
-$ CHECK_OPT_FILE:
-$!
-$! Check To See If We Need To Make A VAX C Option File.
-$!
-$ IF (COMPILER.EQS."VAXC")
-$ THEN
-$!
-$!  Check To See If We Already Have A VAX C Linker Option File.
-$!
-$   IF (F$SEARCH(OPT_FILE).EQS."")
-$   THEN
-$!
-$!    We Need A VAX C Linker Option File.
-$!
-$     CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File To Link Against 
-! The Sharable VAX C Runtime Library.
-!
-SYS$SHARE:VAXCRTL.EXE /SHAREABLE
-$EOD
-$!
-$!  End The Option File Check.
-$!
-$   ENDIF
-$!
-$! End The VAXC Check.
-$!
-$ ENDIF
-$!
-$! Check To See If We Need A GNU C Option File.
-$!
-$ IF (COMPILER.EQS."GNUC")
-$ THEN
-$!
-$!  Check To See If We Already Have A GNU C Linker Option File.
-$!
-$   IF (F$SEARCH(OPT_FILE).EQS."")
-$   THEN
-$!
-$!    We Need A GNU C Linker Option File.
-$!
-$     CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File To Link Against 
-! The Sharable C Runtime Library.
-!
-GNU_CC:[000000]GCCLIB.OLB /LIBRARY
-SYS$SHARE:VAXCRTL.EXE /SHAREABLE
-$EOD
-$!
-$!  End The Option File Check.
-$!
-$   ENDIF
-$!
-$! End The GNU C Check.
-$!
-$ ENDIF
-$!
-$! Check To See If We Need A DEC C Option File.
-$!
-$ IF (COMPILER.EQS."DECC")
-$ THEN
-$!
-$!  Check To See If We Already Have A DEC C Linker Option File.
-$!
-$   IF (F$SEARCH(OPT_FILE).EQS."")
-$   THEN
-$!
-$!    Figure Out If We Need A non-VAX Or A VAX Linker Option File.
-$!
-$     IF (ARCH.EQS."VAX")
-$     THEN
-$!
-$!      We Need A DEC C Linker Option File For VAX.
-$!
-$       CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File To Link Against 
-! The Sharable DEC C Runtime Library.
-!
-SYS$SHARE:DECC$SHR.EXE /SHAREABLE
-$EOD
-$!
-$!    Else...
-$!
-$     ELSE
-$!
-$!      Create The non-VAX Linker Option File.
-$!
-$       CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File For non-VAX To Link Against 
-! The Sharable C Runtime Library.
-!
-SYS$SHARE:CMA$OPEN_LIB_SHR.EXE /SHAREABLE
-SYS$SHARE:CMA$OPEN_RTL.EXE /SHAREABLE
-$EOD
-$!
-$!    End The DEC C Option File Check.
-$!
-$     ENDIF
-$!
-$!  End The Option File Search.
-$!
-$   ENDIF
-$!
-$! End The DEC C Check.
-$!
-$ ENDIF
-$!
-$!  Tell The User What Linker Option File We Are Using.
-$!
-$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"."     
-$!
-$! Time To RETURN.
-$!
-$ RETURN
-$!
-$! Check To See If We Have The Appropiate Libraries.
-$!
-$ LIB_CHECK:
-$!
-$! Look For The Library LIBCRYPTO.OLB.
-$!
-$ IF (F$SEARCH(CRYPTO_LIB).EQS."")
-$ THEN
-$!
-$!  Tell The User We Can't Find The LIBCRYPTO.OLB Library.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "Can't Find The Library ",CRYPTO_LIB,"."
-$   WRITE SYS$OUTPUT "We Can't Link Without It."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Since We Can't Link Without It, Exit.
-$!
-$   EXIT
-$!
-$! End The Crypto Library Check.
-$!
-$ ENDIF
-$!
-$! Look For The Library LIBSSL.OLB.
-$!
-$ IF (F$SEARCH(SSL_LIB).EQS."")
-$ THEN
-$!
-$!  Tell The User We Can't Find The LIBSSL.OLB Library.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "Can't Find The Library ",SSL_LIB,"."
-$   WRITE SYS$OUTPUT "Some Of The Test Programs Need To Link To It."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Since We Can't Link Without It, Exit.
-$!
-$   EXIT
-$!
-$! End The SSL Library Check.
-$!
-$ ENDIF
-$!
-$! Time To Return.
-$!
-$ RETURN
-$!
-$! Check The User's Options.
-$!
-$ CHECK_OPTIONS:
-$!
-$! Set basic C compiler /INCLUDE directories.
-$!
-$ CC_INCLUDES = "SYS$DISK:[-],SYS$DISK:[-.CRYPTO]"
-$!
-$! Check To See If P1 Is Blank.
-$!
-$ IF (P1.EQS."NODEBUG")
-$ THEN
-$!
-$!  P1 Is NODEBUG, So Compile Without Debugger Information.
-$!
-$   DEBUGGER  = "NODEBUG"
-$   LINKMAP = "NOMAP"
-$   TRACEBACK = "NOTRACEBACK" 
-$   GCC_OPTIMIZE = "OPTIMIZE"
-$   CC_OPTIMIZE = "OPTIMIZE"
-$   WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
-$   WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$!  Check To See If We Are To Compile With Debugger Information.
-$!
-$   IF (P1.EQS."DEBUG")
-$   THEN
-$!
-$!    Compile With Debugger Information.
-$!
-$     DEBUGGER  = "DEBUG"
-$     LINKMAP = "MAP"
-$     TRACEBACK = "TRACEBACK"
-$     GCC_OPTIMIZE = "NOOPTIMIZE"
-$     CC_OPTIMIZE = "NOOPTIMIZE"
-$     WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile."
-$     WRITE SYS$OUTPUT "Compiling Without Compiler Optimization."
-$!
-$!  Else...
-$!
-$   ELSE
-$!
-$!    Tell The User Entered An Invalid Option.
-$!
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "The Option ",P1," Is Invalid.  The Valid Options Are:"
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "    DEBUG    :  Compile With The Debugger Information."
-$     WRITE SYS$OUTPUT "    NODEBUG  :  Compile Without The Debugger Information."
-$     WRITE SYS$OUTPUT ""
-$!
-$!    Time To EXIT.
-$!
-$     EXIT
-$!
-$!  End The Valid Argument Check.
-$!
-$   ENDIF
-$!
-$! End The P1 Check.
-$!
-$ ENDIF
-$!
-$! Check P5 (POINTER_SIZE).
-$!
-$ IF (P5 .NES. "") .AND. (ARCH .NES. "VAX")
-$ THEN
-$!
-$   IF (P5 .EQS. "32")
-$   THEN
-$     POINTER_SIZE = " /POINTER_SIZE=32"
-$   ELSE
-$     POINTER_SIZE = F$EDIT( P5, "COLLAPSE, UPCASE")
-$     IF ((POINTER_SIZE .EQS. "64") .OR. -
-       (POINTER_SIZE .EQS. "64=") .OR. -
-       (POINTER_SIZE .EQS. "64=ARGV"))
-$     THEN
-$       ARCHD = ARCH+ "_64"
-$       LIB32 = ""
-$       IF (F$EXTRACT( 2, 1, POINTER_SIZE) .EQS. "=")
-$       THEN
-$!        Explicit user choice: "64" or "64=ARGV".
-$         IF (POINTER_SIZE .EQS. "64=") THEN POINTER_SIZE = "64"
-$       ELSE
-$         SET NOON
-$         DEFINE /USER_MODE SYS$OUTPUT NL:
-$         DEFINE /USER_MODE SYS$ERROR NL:
-$         CC /NOLIST /NOOBJECT /POINTER_SIZE=64=ARGV NL:
-$         IF ($STATUS .AND. %X0FFF0000) .EQ. %X00030000
-$         THEN
-$           ! If we got here, it means DCL complained like this:
-$           ! %DCL-W-NOVALU, value not allowed - remove value specification
-$           !  \64=\
-$           !
-$           ! If the compiler was run, logicals defined in /USER would
-$           ! have been deassigned automatically.  However, when DCL
-$           ! complains, they aren't, so we do it here (it might be
-$           ! unnecessary, but just in case there will be another error
-$           ! message further on that we don't want to miss)
-$           DEASSIGN /USER_MODE SYS$ERROR
-$           DEASSIGN /USER_MODE SYS$OUTPUT
-$         ELSE
-$           POINTER_SIZE = POINTER_SIZE + "=ARGV"
-$         ENDIF
-$         SET ON
-$       ENDIF
-$       POINTER_SIZE = " /POINTER_SIZE=''POINTER_SIZE'"
-$     ELSE
-$!
-$!      Tell The User Entered An Invalid Option.
-$!
-$       WRITE SYS$OUTPUT ""
-$       WRITE SYS$OUTPUT "The Option ", P5, -
-         " Is Invalid.  The Valid Options Are:"
-$       WRITE SYS$OUTPUT ""
-$       WRITE SYS$OUTPUT -
-         "    """"  :  Compile with default (short) pointers."
-$       WRITE SYS$OUTPUT -
-         "    32  :  Compile with 32-bit (short) pointers."
-$       WRITE SYS$OUTPUT -
-         "    64       :  Compile with 64-bit (long) pointers (auto ARGV)."
-$       WRITE SYS$OUTPUT -
-         "    64=      :  Compile with 64-bit (long) pointers (no ARGV)."
-$       WRITE SYS$OUTPUT -
-         "    64=ARGV  :  Compile with 64-bit (long) pointers (ARGV)."
-$       WRITE SYS$OUTPUT ""
-$! 
-$!      Time To EXIT.
-$!
-$       EXIT
-$!
-$     ENDIF
-$!
-$   ENDIF
-$!
-$! End The P5 (POINTER_SIZE) Check.
-$!
-$ ENDIF
-$!
-$! Check To See If P2 Is Blank.
-$!
-$ IF (P2.EQS."")
-$ THEN
-$!
-$!  O.K., The User Didn't Specify A Compiler, Let's Try To
-$!  Find Out Which One To Use.
-$!
-$!  Check To See If We Have GNU C.
-$!
-$   IF (F$TRNLNM("GNU_CC").NES."")
-$   THEN
-$!
-$!    Looks Like GNUC, Set To Use GNUC.
-$!
-$     P2 = "GNUC"
-$!
-$!  End The GNU C Compiler Check.
-$!
-$   ELSE
-$!
-$!  Check To See If We Have VAXC Or DECC.
-$!
-$     IF (ARCH.NES."VAX").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
-$     THEN 
-$!
-$!      Looks Like DECC, Set To Use DECC.
-$!
-$       P2 = "DECC"
-$!
-$!      Else...
-$!
-$     ELSE
-$!
-$!      Looks Like VAXC, Set To Use VAXC.
-$!
-$       P2 = "VAXC"
-$!
-$!    End The VAXC Compiler Check.
-$!
-$     ENDIF
-$!
-$!  End The DECC & VAXC Compiler Check.
-$!
-$   ENDIF
-$!
-$!  End The Compiler Check.
-$!
-$ ENDIF
-$!
-$! Check To See If We Have A Option For P3.
-$!
-$ IF (P3.EQS."")
-$ THEN
-$!
-$!  Find out what socket library we have available
-$!
-$   IF F$PARSE("SOCKETSHR:") .NES. ""
-$   THEN
-$!
-$!    We have SOCKETSHR, and it is my opinion that it's the best to use.
-$!
-$     P3 = "SOCKETSHR"
-$!
-$!    Tell the user
-$!
-$     WRITE SYS$OUTPUT "Using SOCKETSHR for TCP/IP"
-$!
-$!    Else, let's look for something else
-$!
-$   ELSE
-$!
-$!    Like UCX (the reason to do this before Multinet is that the UCX
-$!    emulation is easier to use...)
-$!
-$     IF F$TRNLNM("UCX$IPC_SHR") .NES. "" -
-         .OR. F$PARSE("SYS$SHARE:UCX$IPC_SHR.EXE") .NES. "" -
-         .OR. F$PARSE("SYS$LIBRARY:UCX$IPC.OLB") .NES. ""
-$     THEN
-$!
-$!      Last resort: a UCX or UCX-compatible library
-$!
-$       P3 = "UCX"
-$!
-$!      Tell the user
-$!
-$       WRITE SYS$OUTPUT "Using UCX or an emulation thereof for TCP/IP"
-$!
-$!      That was all...
-$!
-$     ENDIF
-$   ENDIF
-$ ENDIF
-$!
-$! Set Up Initial CC Definitions, Possibly With User Ones
-$!
-$ CCDEFS = "TCPIP_TYPE_''P3'"
-$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
-$ CCEXTRAFLAGS = ""
-$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = "" !!! "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
-$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
-        CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
-$!
-$! Check To See If We Have A ZLIB Option.
-$!
-$ ZLIB = P6
-$ IF (ZLIB .NES. "")
-$ THEN
-$!
-$!  Check for expected ZLIB files.
-$!
-$   err = 0
-$   file1 = f$parse( "zlib.h", ZLIB, , , "SYNTAX_ONLY")
-$   if (f$search( file1) .eqs. "")
-$   then
-$     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid."
-$     WRITE SYS$OUTPUT "    Can't find header: ''file1'"
-$     err = 1
-$   endif
-$   file1 = f$parse( "A.;", ZLIB)- "A.;"
-$!
-$   file2 = f$parse( ZLIB, "libz.olb", , , "SYNTAX_ONLY")
-$   if (f$search( file2) .eqs. "")
-$   then
-$     if (err .eq. 0)
-$     then
-$       WRITE SYS$OUTPUT ""
-$       WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid."
-$     endif
-$     WRITE SYS$OUTPUT "    Can't find library: ''file2'"
-$     WRITE SYS$OUTPUT ""
-$     err = err+ 2
-$   endif
-$   if (err .eq. 1)
-$   then
-$     WRITE SYS$OUTPUT ""
-$   endif
-$!
-$   if (err .ne. 0)
-$   then
-$     GOTO EXIT
-$   endif
-$!
-$   CCDEFS = """ZLIB=1"", "+ CCDEFS
-$   CC_INCLUDES = CC_INCLUDES+ ", "+ file1
-$   ZLIB_LIB = ", ''file2' /library"
-$!
-$!  Print info
-$!
-$   WRITE SYS$OUTPUT "ZLIB library spec: ", file2
-$!
-$! End The P8 Check.
-$!
-$ ENDIF
-$!
-$!  Check To See If The User Entered A Valid Parameter.
-$!
-$ IF (P2.EQS."VAXC").OR.(P2.EQS."DECC").OR.(P2.EQS."GNUC")
-$ THEN
-$!
-$!  Check To See If The User Wanted DECC.
-$!
-$   IF (P2.EQS."DECC")
-$   THEN
-$!
-$!    Looks Like DECC, Set To Use DECC.
-$!
-$     COMPILER = "DECC"
-$!
-$!    Tell The User We Are Using DECC.
-$!
-$     WRITE SYS$OUTPUT "Using DECC 'C' Compiler."
-$!
-$!    Use DECC...
-$!
-$     CC = "CC"
-$     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
-         THEN CC = "CC /DECC"
-$     CC = CC + " /''CC_OPTIMIZE' /''DEBUGGER' /STANDARD=RELAXED"+ -
-       "''POINTER_SIZE' /NOLIST /PREFIX=ALL" + -
-       " /INCLUDE=(''CC_INCLUDES') " + CCEXTRAFLAGS
-$!
-$!    Define The Linker Options File Name.
-$!
-$     OPT_FILE = "VAX_DECC_OPTIONS.OPT"
-$!
-$!  End DECC Check.
-$!
-$   ENDIF
-$!
-$!  Check To See If We Are To Use VAXC.
-$!
-$   IF (P2.EQS."VAXC")
-$   THEN
-$!
-$!    Looks Like VAXC, Set To Use VAXC.
-$!
-$     COMPILER = "VAXC"
-$!
-$!    Tell The User We Are Using VAX C.
-$!
-$     WRITE SYS$OUTPUT "Using VAXC 'C' Compiler."
-$!
-$!    Compile Using VAXC.
-$!
-$     CC = "CC"
-$     IF ARCH.NES."VAX"
-$     THEN
-$       WRITE SYS$OUTPUT "There is no VAX C on ''ARCH'!"
-$       EXIT
-$     ENDIF
-$     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC /VAXC"
-$     CC = CC + "/''CC_OPTIMIZE' /''DEBUGGER' /NOLIST" + -
-           "/INCLUDE=(''CC_INCLUDES')" + CCEXTRAFLAGS
-$     CCDEFS = CCDEFS + ",""VAXC"""
-$!
-$!    Define <sys> As SYS$COMMON:[SYSLIB]
-$!
-$     DEFINE /NOLOG SYS SYS$COMMON:[SYSLIB]
-$!
-$!    Define The Linker Options File Name.
-$!
-$     OPT_FILE = "VAX_VAXC_OPTIONS.OPT"
-$!
-$!  End VAXC Check
-$!
-$   ENDIF
-$!
-$!  Check To See If We Are To Use GNU C.
-$!
-$   IF (P2.EQS."GNUC")
-$   THEN
-$!
-$!    Looks Like GNUC, Set To Use GNUC.
-$!
-$     COMPILER = "GNUC"
-$!
-$!    Tell The User We Are Using GNUC.
-$!
-$     WRITE SYS$OUTPUT "Using GNU 'C' Compiler."
-$!
-$!    Use GNU C...
-$!
-$     CC = "GCC /NOCASE_HACK /''GCC_OPTIMIZE' /''DEBUGGER' /NOLIST" + -
-           "/INCLUDE=(''CC_INCLUDES')" + CCEXTRAFLAGS
-$!
-$!    Define The Linker Options File Name.
-$!
-$     OPT_FILE = "VAX_GNUC_OPTIONS.OPT"
-$!
-$!  End The GNU C Check.
-$!
-$   ENDIF
-$!
-$!  Set up default defines
-$!
-$   CCDEFS = """FLAT_INC=1""," + CCDEFS
-$!
-$!  Finish up the definition of CC.
-$!
-$   IF COMPILER .EQS. "DECC"
-$   THEN
-$     IF CCDISABLEWARNINGS .EQS. ""
-$     THEN
-$       CC4DISABLEWARNINGS = "DOLLARID"
-$     ELSE
-$       CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID"
-$       CCDISABLEWARNINGS = " /WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
-$     ENDIF
-$     CC4DISABLEWARNINGS = " /WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
-$   ELSE
-$     CCDISABLEWARNINGS = ""
-$     CC4DISABLEWARNINGS = ""
-$   ENDIF
-$   CC = CC + " /DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
-$!
-$!  Show user the result
-$!
-$   WRITE /SYMBOL SYS$OUTPUT "Main Compiling Command: ", CC
-$!
-$!  Else The User Entered An Invalid Argument.
-$!
-$ ELSE
-$!
-$!  Tell The User We Don't Know What They Want.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The Option ",P2," Is Invalid.  The Valid Options Are:"
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "    VAXC  :  To Compile With VAX C."
-$   WRITE SYS$OUTPUT "    DECC  :  To Compile With DEC C."
-$   WRITE SYS$OUTPUT "    GNUC  :  To Compile With GNU C."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Time To EXIT.
-$!
-$   EXIT
-$ ENDIF
-$!
-$! Time to check the contents, and to make sure we get the correct library.
-$!
-$ IF P3.EQS."SOCKETSHR" .OR. P3.EQS."MULTINET" .OR. P3.EQS."UCX" -
-     .OR. P3.EQS."TCPIP" .OR. P3.EQS."NONE"
-$ THEN
-$!
-$!  Check to see if SOCKETSHR was chosen
-$!
-$   IF P3.EQS."SOCKETSHR"
-$   THEN
-$!
-$!    Set the library to use SOCKETSHR
-$!
-$     TCPIP_LIB = ",SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT /OPTIONS"
-$!
-$!    Done with SOCKETSHR
-$!
-$   ENDIF
-$!
-$!  Check to see if MULTINET was chosen
-$!
-$   IF P3.EQS."MULTINET"
-$   THEN
-$!
-$!    Set the library to use UCX emulation.
-$!
-$     P3 = "UCX"
-$!
-$!    Done with MULTINET
-$!
-$   ENDIF
-$!
-$!  Check to see if UCX was chosen
-$!
-$   IF P3.EQS."UCX"
-$   THEN
-$!
-$!    Set the library to use UCX.
-$!
-$     TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT /OPTIONS"
-$     IF F$TRNLNM("UCX$IPC_SHR") .NES. ""
-$     THEN
-$       TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT /OPTIONS"
-$     ELSE
-$       IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN -
-          TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT /OPTIONS"
-$     ENDIF
-$!
-$!    Done with UCX
-$!
-$   ENDIF
-$!
-$!  Check to see if TCPIP was chosen
-$!
-$   IF P3.EQS."TCPIP"
-$   THEN
-$!
-$!    Set the library to use TCPIP (post UCX).
-$!
-$     TCPIP_LIB = ",SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT /OPTIONS"
-$!
-$!    Done with TCPIP
-$!
-$   ENDIF
-$!
-$!  Check to see if NONE was chosen
-$!
-$   IF P3.EQS."NONE"
-$   THEN
-$!
-$!    Do not use a TCPIP library.
-$!
-$     TCPIP_LIB = ""
-$!
-$!    Done with NONE
-$!
-$   ENDIF
-$!
-$!  Print info
-$!
-$   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB- ","
-$!
-$!  Else The User Entered An Invalid Argument.
-$!
-$ ELSE
-$!
-$!  Tell The User We Don't Know What They Want.
-$!
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "The Option ",P3," Is Invalid.  The Valid Options Are:"
-$   WRITE SYS$OUTPUT ""
-$   WRITE SYS$OUTPUT "    SOCKETSHR  :  To link with SOCKETSHR TCP/IP library."
-$   WRITE SYS$OUTPUT "    UCX        :  To link with UCX TCP/IP library."
-$   WRITE SYS$OUTPUT "    TCPIP      :  To link with TCPIP (post UCX) TCP/IP library."
-$   WRITE SYS$OUTPUT ""
-$!
-$!  Time To EXIT.
-$!
-$   EXIT
-$!
-$!  Done with TCP/IP libraries
-$!
-$ ENDIF
-$!
-$! Special Threads For OpenVMS v7.1 Or Later
-$!
-$! Written By:  Richard Levitte
-$!              richard@levitte.org
-$!
-$!
-$! Check To See If We Have A Option For P4.
-$!
-$ IF (P4.EQS."")
-$ THEN
-$!
-$!  Get The Version Of VMS We Are Using.
-$!
-$   ISSEVEN :=
-$   TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION")))
-$   TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP))
-$!
-$!  Check To See If The VMS Version Is v7.1 Or Later.
-$!
-$   IF (TMP.GE.71)
-$   THEN
-$!
-$!    We Have OpenVMS v7.1 Or Later, So Use The Special Threads.
-$!
-$     ISSEVEN := ,PTHREAD_USE_D4
-$!
-$!  End The VMS Version Check.
-$!
-$   ENDIF
-$!
-$! End The P4 Check.
-$!
-$ ENDIF
-$!
-$!  Time To RETURN...
-$!
-$ RETURN
-$!
-$ INITIALISE:
-$!
-$! Save old value of the logical name OPENSSL
-$!
-$ __SAVE_OPENSSL = F$TRNLNM("OPENSSL","LNM$PROCESS_TABLE")
-$!
-$! Save directory information
-$!
-$ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A.;"
-$ __HERE = F$EDIT(__HERE,"UPCASE")
-$ __TOP = __HERE - "TEST]"
-$ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
-$!
-$! Set up the logical name OPENSSL to point at the include directory
-$!
-$ DEFINE OPENSSL /NOLOG '__INCLUDE'
-$!
-$! Done
-$!
-$ RETURN
-$!
-$ CLEANUP:
-$!
-$! Restore the logical name OPENSSL if it had a value
-$!
-$ IF __SAVE_OPENSSL .EQS. ""
-$ THEN
-$   DEASSIGN OPENSSL
-$ ELSE
-$   DEFINE /NOLOG OPENSSL '__SAVE_OPENSSL'
-$ ENDIF
-$!
-$! Done
-$!
-$ RETURN
diff --git a/src/lib/libssl/test/tcrl.com b/src/lib/libssl/test/tcrl.com
deleted file mode 100644
index dd96a2b6dd..0000000000
--- a/src/lib/libssl/test/tcrl.com
+++ /dev/null
@@ -1,88 +0,0 @@
-$! TCRL.COM  --  Tests crl keys
-$
-$       __arch = "VAX"
-$       if f$getsyi("cpu") .ge. 128 then -
-           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$       if __arch .eqs. "" then __arch = "UNK"
-$!
-$       if (p2 .eqs. "64") then __arch = __arch+ "_64"
-$!
-$       exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
-$
-$       cmd = "mcr ''exe_dir'openssl crl"
-$
-$       t = "testcrl.pem"
-$       if p1 .nes. "" then t = p1
-$
-$       write sys$output "testing CRL conversions"
-$       if f$search("fff.*") .nes "" then delete fff.*;*
-$       if f$search("ff.*") .nes "" then delete ff.*;*
-$       if f$search("f.*") .nes "" then delete f.*;*
-$       convert/fdl=sys$input: 't' fff.p
-RECORD
-        FORMAT STREAM_LF
-$
-$       write sys$output "p -> d"
-$       'cmd' -in fff.p -inform p -outform d -out f.d
-$       if $severity .ne. 1 then exit 3
-$!      write sys$output "p -> t"
-$!      'cmd' -in fff.p -inform p -outform t -out f.t
-$!      if $severity .ne. 1 then exit 3
-$       write sys$output "p -> p"
-$       'cmd' -in fff.p -inform p -outform p -out f.p
-$       if $severity .ne. 1 then exit 3
-$
-$       write sys$output "d -> d"
-$       'cmd' -in f.d -inform d -outform d -out ff.d1
-$       if $severity .ne. 1 then exit 3
-$!      write sys$output "t -> d"
-$!      'cmd' -in f.t -inform t -outform d -out ff.d2
-$!      if $severity .ne. 1 then exit 3
-$       write sys$output "p -> d"
-$       'cmd' -in f.p -inform p -outform d -out ff.d3
-$       if $severity .ne. 1 then exit 3
-$
-$!      write sys$output "d -> t"
-$!      'cmd' -in f.d -inform d -outform t -out ff.t1
-$!      if $severity .ne. 1 then exit 3
-$!      write sys$output "t -> t"
-$!      'cmd' -in f.t -inform t -outform t -out ff.t2
-$!      if $severity .ne. 1 then exit 3
-$!      write sys$output "p -> t"
-$!      'cmd' -in f.p -inform p -outform t -out ff.t3
-$!      if $severity .ne. 1 then exit 3
-$
-$       write sys$output "d -> p"
-$       'cmd' -in f.d -inform d -outform p -out ff.p1
-$       if $severity .ne. 1 then exit 3
-$!      write sys$output "t -> p"
-$!      'cmd' -in f.t -inform t -outform p -out ff.p2
-$!      if $severity .ne. 1 then exit 3
-$       write sys$output "p -> p"
-$       'cmd' -in f.p -inform p -outform p -out ff.p3
-$       if $severity .ne. 1 then exit 3
-$
-$       backup/compare fff.p f.p
-$       if $severity .ne. 1 then exit 3
-$       backup/compare fff.p ff.p1
-$       if $severity .ne. 1 then exit 3
-$!      backup/compare fff.p ff.p2
-$!      if $severity .ne. 1 then exit 3
-$       backup/compare fff.p ff.p3
-$       if $severity .ne. 1 then exit 3
-$
-$!      backup/compare f.t ff.t1
-$!      if $severity .ne. 1 then exit 3
-$!      backup/compare f.t ff.t2
-$!      if $severity .ne. 1 then exit 3
-$!      backup/compare f.t ff.t3
-$!      if $severity .ne. 1 then exit 3
-$
-$       backup/compare f.p ff.p1
-$       if $severity .ne. 1 then exit 3
-$!      backup/compare f.p ff.p2
-$!      if $severity .ne. 1 then exit 3
-$       backup/compare f.p ff.p3
-$       if $severity .ne. 1 then exit 3
-$
-$       delete f.*;*,ff.*;*,fff.*;*
diff --git a/src/lib/libssl/test/testca.com b/src/lib/libssl/test/testca.com
deleted file mode 100644
index 78cda9ec5a..0000000000
--- a/src/lib/libssl/test/testca.com
+++ /dev/null
@@ -1,52 +0,0 @@
-$! TESTCA.COM
-$
-$       __arch = "VAX"
-$       if f$getsyi("cpu") .ge. 128 then -
-           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$       if __arch .eqs. "" then __arch = "UNK"
-$!
-$       if (p1 .eqs. "64") then __arch = __arch+ "_64"
-$
-$       openssl = "mcr ''exe_dir'openssl"
-$
-$       SSLEAY_CONFIG="-config ""CAss.cnf"""
-$
-$       set noon
-$       if f$search("demoCA.dir") .nes. ""
-$       then
-$           @[-.util]deltree [.demoCA]*.*
-$           set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) demoCA.dir;*
-$           delete demoCA.dir;*
-$       endif
-$       set on
-$       open/read sys$ca_input VMSca-response.1
-$       @[-.apps]CA.com -input sys$ca_input -newca
-$       close sys$ca_input
-$       if $severity .ne. 1 then exit 3
-$
-$
-$       SSLEAY_CONFIG="-config ""Uss.cnf"""
-$       @[-.apps]CA.com -newreq
-$       if $severity .ne. 1 then exit 3
-$
-$
-$       SSLEAY_CONFIG="-config [-.apps]openssl-vms.cnf"
-$       open/read sys$ca_input VMSca-response.2
-$       @[-.apps]CA.com -input sys$ca_input -sign
-$       close sys$ca_input
-$       if $severity .ne. 1 then exit 3
-$
-$
-$       @[-.apps]CA.com -verify newcert.pem
-$       if $severity .ne. 1 then exit 3
-$
-$       set noon
-$       @[-.util]deltree [.demoCA]*.*
-$       set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) demoCA.dir;*
-$       delete demoCA.dir;*
-$       if f$search("newcert.pem") .nes. "" then delete newcert.pem;*
-$       if f$search("newcert.pem") .nes. "" then delete newreq.pem;*
-$       set on
-$!      #usage: CA -newcert|-newreq|-newca|-sign|-verify
-$
-$       exit
diff --git a/src/lib/libssl/test/testenc.com b/src/lib/libssl/test/testenc.com
deleted file mode 100644
index 75acd6f07f..0000000000
--- a/src/lib/libssl/test/testenc.com
+++ /dev/null
@@ -1,66 +0,0 @@
-$! TESTENC.COM  --  Test encoding and decoding
-$
-$       __arch = "VAX"
-$       if f$getsyi("cpu") .ge. 128 then -
-           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$       if __arch .eqs. "" then __arch = "UNK"
-$!
-$       if (p1 .eqs. 64) then __arch = __arch+ "_64"
-$
-$       exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
-$       testsrc = "makefile."
-$       test = "p.txt"
-$       cmd = "mcr ''exe_dir'openssl"
-$
-$       if f$search(test) .nes. "" then delete 'test';*
-$       convert/fdl=sys$input: 'testsrc' 'test'
-RECORD
-        FORMAT STREAM_LF
-$
-$       if f$search(test+"-cipher") .nes. "" then delete 'test'-cipher;*
-$       if f$search(test+"-clear") .nes. "" then delete 'test'-clear;*
-$
-$       write sys$output "cat"
-$       'cmd' enc -in 'test' -out 'test'-cipher
-$       'cmd' enc -in 'test'-cipher -out 'test'-clear
-$       backup/compare 'test' 'test'-clear
-$       if $severity .ne. 1 then exit 3
-$       delete 'test'-cipher;*,'test'-clear;*
-$
-$       write sys$output "base64"
-$       'cmd' enc -a -e -in 'test' -out 'test'-cipher
-$       'cmd' enc -a -d -in 'test'-cipher -out 'test'-clear
-$       backup/compare 'test' 'test'-clear
-$       if $severity .ne. 1 then exit 3
-$       delete 'test'-cipher;*,'test'-clear;*
-$
-$       define/user sys$output 'test'-cipher-commands
-$       'cmd' list-cipher-commands
-$       open/read f 'test'-cipher-commands
-$ loop_cipher_commands:
-$       read/end=loop_cipher_commands_end f i
-$       write sys$output i
-$
-$       if f$search(test+"-"+i+"-cipher") .nes. "" then -
-                delete 'test'-'i'-cipher;*
-$       if f$search(test+"-"+i+"-clear") .nes. "" then -
-                delete 'test'-'i'-clear;*
-$
-$       'cmd' 'i' -bufsize 113 -e -k test -in 'test' -out 'test'-'i'-cipher
-$       'cmd' 'i' -bufsize 157 -d -k test -in 'test'-'i'-cipher -out 'test'-'i'-clear
-$       backup/compare 'test' 'test'-'i'-clear
-$       if $severity .ne. 1 then exit 3
-$       delete 'test'-'i'-cipher;*,'test'-'i'-clear;*
-$
-$       write sys$output i," base64"
-$       'cmd' 'i' -bufsize 113 -a -e -k test -in 'test' -out 'test'-'i'-cipher
-$       'cmd' 'i' -bufsize 157 -a -d -k test -in 'test'-'i'-cipher -out 'test'-'i'-clear
-$       backup/compare 'test' 'test'-'i'-clear
-$       if $severity .ne. 1 then exit 3
-$       delete 'test'-'i'-cipher;*,'test'-'i'-clear;*
-$
-$       goto loop_cipher_commands
-$ loop_cipher_commands_end:
-$       close f
-$       delete 'test'-cipher-commands;*
-$       delete 'test';*
diff --git a/src/lib/libssl/test/testgen.com b/src/lib/libssl/test/testgen.com
deleted file mode 100644
index e076da2f30..0000000000
--- a/src/lib/libssl/test/testgen.com
+++ /dev/null
@@ -1,58 +0,0 @@
-$! TESTGEN.COM
-$
-$       __arch = "VAX"
-$       if f$getsyi("cpu") .ge. 128 then -
-           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$       if __arch .eqs. "" then __arch = "UNK"
-$       if (p1 .eqs. 64) then __arch = __arch+ "_64"
-$       exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
-$
-$       T = "testcert"
-$       KEY = 512
-$       CA = "[-.certs]testca.pem"
-$
-$       set noon
-$       if f$search(T+".1;*") .nes. "" then delete 'T'.1;*
-$       if f$search(T+".2;*") .nes. "" then delete 'T'.2;*
-$       if f$search(T+".key;*") .nes. "" then delete 'T'.key;*
-$       set on
-$
-$       write sys$output "generating certificate request"
-$
-$       append/new nl: .rnd
-$       open/append random_file .rnd
-$       write random_file -
-         "string to make the random number generator think it has entropy"
-$       close random_file
-$
-$       set noon
-$       define/user sys$output nla0:
-$       mcr 'exe_dir'openssl no-rsa
-$       save_severity=$SEVERITY
-$       set on
-$       if save_severity
-$       then
-$           req_new="-newkey dsa:[-.apps]dsa512.pem"
-$       else
-$           req_new="-new"
-$           write sys$output -
-             "There should be a 2 sequences of .'s and some +'s."
-$           write sys$output -
-             "There should not be more that at most 80 per line"
-$       endif
-$
-$       write sys$output "This could take some time."
-$
-$       mcr 'exe_dir'openssl req -config test.cnf 'req_new' -out testreq.pem
-$       if $severity .ne. 1
-$       then
-$           write sys$output "problems creating request"
-$           exit 3
-$       endif
-$
-$       mcr 'exe_dir'openssl req -config test.cnf -verify -in testreq.pem -noout
-$       if $severity .ne. 1
-$       then
-$           write sys$output "signature on req is wrong"
-$           exit 3
-$       endif
diff --git a/src/lib/libssl/test/tests.com b/src/lib/libssl/test/tests.com
deleted file mode 100644
index a840d5078f..0000000000
--- a/src/lib/libssl/test/tests.com
+++ /dev/null
@@ -1,375 +0,0 @@
-$! TESTS.COM  --  Performs the necessary tests
-$!
-$! P1   tests to be performed.  Empty means all.
-$! P2   Pointer size: "", "32", or "64".
-$!
-$! Announce/identify.
-$!
-$       proc = f$environment( "procedure")
-$       write sys$output "@@@ "+ -
-         f$parse( proc, , , "name")+ f$parse( proc, , , "type")
-$!
-$       __proc = f$element(0,";",f$environment("procedure"))
-$       __here = f$parse(f$parse("A.;",__proc) - "A.;","[]A.;") - "A.;"
-$       __save_default = f$environment("default")
-$       __arch = "VAX"
-$       if f$getsyi("cpu") .ge. 128 then -
-           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$       if __arch .eqs. "" then __arch = "UNK"
-$!
-$       __archd = __arch
-$       pointer_size = ""
-$       if (p2 .eq. "64")
-$       then
-$         pointer_size = "64"
-$         __archd = __arch+ "_64"
-$       endif
-$!
-$       texe_dir := sys$disk:[-.'__archd'.exe.test]
-$       exe_dir := sys$disk:[-.'__archd'.exe.apps]
-$
-$       set default '__here'
-$
-$       ROOT = F$PARSE("sys$disk:[-]A.;0",,,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
-$       ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
-$       ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
-                   - ".][000000" - "[000000." - "][" - "[" - "]"
-$       ROOT = ROOT_DEV + "[" + ROOT_DIR
-$       DEFINE/NOLOG SSLROOT 'ROOT'.APPS.] /TRANS=CONC
-$       openssl_conf := sslroot:[000000]openssl-vms.cnf
-$
-$       on control_y then goto exit
-$       on error then goto exit
-$
-$       if p1 .nes. ""
-$       then
-$           tests = p1
-$       else
-$! NOTE: This list reflects the list of dependencies following the
-$! "alltests" target in Makefile.  This should make it easy to see
-$! if there's a difference that needs to be taken care of.
-$           tests := -
-        test_des,test_idea,test_sha,test_md4,test_md5,test_hmac,-
-        test_md2,test_mdc2,test_wp,-
-        test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,test_aes,-
-        test_rand,test_bn,test_ec,test_ecdsa,test_ecdh,-
-        test_enc,test_x509,test_rsa,test_crl,test_sid,-
-        test_gen,test_req,test_pkcs7,test_verify,test_dh,test_dsa,-
-        test_ss,test_ca,test_engine,test_evp,test_ssl,test_tsa,test_ige,-
-        test_jpake,test_srp,test_cms
-$       endif
-$       tests = f$edit(tests,"COLLAPSE")
-$
-$       BNTEST :=       bntest
-$       ECTEST :=       ectest
-$       ECDSATEST :=    ecdsatest
-$       ECDHTEST :=     ecdhtest
-$       EXPTEST :=      exptest
-$       IDEATEST :=     ideatest
-$       SHATEST :=      shatest
-$       SHA1TEST :=     sha1test
-$       SHA256TEST :=   sha256t
-$       SHA512TEST :=   sha512t
-$       MDC2TEST :=     mdc2test
-$       RMDTEST :=      rmdtest
-$       MD2TEST :=      md2test
-$       MD4TEST :=      md4test
-$       MD5TEST :=      md5test
-$       HMACTEST :=     hmactest
-$       WPTEST :=       wp_test
-$       RC2TEST :=      rc2test
-$       RC4TEST :=      rc4test
-$       RC5TEST :=      rc5test
-$       BFTEST :=       bftest
-$       CASTTEST :=     casttest
-$       DESTEST :=      destest
-$       RANDTEST :=     randtest
-$       DHTEST :=       dhtest
-$       DSATEST :=      dsatest
-$       METHTEST :=     methtest
-$       SSLTEST :=      ssltest
-$       RSATEST :=      rsa_test
-$       ENGINETEST :=   enginetest
-$       EVPTEST :=      evp_test
-$       IGETEST :=      igetest
-$       JPAKETEST :=    jpaketest
-$       SRPTEST :=      srptest
-$       ASN1TEST :=     asn1test
-$!
-$       tests_i = 0
-$ loop_tests:
-$       tests_e = f$element(tests_i,",",tests)
-$       tests_i = tests_i + 1
-$       if tests_e .eqs. "," then goto exit
-$       write sys$output "---> ''tests_e'"
-$       gosub 'tests_e'
-$       goto loop_tests
-$
-$ test_evp:
-$       mcr 'texe_dir''evptest' 'ROOT'.CRYPTO.EVP]evptests.txt
-$       return
-$ test_des:
-$       mcr 'texe_dir''destest'
-$       return
-$ test_idea:
-$       mcr 'texe_dir''ideatest'
-$       return
-$ test_sha:
-$       mcr 'texe_dir''shatest'
-$       mcr 'texe_dir''sha1test'
-$       mcr 'texe_dir''sha256test'
-$       mcr 'texe_dir''sha512test'
-$       return
-$ test_mdc2:
-$       mcr 'texe_dir''mdc2test'
-$       return
-$ test_md5:
-$       mcr 'texe_dir''md5test'
-$       return
-$ test_md4:
-$       mcr 'texe_dir''md4test'
-$       return
-$ test_hmac:
-$       mcr 'texe_dir''hmactest'
-$       return
-$ test_wp:
-$       mcr 'texe_dir''wptest'
-$       return
-$ test_md2:
-$       mcr 'texe_dir''md2test'
-$       return
-$ test_rmd:
-$       mcr 'texe_dir''rmdtest'
-$       return
-$ test_bf:
-$       mcr 'texe_dir''bftest'
-$       return
-$ test_cast:
-$       mcr 'texe_dir''casttest'
-$       return
-$ test_rc2:
-$       mcr 'texe_dir''rc2test'
-$       return
-$ test_rc4:
-$       mcr 'texe_dir''rc4test'
-$       return
-$ test_rc5:
-$       mcr 'texe_dir''rc5test'
-$       return
-$ test_rand:
-$       mcr 'texe_dir''randtest'
-$       return
-$ test_enc:
-$       @testenc.com 'pointer_size'
-$       return
-$ test_x509:
-$       set noon
-$       define sys$error test_x509.err
-$       write sys$output "test normal x509v1 certificate"
-$       @tx509.com "" 'pointer_size'
-$       write sys$output "test first x509v3 certificate"
-$       @tx509.com v3-cert1.pem 'pointer_size'
-$       write sys$output "test second x509v3 certificate"
-$       @tx509.com v3-cert2.pem 'pointer_size'
-$       deassign sys$error
-$       set on
-$       return
-$ test_rsa:
-$       set noon
-$       define sys$error test_rsa.err
-$       @trsa.com "" 'pointer_size'
-$       deassign sys$error
-$       mcr 'texe_dir''rsatest'
-$       set on
-$       return
-$ test_crl:
-$       set noon
-$       define sys$error test_crl.err
-$       @tcrl.com "" 'pointer_size'
-$       deassign sys$error
-$       set on
-$       return
-$ test_sid:
-$       set noon
-$       define sys$error test_sid.err
-$       @tsid.com "" 'pointer_size'
-$       deassign sys$error
-$       set on
-$       return
-$ test_req:
-$       set noon
-$       define sys$error test_req.err
-$       @treq.com "" 'pointer_size'
-$       @treq.com testreq2.pem 'pointer_size'
-$       deassign sys$error
-$       set on
-$       return
-$ test_pkcs7:
-$       set noon
-$       define sys$error test_pkcs7.err
-$       @tpkcs7.com "" 'pointer_size'
-$       @tpkcs7d.com "" 'pointer_size'
-$       deassign sys$error
-$       set on
-$       return
-$ test_bn:
-$       write sys$output -
-              "starting big number library test, could take a while..."
-$       set noon
-$       define sys$error test_bn.err
-$       define sys$output test_bn.out
-$       @ bctest.com
-$       status = $status
-$       deassign sys$error
-$       deassign sys$output
-$       set on
-$       if (status)
-$       then
-$           create /fdl = sys$input bntest-vms.tmp
-FILE
-        ORGANIZATION    sequential
-RECORD
-        FORMAT          stream_lf
-$           define /user_mode sys$output bntest-vms.tmp
-$           mcr 'texe_dir''bntest'
-$           define /user_mode sys$input bntest-vms.tmp
-$           define /user_mode sys$output bntest-vms.out
-$           bc
-$           @ bntest.com bntest-vms.out
-$           status = $status
-$           if (status)
-$           then
-$               delete bntest-vms.out;*
-$               delete bntest-vms.tmp;*
-$           endif
-$       else
-$           create /fdl = sys$input bntest-vms.sh
-FILE
-        ORGANIZATION    sequential
-RECORD
-        FORMAT          stream_lf
-$           open /append bntest_file bntest-vms.sh
-$           type /output = bntest_file sys$input:
-<< __FOO__ sh -c "`sh ./bctest`" | perl -e '$i=0; while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $1";} elsif (!/^0$/) {die "\nFailed! bc: $_";} else {print STDERR "."; $i++;}} print STDERR "\n$i tests passed\n"'
-$           define /user_mode sys$output bntest-vms.tmp
-$           mcr 'texe_dir''bntest'
-$           copy bntest-vms.tmp bntest_file
-$           delete bntest-vms.tmp;*
-$           type /output = bntest_file sys$input:
-__FOO__
-$           close bntest_file
-$           write sys$output "-- copy the [.test]bntest-vms.sh and [.test]bctest files to a Unix system and"
-$           write sys$output "-- run bntest-vms.sh through sh or bash to verify that the bignum operations"
-$           write sys$output "-- went well."
-$           write sys$output ""
-$       endif
-$       write sys$output "test a^b%c implementations"
-$       mcr 'texe_dir''exptest'
-$       return
-$ test_ec:
-$       write sys$output "test elliptic curves"
-$       mcr 'texe_dir''ectest'
-$       return
-$ test_ecdsa:
-$       write sys$output "test ecdsa"
-$       mcr 'texe_dir''ecdsatest'
-$       return
-$ test_ecdh:
-$       write sys$output "test ecdh"
-$       mcr 'texe_dir''ecdhtest'
-$       return
-$ test_verify:
-$       write sys$output "The following command should have some OK's and some failures"
-$       write sys$output "There are definitly a few expired certificates"
-$       @tverify.com 'pointer_size'
-$       return
-$ test_dh:
-$       write sys$output "Generate a set of DH parameters"
-$       mcr 'texe_dir''dhtest'
-$       return
-$ test_dsa:
-$       write sys$output "Generate a set of DSA parameters"
-$       mcr 'texe_dir''dsatest'
-$       return
-$ test_gen:
-$       write sys$output "Generate and verify a certificate request"
-$       @testgen.com 'pointer_size'
-$       return
-$ maybe_test_ss:
-$       testss_RDT = f$cvtime(f$file_attributes("testss.com","RDT"))
-$       if f$cvtime(f$file_attributes("keyU.ss","RDT")) .les. testss_RDT then -
-                goto test_ss
-$       if f$cvtime(f$file_attributes("certU.ss","RDT")) .les. testss_RDT then -
-                goto test_ss
-$       if f$cvtime(f$file_attributes("certCA.ss","RDT")) .les. testss_RDT then -
-                goto test_ss
-$       return
-$ test_ss:
-$       write sys$output "Generate and certify a test certificate"
-$       @testss.com 'pointer_size'
-$       return
-$ test_engine: 
-$       write sys$output "Manipulate the ENGINE structures"
-$       mcr 'texe_dir''enginetest'
-$       return
-$ test_ssl:
-$       write sys$output "test SSL protocol"
-$       gosub maybe_test_ss
-$       @testssl.com keyU.ss certU.ss certCA.ss 'pointer_size'
-$       return
-$ test_ca:
-$       set noon
-$       define /user_mode sys$output test_ca.out
-$       mcr 'exe_dir'openssl no-rsa
-$       save_severity=$SEVERITY
-$       set on
-$       if save_severity
-$       then
-$           write sys$output "skipping CA.com test -- requires RSA"
-$       else
-$           write sys$output "Generate and certify a test certificate via the 'ca' program"
-$           @testca.com 'pointer_size'
-$       endif
-$       return
-$ test_aes: 
-$!      write sys$output "test AES"
-$!      !mcr 'texe_dir''aestest'
-$       return
-$ test_tsa:
-$       set noon
-$       define /user_mode sys$output nla0:
-$       mcr 'exe_dir'openssl no-rsa
-$       save_severity=$SEVERITY
-$       set on
-$       if save_severity
-$       then
-$           write sys$output "skipping testtsa.com test -- requires RSA"
-$       else
-$           @testtsa.com "" "" "" 'pointer_size'
-$       endif
-$       return
-$ test_ige: 
-$       write sys$output "Test IGE mode"
-$       mcr 'texe_dir''igetest'
-$       return
-$ test_jpake: 
-$       write sys$output "Test JPAKE"
-$       mcr 'texe_dir''jpaketest'
-$       return
-$ test_cms:
-$       write sys$output "CMS consistency test"
-$       ! Define the logical name used to find openssl.exe in the perl script.
-$       define /user_mode osslx 'exe_dir'
-$       perl CMS-TEST.PL
-$       return
-$ test_srp: 
-$       write sys$output "Test SRP"
-$       mcr 'texe_dir''srptest'
-$       return
-$
-$
-$ exit:
-$       mcr 'exe_dir'openssl version -a
-$       set default '__save_default'
-$       deassign sslroot
-$       exit
diff --git a/src/lib/libssl/test/testss.com b/src/lib/libssl/test/testss.com
deleted file mode 100644
index 32a74d0fc2..0000000000
--- a/src/lib/libssl/test/testss.com
+++ /dev/null
@@ -1,123 +0,0 @@
-$! TESTSS.COM
-$
-$       __arch = "VAX"
-$       if f$getsyi("cpu") .ge. 128 then -
-           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$       if __arch .eqs. "" then __arch = "UNK"
-$!
-$       if (p1 .eqs. "64") then __arch = __arch+ "_64"
-$!
-$       exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
-$
-$       digest="-md5"
-$       reqcmd = "mcr ''exe_dir'openssl req"
-$       x509cmd = "mcr ''exe_dir'openssl x509 ''digest'"
-$       verifycmd = "mcr ''exe_dir'openssl verify"
-$       dummycnf = "sys$disk:[-.apps]openssl-vms.cnf"
-$
-$       CAkey="""keyCA.ss"""
-$       CAcert="""certCA.ss"""
-$       CAreq="""reqCA.ss"""
-$       CAconf="""CAss.cnf"""
-$       CAreq2="""req2CA.ss"""  ! temp
-$
-$       Uconf="""Uss.cnf"""
-$       Ukey="""keyU.ss"""
-$       Ureq="""reqU.ss"""
-$       Ucert="""certU.ss"""
-$
-$       write sys$output ""
-$       write sys$output "make a certificate request using 'req'"
-$
-$       set noon
-$       define/user sys$output nla0:
-$       mcr 'exe_dir'openssl no-rsa
-$       save_severity=$SEVERITY
-$       set on
-$       if save_severity
-$       then
-$           req_new="-newkey dsa:[-.apps]dsa512.pem"
-$       else
-$           req_new="-new"
-$       endif
-$
-$       'reqcmd' -config 'CAconf' -out 'CAreq' -keyout 'CAkey' 'req_new' ! -out err.ss
-$       if $severity .ne. 1
-$       then
-$               write sys$output "error using 'req' to generate a certificate request"
-$               exit 3
-$       endif
-$       write sys$output ""
-$       write sys$output "convert the certificate request into a self signed certificate using 'x509'"
-$       define /user sys$output err.ss
-$       'x509cmd' "-CAcreateserial" -in 'CAreq' -days 30 -req -out 'CAcert' -signkey 'CAkey'
-$       if $severity .ne. 1
-$       then
-$               write sys$output "error using 'x509' to self sign a certificate request"
-$               exit 3
-$       endif
-$
-$       write sys$output ""
-$       write sys$output "convert a certificate into a certificate request using 'x509'"
-$       define /user sys$output err.ss
-$       'x509cmd' -in 'CAcert' -x509toreq -signkey 'CAkey' -out 'CAreq2'
-$       if $severity .ne. 1
-$       then
-$               write sys$output "error using 'x509' convert a certificate to a certificate request"
-$               exit 3
-$       endif
-$
-$       'reqcmd' -config 'dummycnf' -verify -in 'CAreq' -noout
-$       if $severity .ne. 1
-$       then
-$               write sys$output "first generated request is invalid"
-$               exit 3
-$       endif
-$
-$       'reqcmd' -config 'dummycnf' -verify -in 'CAreq2' -noout
-$       if $severity .ne. 1
-$       then
-$               write sys$output "second generated request is invalid"
-$               exit 3
-$       endif
-$
-$       'verifycmd' "-CAfile" 'CAcert' 'CAcert'
-$       if $severity .ne. 1
-$       then
-$               write sys$output "first generated cert is invalid"
-$               exit 3
-$       endif
-$
-$       write sys$output ""
-$       write sys$output "make another certificate request using 'req'"
-$       define /user sys$output err.ss
-$       'reqcmd' -config 'Uconf' -out 'Ureq' -keyout 'Ukey' 'req_new'
-$       if $severity .ne. 1
-$       then
-$               write sys$output "error using 'req' to generate a certificate request"
-$               exit 3
-$       endif
-$
-$       write sys$output ""
-$       write sys$output "sign certificate request with the just created CA via 'x509'"
-$       define /user sys$output err.ss
-$       'x509cmd' "-CAcreateserial" -in 'Ureq' -days 30 -req -out 'Ucert' "-CA" 'CAcert' "-CAkey" 'CAkey'
-$       if $severity .ne. 1
-$       then
-$               write sys$output "error using 'x509' to sign a certificate request"
-$               exit 3
-$       endif
-$
-$       'verifycmd' "-CAfile" 'CAcert' 'Ucert'
-$       write sys$output ""
-$       write sys$output "Certificate details"
-$       'x509cmd' -subject -issuer -startdate -enddate -noout -in 'Ucert'
-$
-$       write sys$output ""
-$       write sys$output "The generated CA certificate is ",CAcert
-$       write sys$output "The generated CA private key is ",CAkey
-$
-$       write sys$output "The generated user certificate is ",Ucert
-$       write sys$output "The generated user private key is ",Ukey
-$
-$       if f$search("err.ss;*") .nes. "" then delete err.ss;*
diff --git a/src/lib/libssl/test/testssl b/src/lib/libssl/test/testssl
index 5ae4dc8720..4e8542b556 100644
--- a/src/lib/libssl/test/testssl
+++ b/src/lib/libssl/test/testssl
@@ -119,6 +119,23 @@ $ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1
 echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
 $ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
 
+echo "Testing ciphersuites"
+for protocol in TLSv1.2 SSLv3; do
+  echo "Testing ciphersuites for $protocol"
+  for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do
+    echo "Testing $cipher"
+    prot=""
+    if [ $protocol = "SSLv3" ] ; then
+      prot="-ssl3"
+    fi
+    $ssltest -cipher $cipher $prot
+    if [ $? -ne 0 ] ; then
+          echo "Failed $cipher"
+          exit 1
+    fi
+  done
+done
+
 #############################################################################
 
 if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
diff --git a/src/lib/libssl/test/testssl.com b/src/lib/libssl/test/testssl.com
deleted file mode 100644
index f19edc4719..0000000000
--- a/src/lib/libssl/test/testssl.com
+++ /dev/null
@@ -1,208 +0,0 @@
-$! TESTSSL.COM
-$
-$       __arch = "VAX"
-$       if f$getsyi("cpu") .ge. 128 then -
-           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$       if __arch .eqs. "" then __arch = "UNK"
-$!
-$       if (p4 .eqs. "64") then __arch = __arch+ "_64"
-$!
-$       texe_dir = "sys$disk:[-.''__arch'.exe.test]"
-$       exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
-$
-$       if p1 .eqs. ""
-$       then
-$           key="[-.apps]server.pem"
-$       else
-$           key=p1
-$       endif
-$       if p2 .eqs. ""
-$       then
-$           cert="[-.apps]server.pem"
-$       else
-$           cert=p2
-$       endif
-$       ssltest = "mcr ''texe_dir'ssltest -key ''key'"+ -
-         " -cert ''cert' -c_key ''key' -c_cert ''cert'"
-$!
-$       set noon
-$       define/user sys$output testssl-x509-output.
-$       define/user sys$error nla0:
-$       mcr 'exe_dir'openssl x509 -in 'cert' -text -noout
-$       define/user sys$error nla0:
-$       search/output=nla0: testssl-x509-output. "DSA Public Key"/exact
-$       if $severity .eq. 1
-$       then
-$           dsa_cert = "YES"
-$       else
-$           dsa_cert = "NO"
-$       endif
-$       delete testssl-x509-output.;*
-$
-$       if p3 .eqs. ""
-$       then
-$           copy/concatenate [-.certs]*.pem certs.tmp
-$           CA = """-CAfile"" certs.tmp"
-$       else
-$           CA = """-CAfile"" "+p3
-$       endif
-$
-$!###########################################################################
-$
-$       write sys$output "test sslv2"
-$       'ssltest' -ssl2
-$       if $severity .ne. 1 then goto exit3
-$
-$       write sys$output "test sslv2 with server authentication"
-$       'ssltest' -ssl2 -server_auth 'CA'
-$       if $severity .ne. 1 then goto exit3
-$
-$       if .not. dsa_cert
-$       then
-$           write sys$output "test sslv2 with client authentication"
-$           'ssltest' -ssl2 -client_auth 'CA'
-$           if $severity .ne. 1 then goto exit3
-$
-$           write sys$output "test sslv2 with both client and server authentication"
-$           'ssltest' -ssl2 -server_auth -client_auth 'CA'
-$           if $severity .ne. 1 then goto exit3
-$       endif
-$
-$       write sys$output "test sslv3"
-$       'ssltest' -ssl3
-$       if $severity .ne. 1 then goto exit3
-$
-$       write sys$output "test sslv3 with server authentication"
-$       'ssltest' -ssl3 -server_auth 'CA'
-$       if $severity .ne. 1 then goto exit3
-$
-$       write sys$output "test sslv3 with client authentication"
-$       'ssltest' -ssl3 -client_auth 'CA'
-$       if $severity .ne. 1 then goto exit3
-$
-$       write sys$output "test sslv3 with both client and server authentication"
-$       'ssltest' -ssl3 -server_auth -client_auth 'CA'
-$       if $severity .ne. 1 then goto exit3
-$
-$       write sys$output "test sslv2/sslv3"
-$       'ssltest'
-$       if $severity .ne. 1 then goto exit3
-$
-$       write sys$output "test sslv2/sslv3 with server authentication"
-$       'ssltest' -server_auth 'CA'
-$       if $severity .ne. 1 then goto exit3
-$
-$       write sys$output "test sslv2/sslv3 with client authentication"
-$       'ssltest' -client_auth 'CA'
-$       if $severity .ne. 1 then goto exit3
-$
-$       write sys$output "test sslv2/sslv3 with both client and server authentication"
-$       'ssltest' -server_auth -client_auth 'CA'
-$       if $severity .ne. 1 then goto exit3
-$
-$       write sys$output "test sslv2 via BIO pair"
-$       'ssltest' -bio_pair -ssl2 
-$       if $severity .ne. 1 then goto exit3
-$
-$       write sys$output "test sslv2 with server authentication via BIO pair"
-$       'ssltest' -bio_pair -ssl2 -server_auth 'CA' 
-$       if $severity .ne. 1 then goto exit3
-$
-$       if .not. dsa_cert
-$       then
-$           write sys$output "test sslv2 with client authentication via BIO pair"
-$           'ssltest' -bio_pair -ssl2 -client_auth 'CA' 
-$           if $severity .ne. 1 then goto exit3
-$
-$           write sys$output "test sslv2 with both client and server authentication via BIO pair"
-$           'ssltest' -bio_pair -ssl2 -server_auth -client_auth 'CA' 
-$           if $severity .ne. 1 then goto exit3
-$       endif
-$
-$       write sys$output "test sslv3 via BIO pair"
-$       'ssltest' -bio_pair -ssl3 
-$       if $severity .ne. 1 then goto exit3
-$
-$       write sys$output "test sslv3 with server authentication via BIO pair"
-$       'ssltest' -bio_pair -ssl3 -server_auth 'CA' 
-$       if $severity .ne. 1 then goto exit3
-$
-$       write sys$output "test sslv3 with client authentication via BIO pair"
-$       'ssltest' -bio_pair -ssl3 -client_auth 'CA' 
-$       if $severity .ne. 1 then goto exit3
- 
-$       write sys$output "test sslv3 with both client and server authentication via BIO pair"
-$       'ssltest' -bio_pair -ssl3 -server_auth -client_auth 'CA' 
-$       if $severity .ne. 1 then goto exit3
-$
-$       write sys$output "test sslv2/sslv3 via BIO pair"
-$       'ssltest' 
-$       if $severity .ne. 1 then goto exit3
-$
-$       if .not. dsa_cert
-$       then
-$           write sys$output "test sslv2/sslv3 w/o DHE via BIO pair"
-$           'ssltest' -bio_pair -no_dhe
-$           if $severity .ne. 1 then goto exit3
-$       endif
-$
-$       write sys$output "test sslv2/sslv3 with 1024 bit DHE via BIO pair"
-$       'ssltest' -bio_pair -dhe1024dsa -v
-$       if $severity .ne. 1 then goto exit3
-$
-$       write sys$output "test sslv2/sslv3 with server authentication"
-$       'ssltest' -bio_pair -server_auth 'CA' 
-$       if $severity .ne. 1 then goto exit3
-$
-$       write sys$output "test sslv2/sslv3 with client authentication via BIO pair"
-$       'ssltest' -bio_pair -client_auth 'CA' 
-$       if $severity .ne. 1 then goto exit3
-$
-$       write sys$output "test sslv2/sslv3 with both client and server authentication via BIO pair"
-$       'ssltest' -bio_pair -server_auth -client_auth 'CA' 
-$       if $severity .ne. 1 then goto exit3
-$
-$!###########################################################################
-$
-$       define/user sys$output nla0:
-$       mcr 'exe_dir'openssl no-rsa
-$       no_rsa=$SEVERITY
-$       define/user sys$output nla0:
-$       mcr 'exe_dir'openssl no-dh
-$       no_dh=$SEVERITY
-$
-$       if no_dh
-$       then
-$           write sys$output "skipping anonymous DH tests"
-$       else
-$           write sys$output "test tls1 with 1024bit anonymous DH, multiple handshakes"
-$           'ssltest' -v -bio_pair -tls1 -cipher "ADH" -dhe1024dsa -num 10 -f -time
-$           if $severity .ne. 1 then goto exit3
-$       endif
-$
-$       if no_rsa
-$       then
-$           write sys$output "skipping RSA tests"
-$       else
-$           write sys$output "test tls1 with 1024bit RSA, no DHE, multiple handshakes"
-$           mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -no_dhe -num 10 -f -time
-$           if $severity .ne. 1 then goto exit3
-$
-$           if no_dh
-$           then
-$               write sys$output "skipping RSA+DHE tests"
-$           else
-$               write sys$output "test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes"
-$               mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -dhe1024dsa -num 10 -f -time
-$               if $severity .ne. 1 then goto exit3
-$           endif
-$       endif
-$
-$       RET = 1
-$       goto exit
-$ exit3:
-$       RET = 3
-$ exit:
-$       if p3 .eqs. "" then delete certs.tmp;*
-$       set on
-$       exit 'RET'
diff --git a/src/lib/libssl/test/testtsa.com b/src/lib/libssl/test/testtsa.com
deleted file mode 100644
index 29fb1d0e63..0000000000
--- a/src/lib/libssl/test/testtsa.com
+++ /dev/null
@@ -1,255 +0,0 @@
-$!
-$! A few very basic tests for the 'ts' time stamping authority command.
-$!
-$
-$       __arch = "VAX"
-$       if f$getsyi("cpu") .ge. 128 then -
-           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$       if __arch .eqs. "" then __arch = "UNK"
-$!
-$       if (p4 .eqs. "64") then __arch = __arch+ "_64"
-$!
-$       exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
-$
-$       openssl = "mcr ''f$parse(exe_dir+"openssl.exe")'"
-$       OPENSSL_CONF = "[-]CAtsa.cnf"
-$       ! Because that's what ../apps/CA.sh really looks at
-$       SSLEAY_CONFIG = "-config " + OPENSSL_CONF
-$
-$ error:
-$       subroutine
-$               write sys$error "TSA test failed!"
-$               exit 3
-$       endsubroutine
-$
-$ setup_dir:
-$       subroutine
-$
-$               if f$search("tsa.dir") .nes ""
-$               then
-$                       @[-.util]deltree [.tsa]*.*
-$                       set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;*
-$                       delete tsa.dir;*
-$               endif
-$
-$               create/dir [.tsa]
-$               set default [.tsa]
-$       endsubroutine
-$
-$ clean_up_dir:
-$       subroutine
-$
-$               set default [-]
-$               @[-.util]deltree [.tsa]*.*
-$               set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) tsa.dir;*
-$               delete tsa.dir;*
-$       endsubroutine
-$
-$ create_ca:
-$       subroutine
-$
-$               write sys$output "Creating a new CA for the TSA tests..."
-$               TSDNSECT = "ts_ca_dn"
-$               openssl req -new -x509 -nodes -
-                        -out tsaca.pem -keyout tsacakey.pem
-$               if $severity .ne. 1 then call error
-$       endsubroutine
-$
-$ create_tsa_cert:
-$       subroutine
-$
-$               INDEX=p1
-$               EXT=p2
-$               TSDNSECT = "ts_cert_dn"
-$
-$               openssl req -new -
-                        -out tsa_req'INDEX'.pem -keyout tsa_key'INDEX'.pem
-$               if $severity .ne. 1 then call error
-$
-$               write sys$output "Using extension ''EXT'"
-$               openssl x509 -req -
-                        -in tsa_req'INDEX'.pem -out tsa_cert'INDEX'.pem -
-                        "-CA" tsaca.pem "-CAkey" tsacakey.pem "-CAcreateserial" -
-                        -extfile 'OPENSSL_CONF' -extensions "''EXT'"
-$               if $severity .ne. 1 then call error
-$       endsubroutine
-$
-$ print_request:
-$       subroutine
-$
-$               openssl ts -query -in 'p1' -text
-$       endsubroutine
-$
-$ create_time_stamp_request1: subroutine
-$
-$               openssl ts -query -data [-]testtsa.com -policy tsa_policy1 -
-                        -cert -out req1.tsq
-$               if $severity .ne. 1 then call error
-$       endsubroutine
-$
-$ create_time_stamp_request2: subroutine
-$
-$               openssl ts -query -data [-]testtsa.com -policy tsa_policy2 -
-                        -no_nonce -out req2.tsq
-$               if $severity .ne. 1 then call error
-$       endsubroutine
-$
-$ create_time_stamp_request3: subroutine
-$
-$               openssl ts -query -data [-]CAtsa.cnf -no_nonce -out req3.tsq
-$               if $severity .ne. 1 then call error
-$       endsubroutine
-$
-$ print_response:
-$       subroutine
-$
-$               openssl ts -reply -in 'p1' -text
-$               if $severity .ne. 1 then call error
-$       endsubroutine
-$
-$ create_time_stamp_response:
-$       subroutine
-$
-$               openssl ts -reply -section 'p3' -queryfile 'p1' -out 'p2'
-$               if $severity .ne. 1 then call error
-$       endsubroutine
-$
-$ time_stamp_response_token_test:
-$       subroutine
-$
-$               RESPONSE2 = p2+ "-copy_tsr"
-$               TOKEN_DER = p2+ "-token_der"
-$               openssl ts -reply -in 'p2' -out 'TOKEN_DER' -token_out
-$               if $severity .ne. 1 then call error
-$               openssl ts -reply -in 'TOKEN_DER' -token_in -out 'RESPONSE2'
-$               if $severity .ne. 1 then call error
-$               backup/compare 'RESPONSE2' 'p2'
-$               if $severity .ne. 1 then call error
-$               openssl ts -reply -in 'p2' -text -token_out
-$               if $severity .ne. 1 then call error
-$               openssl ts -reply -in 'TOKEN_DER' -token_in -text -token_out
-$               if $severity .ne. 1 then call error
-$               openssl ts -reply -queryfile 'p1' -text -token_out
-$               if $severity .ne. 1 then call error
-$       endsubroutine
-$
-$ verify_time_stamp_response:
-$       subroutine
-$
-$               openssl ts -verify -queryfile 'p1' -in 'p2' -
-                        "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
-$               if $severity .ne. 1 then call error
-$               openssl ts -verify -data 'p3' -in 'p2' -
-                        "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
-$               if $severity .ne. 1 then call error
-$       endsubroutine
-$
-$ verify_time_stamp_token:
-$       subroutine
-$
-$               ! create the token from the response first
-$               openssl ts -reply -in "''p2'" -out "''p2'-token" -token_out
-$               if $severity .ne. 1 then call error
-$               openssl ts -verify -queryfile "''p1'" -in "''p2'-token" -
-                 -token_in "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
-$               if $severity .ne. 1 then call error
-$               openssl ts -verify -data "''p3'" -in "''p2'-token" -
-                 -token_in "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
-$               if $severity .ne. 1 then call error
-$       endsubroutine
-$
-$ verify_time_stamp_response_fail:
-$       subroutine
-$
-$               openssl ts -verify -queryfile 'p1' -in 'p2' -
-                        "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
-$               ! Checks if the verification failed, as it should have.
-$               if $severity .eq. 1 then call error
-$               write sys$output "Ok"
-$       endsubroutine
-$
-$       ! Main body ----------------------------------------------------------
-$
-$       set noon
-$
-$       write sys$output "Setting up TSA test directory..."
-$       call setup_dir
-$
-$       write sys$output "Creating CA for TSA tests..."
-$       call create_ca
-$
-$       write sys$output "Creating tsa_cert1.pem TSA server cert..."
-$       call create_tsa_cert 1 "tsa_cert"
-$
-$       write sys$output "Creating tsa_cert2.pem non-TSA server cert..."
-$       call create_tsa_cert 2 "non_tsa_cert"
-$
-$       write sys$output "Creating req1.req time stamp request for file testtsa..."
-$       call create_time_stamp_request1
-$
-$       write sys$output "Printing req1.req..."
-$       call print_request "req1.tsq"
-$
-$       write sys$output "Generating valid response for req1.req..."
-$       call create_time_stamp_response "req1.tsq" "resp1.tsr" "tsa_config1"
-$
-$       write sys$output "Printing response..."
-$       call print_response "resp1.tsr"
-$
-$       write sys$output "Verifying valid response..."
-$       call verify_time_stamp_response "req1.tsq" "resp1.tsr" "[-]testtsa.com"
-$
-$       write sys$output "Verifying valid token..."
-$       call verify_time_stamp_token "req1.tsq" "resp1.tsr" "[-]testtsa.com"
-$
-$       ! The tests below are commented out, because invalid signer certificates
-$       ! can no longer be specified in the config file.
-$
-$       ! write sys$output "Generating _invalid_ response for req1.req..."
-$       ! call create_time_stamp_response "req1.tsq" "resp1_bad.tsr" "tsa_config2"
-$
-$       ! write sys$output "Printing response..."
-$       ! call print_response "resp1_bad.tsr"
-$
-$       ! write sys$output "Verifying invalid response, it should fail..."
-$       ! call verify_time_stamp_response_fail "req1.tsq" "resp1_bad.tsr"
-$
-$       write sys$output "Creating req2.req time stamp request for file testtsa..."
-$       call create_time_stamp_request2
-$
-$       write sys$output "Printing req2.req..."
-$       call print_request "req2.tsq"
-$
-$       write sys$output "Generating valid response for req2.req..."
-$       call create_time_stamp_response "req2.tsq" "resp2.tsr" "tsa_config1"
-$
-$       write sys$output "Checking '-token_in' and '-token_out' options with '-reply'..."
-$       call time_stamp_response_token_test "req2.tsq" "resp2.tsr"
-$
-$       write sys$output "Printing response..."
-$       call print_response "resp2.tsr"
-$
-$       write sys$output "Verifying valid response..."
-$       call verify_time_stamp_response "req2.tsq" "resp2.tsr" "[-]testtsa.com"
-$
-$       write sys$output "Verifying response against wrong request, it should fail..."
-$       call verify_time_stamp_response_fail "req1.tsq" "resp2.tsr"
-$
-$       write sys$output "Verifying response against wrong request, it should fail..."
-$       call verify_time_stamp_response_fail "req2.tsq" "resp1.tsr"
-$
-$       write sys$output "Creating req3.req time stamp request for file CAtsa.cnf..."
-$       call create_time_stamp_request3
-$
-$       write sys$output "Printing req3.req..."
-$       call print_request "req3.tsq"
-$
-$       write sys$output "Verifying response against wrong request, it should fail..."
-$       call verify_time_stamp_response_fail "req3.tsq" "resp1.tsr"
-$
-$       write sys$output "Cleaning up..."
-$       call clean_up_dir
-$
-$       set on
-$
-$       exit
diff --git a/src/lib/libssl/test/tpkcs7.com b/src/lib/libssl/test/tpkcs7.com
deleted file mode 100644
index 3fc4982bb0..0000000000
--- a/src/lib/libssl/test/tpkcs7.com
+++ /dev/null
@@ -1,59 +0,0 @@
-$! TPKCS7.COM  --  Tests pkcs7 keys
-$
-$       __arch = "VAX"
-$       if f$getsyi("cpu") .ge. 128 then -
-           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$       if __arch .eqs. "" then __arch = "UNK"
-$!
-$       if (p2 .eqs. "64") then __arch = __arch+ "_64"
-$!
-$       exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
-$
-$       cmd = "mcr ''exe_dir'openssl pkcs7"
-$
-$       t = "testp7.pem"
-$       if p1 .nes. "" then t = p1
-$
-$       write sys$output "testing PKCS7 conversions"
-$       if f$search("fff.*") .nes "" then delete fff.*;*
-$       if f$search("ff.*") .nes "" then delete ff.*;*
-$       if f$search("f.*") .nes "" then delete f.*;*
-$       convert/fdl=sys$input: 't' fff.p
-RECORD
-        FORMAT STREAM_LF
-$
-$       write sys$output "p -> d"
-$       'cmd' -in fff.p -inform p -outform d -out f.d
-$       if $severity .ne. 1 then exit 3
-$       write sys$output "p -> p"
-$       'cmd' -in fff.p -inform p -outform p -out f.p
-$       if $severity .ne. 1 then exit 3
-$
-$       write sys$output "d -> d"
-$       'cmd' -in f.d -inform d -outform d -out ff.d1
-$       if $severity .ne. 1 then exit 3
-$       write sys$output "p -> d"
-$       'cmd' -in f.p -inform p -outform d -out ff.d3
-$       if $severity .ne. 1 then exit 3
-$
-$
-$       write sys$output "d -> p"
-$       'cmd' -in f.d -inform d -outform p -out ff.p1
-$       if $severity .ne. 1 then exit 3
-$       write sys$output "p -> p"
-$       'cmd' -in f.p -inform p -outform p -out ff.p3
-$       if $severity .ne. 1 then exit 3
-$
-$       backup/compare fff.p f.p
-$       if $severity .ne. 1 then exit 3
-$       backup/compare fff.p ff.p1
-$       if $severity .ne. 1 then exit 3
-$       backup/compare fff.p ff.p3
-$       if $severity .ne. 1 then exit 3
-$
-$       backup/compare f.p ff.p1
-$       if $severity .ne. 1 then exit 3
-$       backup/compare f.p ff.p3
-$       if $severity .ne. 1 then exit 3
-$
-$       delete f.*;*,ff.*;*,fff.*;*
diff --git a/src/lib/libssl/test/tpkcs7d.com b/src/lib/libssl/test/tpkcs7d.com
deleted file mode 100644
index eea8c888ee..0000000000
--- a/src/lib/libssl/test/tpkcs7d.com
+++ /dev/null
@@ -1,52 +0,0 @@
-$! TPKCS7.COM  --  Tests pkcs7 keys
-$
-$       __arch = "VAX"
-$       if f$getsyi("cpu") .ge. 128 then -
-           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$       if __arch .eqs. "" then __arch = "UNK"
-$!
-$       if (p2 .eqs. "64") then __arch = __arch+ "_64"
-$!
-$       exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
-$
-$       cmd = "mcr ''exe_dir'openssl pkcs7"
-$
-$       t = "pkcs7-1.pem"
-$       if p1 .nes. "" then t = p1
-$
-$       write sys$output "testing PKCS7 conversions (2)"
-$       if f$search("fff.*") .nes "" then delete fff.*;*
-$       if f$search("ff.*") .nes "" then delete ff.*;*
-$       if f$search("f.*") .nes "" then delete f.*;*
-$       convert/fdl=sys$input: 't' fff.p
-RECORD
-        FORMAT STREAM_LF
-$
-$       write sys$output "p -> d"
-$       'cmd' -in fff.p -inform p -outform d -out f.d
-$       if $severity .ne. 1 then exit 3
-$       write sys$output "p -> p"
-$       'cmd' -in fff.p -inform p -outform p -out f.p
-$       if $severity .ne. 1 then exit 3
-$
-$       write sys$output "d -> d"
-$       'cmd' -in f.d -inform d -outform d -out ff.d1
-$       if $severity .ne. 1 then exit 3
-$       write sys$output "p -> d"
-$       'cmd' -in f.p -inform p -outform d -out ff.d3
-$       if $severity .ne. 1 then exit 3
-$
-$
-$       write sys$output "d -> p"
-$       'cmd' -in f.d -inform d -outform p -out ff.p1
-$       if $severity .ne. 1 then exit 3
-$       write sys$output "p -> p"
-$       'cmd' -in f.p -inform p -outform p -out ff.p3
-$       if $severity .ne. 1 then exit 3
-$
-$       backup/compare f.p ff.p1
-$       if $severity .ne. 1 then exit 3
-$       backup/compare f.p ff.p3
-$       if $severity .ne. 1 then exit 3
-$
-$       delete f.*;*,ff.*;*,fff.*;*
diff --git a/src/lib/libssl/test/treq.com b/src/lib/libssl/test/treq.com
deleted file mode 100644
index acf08b79ef..0000000000
--- a/src/lib/libssl/test/treq.com
+++ /dev/null
@@ -1,88 +0,0 @@
-$! TREQ.COM  --  Tests req keys
-$
-$       __arch = "VAX"
-$       if f$getsyi("cpu") .ge. 128 then -
-           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$       if __arch .eqs. "" then __arch = "UNK"
-$!
-$       if (p2 .eqs. "64") then __arch = __arch+ "_64"
-$!
-$       exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
-$
-$       cmd = "mcr ''exe_dir'openssl req -config [-.apps]openssl-vms.cnf"
-$
-$       t = "testreq.pem"
-$       if p1 .nes. "" then t = p1
-$
-$       write sys$output "testing req conversions"
-$       if f$search("fff.*") .nes "" then delete fff.*;*
-$       if f$search("ff.*") .nes "" then delete ff.*;*
-$       if f$search("f.*") .nes "" then delete f.*;*
-$       convert/fdl=sys$input: 't' fff.p
-RECORD
-        FORMAT STREAM_LF
-$
-$       write sys$output "p -> d"
-$       'cmd' -in fff.p -inform p -outform d -out f.d
-$       if $severity .ne. 1 then exit 3
-$!      write sys$output "p -> t"
-$!      'cmd' -in fff.p -inform p -outform t -out f.t
-$!      if $severity .ne. 1 then exit 3
-$       write sys$output "p -> p"
-$       'cmd' -in fff.p -inform p -outform p -out f.p
-$       if $severity .ne. 1 then exit 3
-$
-$       write sys$output "d -> d"
-$       'cmd' -verify -in f.d -inform d -outform d -out ff.d1
-$       if $severity .ne. 1 then exit 3
-$!      write sys$output "t -> d"
-$!      'cmd' -verify -in f.t -inform t -outform d -out ff.d2
-$!      if $severity .ne. 1 then exit 3
-$       write sys$output "p -> d"
-$       'cmd' -verify -in f.p -inform p -outform d -out ff.d3
-$       if $severity .ne. 1 then exit 3
-$
-$!      write sys$output "d -> t"
-$!      'cmd' -in f.d -inform d -outform t -out ff.t1
-$!      if $severity .ne. 1 then exit 3
-$!      write sys$output "t -> t"
-$!      'cmd' -in f.t -inform t -outform t -out ff.t2
-$!      if $severity .ne. 1 then exit 3
-$!      write sys$output "p -> t"
-$!      'cmd' -in f.p -inform p -outform t -out ff.t3
-$!      if $severity .ne. 1 then exit 3
-$
-$       write sys$output "d -> p"
-$       'cmd' -in f.d -inform d -outform p -out ff.p1
-$       if $severity .ne. 1 then exit 3
-$!      write sys$output "t -> p"
-$!      'cmd' -in f.t -inform t -outform p -out ff.p2
-$!      if $severity .ne. 1 then exit 3
-$       write sys$output "p -> p"
-$       'cmd' -in f.p -inform p -outform p -out ff.p3
-$       if $severity .ne. 1 then exit 3
-$
-$       backup/compare fff.p f.p
-$       if $severity .ne. 1 then exit 3
-$       backup/compare fff.p ff.p1
-$       if $severity .ne. 1 then exit 3
-$!      backup/compare fff.p ff.p2
-$!      if $severity .ne. 1 then exit 3
-$       backup/compare fff.p ff.p3
-$       if $severity .ne. 1 then exit 3
-$
-$!      backup/compare f.t ff.t1
-$!      if $severity .ne. 1 then exit 3
-$!      backup/compare f.t ff.t2
-$!      if $severity .ne. 1 then exit 3
-$!      backup/compare f.t ff.t3
-$!      if $severity .ne. 1 then exit 3
-$
-$       backup/compare f.p ff.p1
-$       if $severity .ne. 1 then exit 3
-$!      backup/compare f.p ff.p2
-$!      if $severity .ne. 1 then exit 3
-$       backup/compare f.p ff.p3
-$       if $severity .ne. 1 then exit 3
-$
-$       delete f.*;*,ff.*;*,fff.*;*
diff --git a/src/lib/libssl/test/trsa.com b/src/lib/libssl/test/trsa.com
deleted file mode 100644
index 54180843ee..0000000000
--- a/src/lib/libssl/test/trsa.com
+++ /dev/null
@@ -1,99 +0,0 @@
-$! TRSA.COM  --  Tests rsa keys
-$
-$       __arch = "VAX"
-$       if f$getsyi("cpu") .ge. 128 then -
-           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$       if __arch .eqs. "" then __arch = "UNK"
-$!
-$       if (p2 .eqs. "64") then __arch = __arch+ "_64"
-$!
-$       exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
-$
-$       set noon
-$       define/user sys$output nla0:
-$       mcr 'exe_dir'openssl no-rsa
-$       save_severity=$SEVERITY
-$       set on
-$       if save_severity
-$       then
-$           write sys$output "skipping RSA conversion test"
-$           exit
-$       endif
-$
-$       cmd = "mcr ''exe_dir'openssl rsa"
-$
-$       t = "testrsa.pem"
-$       if p1 .nes. "" then t = p1
-$
-$       write sys$output "testing RSA conversions"
-$       if f$search("fff.*") .nes "" then delete fff.*;*
-$       if f$search("ff.*") .nes "" then delete ff.*;*
-$       if f$search("f.*") .nes "" then delete f.*;*
-$       convert/fdl=sys$input: 't' fff.p
-RECORD
-        FORMAT STREAM_LF
-$
-$       write sys$output "p -> d"
-$       'cmd' -in fff.p -inform p -outform d -out f.d
-$       if $severity .ne. 1 then exit 3
-$!      write sys$output "p -> t"
-$!      'cmd' -in fff.p -inform p -outform t -out f.t
-$!      if $severity .ne. 1 then exit 3
-$       write sys$output "p -> p"
-$       'cmd' -in fff.p -inform p -outform p -out f.p
-$       if $severity .ne. 1 then exit 3
-$
-$       write sys$output "d -> d"
-$       'cmd' -in f.d -inform d -outform d -out ff.d1
-$       if $severity .ne. 1 then exit 3
-$!      write sys$output "t -> d"
-$!      'cmd' -in f.t -inform t -outform d -out ff.d2
-$!      if $severity .ne. 1 then exit 3
-$       write sys$output "p -> d"
-$       'cmd' -in f.p -inform p -outform d -out ff.d3
-$       if $severity .ne. 1 then exit 3
-$
-$!      write sys$output "d -> t"
-$!      'cmd' -in f.d -inform d -outform t -out ff.t1
-$!      if $severity .ne. 1 then exit 3
-$!      write sys$output "t -> t"
-$!      'cmd' -in f.t -inform t -outform t -out ff.t2
-$!      if $severity .ne. 1 then exit 3
-$!      write sys$output "p -> t"
-$!      'cmd' -in f.p -inform p -outform t -out ff.t3
-$!      if $severity .ne. 1 then exit 3
-$
-$       write sys$output "d -> p"
-$       'cmd' -in f.d -inform d -outform p -out ff.p1
-$       if $severity .ne. 1 then exit 3
-$!      write sys$output "t -> p"
-$!      'cmd' -in f.t -inform t -outform p -out ff.p2
-$!      if $severity .ne. 1 then exit 3
-$       write sys$output "p -> p"
-$       'cmd' -in f.p -inform p -outform p -out ff.p3
-$       if $severity .ne. 1 then exit 3
-$
-$       backup/compare fff.p f.p
-$       if $severity .ne. 1 then exit 3
-$       backup/compare fff.p ff.p1
-$       if $severity .ne. 1 then exit 3
-$!      backup/compare fff.p ff.p2
-$!      if $severity .ne. 1 then exit 3
-$       backup/compare fff.p ff.p3
-$       if $severity .ne. 1 then exit 3
-$
-$!      backup/compare f.t ff.t1
-$!      if $severity .ne. 1 then exit 3
-$!      backup/compare f.t ff.t2
-$!      if $severity .ne. 1 then exit 3
-$!      backup/compare f.t ff.t3
-$!      if $severity .ne. 1 then exit 3
-$
-$       backup/compare f.p ff.p1
-$       if $severity .ne. 1 then exit 3
-$!      backup/compare f.p ff.p2
-$!      if $severity .ne. 1 then exit 3
-$       backup/compare f.p ff.p3
-$       if $severity .ne. 1 then exit 3
-$
-$       delete f.*;*,ff.*;*,fff.*;*
diff --git a/src/lib/libssl/test/tsid.com b/src/lib/libssl/test/tsid.com
deleted file mode 100644
index b6c4e49473..0000000000
--- a/src/lib/libssl/test/tsid.com
+++ /dev/null
@@ -1,88 +0,0 @@
-$! TSID.COM  --  Tests sid keys
-$
-$       __arch = "VAX"
-$       if f$getsyi("cpu") .ge. 128 then -
-           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$       if __arch .eqs. "" then __arch = "UNK"
-$!
-$       if (p2 .eqs. "64") then __arch = __arch+ "_64"
-$!
-$       exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
-$
-$       cmd = "mcr ''exe_dir'openssl sess_id"
-$
-$       t = "testsid.pem"
-$       if p1 .nes. "" then t = p1
-$
-$       write sys$output "testing session-id conversions"
-$       if f$search("fff.*") .nes "" then delete fff.*;*
-$       if f$search("ff.*") .nes "" then delete ff.*;*
-$       if f$search("f.*") .nes "" then delete f.*;*
-$       convert/fdl=sys$input: 't' fff.p
-RECORD
-        FORMAT STREAM_LF
-$
-$       write sys$output "p -> d"
-$       'cmd' -in fff.p -inform p -outform d -out f.d
-$       if $severity .ne. 1 then exit 3
-$!      write sys$output "p -> t"
-$!      'cmd' -in fff.p -inform p -outform t -out f.t
-$!      if $severity .ne. 1 then exit 3
-$       write sys$output "p -> p"
-$       'cmd' -in fff.p -inform p -outform p -out f.p
-$       if $severity .ne. 1 then exit 3
-$
-$       write sys$output "d -> d"
-$       'cmd' -in f.d -inform d -outform d -out ff.d1
-$       if $severity .ne. 1 then exit 3
-$!      write sys$output "t -> d"
-$!      'cmd' -in f.t -inform t -outform d -out ff.d2
-$!      if $severity .ne. 1 then exit 3
-$       write sys$output "p -> d"
-$       'cmd' -in f.p -inform p -outform d -out ff.d3
-$       if $severity .ne. 1 then exit 3
-$
-$!      write sys$output "d -> t"
-$!      'cmd' -in f.d -inform d -outform t -out ff.t1
-$!      if $severity .ne. 1 then exit 3
-$!      write sys$output "t -> t"
-$!      'cmd' -in f.t -inform t -outform t -out ff.t2
-$!      if $severity .ne. 1 then exit 3
-$!      write sys$output "p -> t"
-$!      'cmd' -in f.p -inform p -outform t -out ff.t3
-$!      if $severity .ne. 1 then exit 3
-$
-$       write sys$output "d -> p"
-$       'cmd' -in f.d -inform d -outform p -out ff.p1
-$       if $severity .ne. 1 then exit 3
-$!      write sys$output "t -> p"
-$!      'cmd' -in f.t -inform t -outform p -out ff.p2
-$!      if $severity .ne. 1 then exit 3
-$       write sys$output "p -> p"
-$       'cmd' -in f.p -inform p -outform p -out ff.p3
-$       if $severity .ne. 1 then exit 3
-$
-$       backup/compare fff.p f.p
-$       if $severity .ne. 1 then exit 3
-$       backup/compare fff.p ff.p1
-$       if $severity .ne. 1 then exit 3
-$!      backup/compare fff.p ff.p2
-$!      if $severity .ne. 1 then exit 3
-$       backup/compare fff.p ff.p3
-$       if $severity .ne. 1 then exit 3
-$
-$!      backup/compare f.t ff.t1
-$!      if $severity .ne. 1 then exit 3
-$!      backup/compare f.t ff.t2
-$!      if $severity .ne. 1 then exit 3
-$!      backup/compare f.t ff.t3
-$!      if $severity .ne. 1 then exit 3
-$
-$       backup/compare f.p ff.p1
-$       if $severity .ne. 1 then exit 3
-$!      backup/compare f.p ff.p2
-$!      if $severity .ne. 1 then exit 3
-$       backup/compare f.p ff.p3
-$       if $severity .ne. 1 then exit 3
-$
-$       delete f.*;*,ff.*;*,fff.*;*
diff --git a/src/lib/libssl/test/tverify.com b/src/lib/libssl/test/tverify.com
deleted file mode 100644
index d888344637..0000000000
--- a/src/lib/libssl/test/tverify.com
+++ /dev/null
@@ -1,65 +0,0 @@
-$! TVERIFY.COM
-$
-$       __arch = "VAX"
-$       if f$getsyi("cpu") .ge. 128 then -
-           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$       if __arch .eqs. "" then __arch = "UNK"
-$!
-$       if (p1 .eqs. "64") then __arch = __arch+ "_64"
-$!
-$       line_max = 255 ! Could be longer on modern non-VAX.
-$       temp_file_name = "certs_"+ f$getjpi( "", "PID")+ ".tmp"
-$       exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
-$       cmd = "mcr ''exe_dir'openssl verify ""-CAfile"" ''temp_file_name'"
-$       cmd_len = f$length( cmd)
-$       pems = "[-.certs...]*.pem"
-$!
-$!      Concatenate all the certificate files.
-$!
-$       copy /concatenate 'pems' 'temp_file_name'
-$!
-$!      Loop through all the certificate files.
-$!
-$       args = ""
-$       old_f = ""
-$ loop_file: 
-$           f = f$search( pems)
-$           if ((f .nes. "") .and. (f .nes. old_f))
-$           then
-$             old_f = f
-$!
-$!            If this file name would over-extend the command line, then
-$!            run the command now.
-$!
-$             if (cmd_len+ f$length( args)+ 1+ f$length( f) .gt. line_max)
-$             then
-$                if (args .eqs. "") then goto disaster
-$                'cmd''args'
-$                args = ""
-$             endif
-$!            Add the next file to the argument list.
-$             args = args+ " "+ f
-$          else
-$!            No more files in the list
-$             goto loop_file_end
-$          endif
-$       goto loop_file
-$       loop_file_end:
-$!
-$!      Run the command for any left-over arguments.
-$!
-$       if (args .nes. "")
-$       then
-$          'cmd''args'
-$       endif
-$!
-$!      Delete the temporary file.
-$!
-$       if (f$search( "''temp_file_name';*") .nes. "") then -
-         delete 'temp_file_name';*
-$!
-$       exit
-$!
-$       disaster:
-$       write sys$output "   Command line too long.  Doomed."
-$!
diff --git a/src/lib/libssl/test/tx509.com b/src/lib/libssl/test/tx509.com
deleted file mode 100644
index 93ce988b41..0000000000
--- a/src/lib/libssl/test/tx509.com
+++ /dev/null
@@ -1,88 +0,0 @@
-$! TX509.COM  --  Tests x509 certificates
-$
-$       __arch = "VAX"
-$       if f$getsyi("cpu") .ge. 128 then -
-           __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$       if __arch .eqs. "" then __arch = "UNK"
-$!
-$       if (p2 .eqs. "64") then __arch = __arch+ "_64"
-$!
-$       exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
-$
-$       cmd = "mcr ''exe_dir'openssl x509"
-$
-$       t = "testx509.pem"
-$       if p1 .nes. "" then t = p1
-$
-$       write sys$output "testing X509 conversions"
-$       if f$search("fff.*") .nes "" then delete fff.*;*
-$       if f$search("ff.*") .nes "" then delete ff.*;*
-$       if f$search("f.*") .nes "" then delete f.*;*
-$       convert/fdl=sys$input: 't' fff.p
-RECORD
-        FORMAT STREAM_LF
-$
-$       write sys$output "p -> d"
-$       'cmd' -in fff.p -inform p -outform d -out f.d
-$       if $severity .ne. 1 then exit 3
-$       write sys$output "p -> n"
-$       'cmd' -in fff.p -inform p -outform n -out f.n
-$       if $severity .ne. 1 then exit 3
-$       write sys$output "p -> p"
-$       'cmd' -in fff.p -inform p -outform p -out f.p
-$       if $severity .ne. 1 then exit 3
-$
-$       write sys$output "d -> d"
-$       'cmd' -in f.d -inform d -outform d -out ff.d1
-$       if $severity .ne. 1 then exit 3
-$       write sys$output "n -> d"
-$       'cmd' -in f.n -inform n -outform d -out ff.d2
-$       if $severity .ne. 1 then exit 3
-$       write sys$output "p -> d"
-$       'cmd' -in f.p -inform p -outform d -out ff.d3
-$       if $severity .ne. 1 then exit 3
-$
-$       write sys$output "d -> n"
-$       'cmd' -in f.d -inform d -outform n -out ff.n1
-$       if $severity .ne. 1 then exit 3
-$       write sys$output "n -> n"
-$       'cmd' -in f.n -inform n -outform n -out ff.n2
-$       if $severity .ne. 1 then exit 3
-$       write sys$output "p -> n"
-$       'cmd' -in f.p -inform p -outform n -out ff.n3
-$       if $severity .ne. 1 then exit 3
-$
-$       write sys$output "d -> p"
-$       'cmd' -in f.d -inform d -outform p -out ff.p1
-$       if $severity .ne. 1 then exit 3
-$       write sys$output "n -> p"
-$       'cmd' -in f.n -inform n -outform p -out ff.p2
-$       if $severity .ne. 1 then exit 3
-$       write sys$output "p -> p"
-$       'cmd' -in f.p -inform p -outform p -out ff.p3
-$       if $severity .ne. 1 then exit 3
-$
-$       backup/compare fff.p f.p
-$       if $severity .ne. 1 then exit 3
-$       backup/compare fff.p ff.p1
-$       if $severity .ne. 1 then exit 3
-$       backup/compare fff.p ff.p2
-$       if $severity .ne. 1 then exit 3
-$       backup/compare fff.p ff.p3
-$       if $severity .ne. 1 then exit 3
-$
-$       backup/compare f.n ff.n1
-$       if $severity .ne. 1 then exit 3
-$       backup/compare f.n ff.n2
-$       if $severity .ne. 1 then exit 3
-$       backup/compare f.n ff.n3
-$       if $severity .ne. 1 then exit 3
-$
-$       backup/compare f.p ff.p1
-$       if $severity .ne. 1 then exit 3
-$       backup/compare f.p ff.p2
-$       if $severity .ne. 1 then exit 3
-$       backup/compare f.p ff.p3
-$       if $severity .ne. 1 then exit 3
-$
-$       delete f.*;*,ff.*;*,fff.*;*
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
index c39c267f0b..c992091e30 100644
--- a/src/lib/libssl/tls1.h
+++ b/src/lib/libssl/tls1.h
@@ -230,6 +230,12 @@ extern "C" {
 /* ExtensionType value from RFC5620 */
 #define TLSEXT_TYPE_heartbeat   15
 
+/* ExtensionType value for TLS padding extension.
+ * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
+ * http://tools.ietf.org/html/draft-agl-tls-padding-03
+ */
+#define TLSEXT_TYPE_padding     21
+
 /* ExtensionType value from RFC4507 */
 #define TLSEXT_TYPE_session_ticket              35