Upgrade to 0.9.8r.

Build in Win32.
2025-05-19 06:02:29 +00:00 · 2011-08-20 06:05:08 +01:00 · 2011-08-20 06:05:08 +01:00 · 0110c90382
commit 0110c90382
parent e80cac6225
113 changed files with 1119 additions and 652 deletions
--- a/deps/openssl/config/piii/openssl/opensslconf-posix.h
+++ b/deps/openssl/config/piii/openssl/opensslconf-posix.h
@ -0,0 +1,278 @@
 /* opensslconf.h */
 /* WARNING: Generated automatically from opensslconf.h.in by Configure. */
 /* OpenSSL was configured with the following options: */
 #ifndef OPENSSL_DOING_MAKEDEPEND
 #ifndef OPENSSL_NO_CAMELLIA
 # define OPENSSL_NO_CAMELLIA
 #endif
 #ifndef OPENSSL_NO_CAPIENG
 # define OPENSSL_NO_CAPIENG
 #endif
 #ifndef OPENSSL_NO_CMS
 # define OPENSSL_NO_CMS
 #endif
 #ifndef OPENSSL_NO_FIPS
 # define OPENSSL_NO_FIPS
 #endif
 #ifndef OPENSSL_NO_GMP
 # define OPENSSL_NO_GMP
 #endif
 #ifndef OPENSSL_NO_IDEA
 # define OPENSSL_NO_IDEA
 #endif
 #ifndef OPENSSL_NO_JPAKE
 # define OPENSSL_NO_JPAKE
 #endif
 #ifndef OPENSSL_NO_KRB5
 # define OPENSSL_NO_KRB5
 #endif
 #ifndef OPENSSL_NO_MDC2
 # define OPENSSL_NO_MDC2
 #endif
 #ifndef OPENSSL_NO_RC5
 # define OPENSSL_NO_RC5
 #endif
 #ifndef OPENSSL_NO_RFC3779
 # define OPENSSL_NO_RFC3779
 #endif
 #ifndef OPENSSL_NO_SEED
 # define OPENSSL_NO_SEED
 #endif
 #ifndef OPENSSL_NO_ASM
 # define OPENSSL_NO_ASM
 #endif
 #endif /* OPENSSL_DOING_MAKEDEPEND */
 #ifndef OPENSSL_THREADS
 # define OPENSSL_THREADS
 #endif
 #ifndef OPENSSL_NO_DYNAMIC_ENGINE
 # define OPENSSL_NO_DYNAMIC_ENGINE
 #endif
 /* The OPENSSL_NO_* macros are also defined as NO_* if the application
   asks for it.  This is a transient feature that is provided for those
   who haven't had the time to do the appropriate changes in their
   applications.  */
 #ifdef OPENSSL_ALGORITHM_DEFINES
 # if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
 #  define NO_CAMELLIA
 # endif
 # if defined(OPENSSL_NO_CAPIENG) && !defined(NO_CAPIENG)
 #  define NO_CAPIENG
 # endif
 # if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)
 #  define NO_CMS
 # endif
 # if defined(OPENSSL_NO_FIPS) && !defined(NO_FIPS)
 #  define NO_FIPS
 # endif
 # if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
 #  define NO_GMP
 # endif
 # if defined(OPENSSL_NO_IDEA) && !defined(NO_IDEA)
 #  define NO_IDEA
 # endif
 # if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
 #  define NO_JPAKE
 # endif
 # if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
 #  define NO_KRB5
 # endif
 # if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2)
 #  define NO_MDC2
 # endif
 # if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
 #  define NO_RC5
 # endif
 # if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
 #  define NO_RFC3779
 # endif
 # if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
 #  define NO_SEED
 # endif
 #endif
 #define OPENSSL_CPUID_OBJ
 /* crypto/opensslconf.h.in */
 #ifdef OPENSSL_DOING_MAKEDEPEND
 /* Include any symbols here that have to be explicitly set to enable a feature
 * that should be visible to makedepend.
 *
 * [Our "make depend" doesn't actually look at this, we use actual build settings
 * instead; we want to make it easy to remove subdirectories with disabled algorithms.]
 */
 #ifndef OPENSSL_FIPS
 #define OPENSSL_FIPS
 #endif
 #endif
 /* Generate 80386 code? */
 #undef I386_ONLY
 #if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
 #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
 #define ENGINESDIR "/usr/local/ssl/lib/engines"
 #define OPENSSLDIR "/usr/local/ssl"
 #endif
 #endif
 #undef OPENSSL_UNISTD
 #define OPENSSL_UNISTD <unistd.h>
 #if !defined(SWIG)
 #include <unistd.h>
 #endif
 #undef OPENSSL_EXPORT_VAR_AS_FUNCTION
 #if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
 #define IDEA_INT unsigned int
 #endif
 #if defined(HEADER_MD2_H) && !defined(MD2_INT)
 #define MD2_INT unsigned int
 #endif
 #if defined(HEADER_RC2_H) && !defined(RC2_INT)
 /* I need to put in a mod for the alpha - eay */
 #define RC2_INT unsigned int
 #endif
 #if defined(HEADER_RC4_H)
 #if !defined(RC4_INT)
 /* using int types make the structure larger but make the code faster
 * on most boxes I have tested - up to %20 faster. */
 /*
 * I don't know what does "most" mean, but declaring "int" is a must on:
 * - Intel P6 because partial register stalls are very expensive;
 * - elder Alpha because it lacks byte load/store instructions;
 */
 #define RC4_INT unsigned int
 #endif
 #if !defined(RC4_CHUNK)
 /*
 * This enables code handling data aligned at natural CPU word
 * boundary. See crypto/rc4/rc4_enc.c for further details.
 */
 #undef RC4_CHUNK
 #endif
 #endif
 #if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
 /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
 * %20 speed up (longs are 8 bytes, int's are 4). */
 #ifndef DES_LONG
 #define DES_LONG unsigned long
 #endif
 #endif
 #if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
 #define CONFIG_HEADER_BN_H
 #define BN_LLONG
 /* Should we define BN_DIV2W here? */
 /* Only one for the following should be defined */
 /* The prime number generation stuff may not work when
 * EIGHT_BIT but I don't care since I've only used this mode
 * for debuging the bignum libraries */
 #undef SIXTY_FOUR_BIT_LONG
 #undef SIXTY_FOUR_BIT
 #define THIRTY_TWO_BIT
 #undef SIXTEEN_BIT
 #undef EIGHT_BIT
 #endif
 #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
 #define CONFIG_HEADER_RC4_LOCL_H
 /* if this is defined data[i] is used instead of *data, this is a %20
 * speedup on x86 */
 #define RC4_INDEX
 #endif
 #if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
 #define CONFIG_HEADER_BF_LOCL_H
 #undef BF_PTR
 #endif /* HEADER_BF_LOCL_H */
 #if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
 #define CONFIG_HEADER_DES_LOCL_H
 #ifndef DES_DEFAULT_OPTIONS
 /* the following is tweaked from a config script, that is why it is a
 * protected undef/define */
 #ifndef DES_PTR
 #define DES_PTR
 #endif
 /* This helps C compiler generate the correct code for multiple functional
 * units.  It reduces register dependancies at the expense of 2 more
 * registers */
 #ifndef DES_RISC1
 #define DES_RISC1
 #endif
 #ifndef DES_RISC2
 #undef DES_RISC2
 #endif
 #if defined(DES_RISC1) && defined(DES_RISC2)
 YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
 #endif
 /* Unroll the inner loop, this sometimes helps, sometimes hinders.
 * Very mucy CPU dependant */
 #ifndef DES_UNROLL
 #define DES_UNROLL
 #endif
 /* These default values were supplied by
 * Peter Gutman <pgut001@cs.auckland.ac.nz>
 * They are only used if nothing else has been defined */
 #if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
 /* Special defines which change the way the code is built depending on the
   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
   even newer MIPS CPU's, but at the moment one size fits all for
   optimization options.  Older Sparc's work better with only UNROLL, but
   there's no way to tell at compile time what it is you're running on */
 #if defined( sun )		/* Newer Sparc's */
 #  define DES_PTR
 #  define DES_RISC1
 #  define DES_UNROLL
 #elif defined( __ultrix )	/* Older MIPS */
 #  define DES_PTR
 #  define DES_RISC2
 #  define DES_UNROLL
 #elif defined( __osf1__ )	/* Alpha */
 #  define DES_PTR
 #  define DES_RISC2
 #elif defined ( _AIX )		/* RS6000 */
  /* Unknown */
 #elif defined( __hpux )		/* HP-PA */
  /* Unknown */
 #elif defined( __aux )		/* 68K */
  /* Unknown */
 #elif defined( __dgux )		/* 88K (but P6 in latest boxes) */
 #  define DES_UNROLL
 #elif defined( __sgi )		/* Newer MIPS */
 #  define DES_PTR
 #  define DES_RISC2
 #  define DES_UNROLL
 #elif defined(i386) || defined(__i386__)	/* x86 boxes, should be gcc */
 #  define DES_PTR
 #  define DES_RISC1
 #  define DES_UNROLL
 #endif /* Systems-specific speed defines */
 #endif
 #endif /* DES_DEFAULT_OPTIONS */
 #endif /* HEADER_DES_LOCL_H */
--- a/deps/openssl/config/piii/openssl/opensslconf-win32.h
+++ b/deps/openssl/config/piii/openssl/opensslconf-win32.h
@ -0,0 +1,279 @@
 /* opensslconf.h */
 /* WARNING: Generated automatically from opensslconf.h.in by Configure. */
 /* OpenSSL was configured with the following options: */
 #ifndef OPENSSL_SYSNAME_WIN32
 # define OPENSSL_SYSNAME_WIN32
 #endif
 #ifndef OPENSSL_DOING_MAKEDEPEND
 #ifndef OPENSSL_NO_CAMELLIA
 # define OPENSSL_NO_CAMELLIA
 #endif
 #ifndef OPENSSL_NO_CAPIENG
 # define OPENSSL_NO_CAPIENG
 #endif
 #ifndef OPENSSL_NO_CMS
 # define OPENSSL_NO_CMS
 #endif
 #ifndef OPENSSL_NO_FIPS
 # define OPENSSL_NO_FIPS
 #endif
 #ifndef OPENSSL_NO_GMP
 # define OPENSSL_NO_GMP
 #endif
 #ifndef OPENSSL_NO_IDEA
 # define OPENSSL_NO_IDEA
 #endif
 #ifndef OPENSSL_NO_JPAKE
 # define OPENSSL_NO_JPAKE
 #endif
 #ifndef OPENSSL_NO_KRB5
 # define OPENSSL_NO_KRB5
 #endif
 #ifndef OPENSSL_NO_MDC2
 # define OPENSSL_NO_MDC2
 #endif
 #ifndef OPENSSL_NO_RC5
 # define OPENSSL_NO_RC5
 #endif
 #ifndef OPENSSL_NO_RFC3779
 # define OPENSSL_NO_RFC3779
 #endif
 #ifndef OPENSSL_NO_SEED
 # define OPENSSL_NO_SEED
 #endif
 #ifndef OPENSSL_NO_ASM
 # define OPENSSL_NO_ASM
 #endif
 #endif /* OPENSSL_DOING_MAKEDEPEND */
 #ifndef OPENSSL_THREADS
 # define OPENSSL_THREADS
 #endif
 #ifndef OPENSSL_NO_DYNAMIC_ENGINE
 # define OPENSSL_NO_DYNAMIC_ENGINE
 #endif
 /* The OPENSSL_NO_* macros are also defined as NO_* if the application
   asks for it.  This is a transient feature that is provided for those
   who haven't had the time to do the appropriate changes in their
   applications.  */
 #ifdef OPENSSL_ALGORITHM_DEFINES
 # if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
 #  define NO_CAMELLIA
 # endif
 # if defined(OPENSSL_NO_CAPIENG) && !defined(NO_CAPIENG)
 #  define NO_CAPIENG
 # endif
 # if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)
 #  define NO_CMS
 # endif
 # if defined(OPENSSL_NO_FIPS) && !defined(NO_FIPS)
 #  define NO_FIPS
 # endif
 # if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
 #  define NO_GMP
 # endif
 # if defined(OPENSSL_NO_IDEA) && !defined(NO_IDEA)
 #  define NO_IDEA
 # endif
 # if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
 #  define NO_JPAKE
 # endif
 # if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
 #  define NO_KRB5
 # endif
 # if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2)
 #  define NO_MDC2
 # endif
 # if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
 #  define NO_RC5
 # endif
 # if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
 #  define NO_RFC3779
 # endif
 # if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
 #  define NO_SEED
 # endif
 #endif
 #define OPENSSL_CPUID_OBJ
 /* crypto/opensslconf.h.in */
 #ifdef OPENSSL_DOING_MAKEDEPEND
 /* Include any symbols here that have to be explicitly set to enable a feature
 * that should be visible to makedepend.
 *
 * [Our "make depend" doesn't actually look at this, we use actual build settings
 * instead; we want to make it easy to remove subdirectories with disabled algorithms.]
 */
 #ifndef OPENSSL_FIPS
 #define OPENSSL_FIPS
 #endif
 #endif
 /* Generate 80386 code? */
 #undef I386_ONLY
 #if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
 #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
 #define ENGINESDIR "ssl/lib/engines"
 #define OPENSSLDIR "ssl"
 #endif
 #endif
 #undef OPENSSL_UNISTD
 #define OPENSSL_UNISTD <unistd.h>
 #undef OPENSSL_EXPORT_VAR_AS_FUNCTION
 #define OPENSSL_EXPORT_VAR_AS_FUNCTION
 #if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
 #define IDEA_INT unsigned int
 #endif
 #if defined(HEADER_MD2_H) && !defined(MD2_INT)
 #define MD2_INT unsigned int
 #endif
 #if defined(HEADER_RC2_H) && !defined(RC2_INT)
 /* I need to put in a mod for the alpha - eay */
 #define RC2_INT unsigned int
 #endif
 #if defined(HEADER_RC4_H)
 #if !defined(RC4_INT)
 /* using int types make the structure larger but make the code faster
 * on most boxes I have tested - up to %20 faster. */
 /*
 * I don't know what does "most" mean, but declaring "int" is a must on:
 * - Intel P6 because partial register stalls are very expensive;
 * - elder Alpha because it lacks byte load/store instructions;
 */
 #define RC4_INT unsigned int
 #endif
 #if !defined(RC4_CHUNK)
 /*
 * This enables code handling data aligned at natural CPU word
 * boundary. See crypto/rc4/rc4_enc.c for further details.
 */
 #undef RC4_CHUNK
 #endif
 #endif
 #if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
 /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
 * %20 speed up (longs are 8 bytes, int's are 4). */
 #ifndef DES_LONG
 #define DES_LONG unsigned long
 #endif
 #endif
 #if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
 #define CONFIG_HEADER_BN_H
 #define BN_LLONG
 /* Should we define BN_DIV2W here? */
 /* Only one for the following should be defined */
 /* The prime number generation stuff may not work when
 * EIGHT_BIT but I don't care since I've only used this mode
 * for debuging the bignum libraries */
 #undef SIXTY_FOUR_BIT_LONG
 #undef SIXTY_FOUR_BIT
 #define THIRTY_TWO_BIT
 #undef SIXTEEN_BIT
 #undef EIGHT_BIT
 #endif
 #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
 #define CONFIG_HEADER_RC4_LOCL_H
 /* if this is defined data[i] is used instead of *data, this is a %20
 * speedup on x86 */
 #define RC4_INDEX
 #endif
 #if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
 #define CONFIG_HEADER_BF_LOCL_H
 #undef BF_PTR
 #endif /* HEADER_BF_LOCL_H */
 #if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
 #define CONFIG_HEADER_DES_LOCL_H
 #ifndef DES_DEFAULT_OPTIONS
 /* the following is tweaked from a config script, that is why it is a
 * protected undef/define */
 #ifndef DES_PTR
 #undef DES_PTR
 #endif
 /* This helps C compiler generate the correct code for multiple functional
 * units.  It reduces register dependancies at the expense of 2 more
 * registers */
 #ifndef DES_RISC1
 #undef DES_RISC1
 #endif
 #ifndef DES_RISC2
 #undef DES_RISC2
 #endif
 #if defined(DES_RISC1) && defined(DES_RISC2)
 YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
 #endif
 /* Unroll the inner loop, this sometimes helps, sometimes hinders.
 * Very mucy CPU dependant */
 #ifndef DES_UNROLL
 #undef DES_UNROLL
 #endif
 /* These default values were supplied by
 * Peter Gutman <pgut001@cs.auckland.ac.nz>
 * They are only used if nothing else has been defined */
 #if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
 /* Special defines which change the way the code is built depending on the
   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
   even newer MIPS CPU's, but at the moment one size fits all for
   optimization options.  Older Sparc's work better with only UNROLL, but
   there's no way to tell at compile time what it is you're running on */
 #if defined( sun )		/* Newer Sparc's */
 #  define DES_PTR
 #  define DES_RISC1
 #  define DES_UNROLL
 #elif defined( __ultrix )	/* Older MIPS */
 #  define DES_PTR
 #  define DES_RISC2
 #  define DES_UNROLL
 #elif defined( __osf1__ )	/* Alpha */
 #  define DES_PTR
 #  define DES_RISC2
 #elif defined ( _AIX )		/* RS6000 */
  /* Unknown */
 #elif defined( __hpux )		/* HP-PA */
  /* Unknown */
 #elif defined( __aux )		/* 68K */
  /* Unknown */
 #elif defined( __dgux )		/* 88K (but P6 in latest boxes) */
 #  define DES_UNROLL
 #elif defined( __sgi )		/* Newer MIPS */
 #  define DES_PTR
 #  define DES_RISC2
 #  define DES_UNROLL
 #elif defined(i386) || defined(__i386__)	/* x86 boxes, should be gcc */
 #  define DES_PTR
 #  define DES_RISC1
 #  define DES_UNROLL
 #endif /* Systems-specific speed defines */
 #endif
 #endif /* DES_DEFAULT_OPTIONS */
 #endif /* HEADER_DES_LOCL_H */
--- a/deps/openssl/config/piii/openssl/opensslconf.h
+++ b/deps/openssl/config/piii/openssl/opensslconf.h
@ -1,278 +1,5 @@
-/* opensslconf.h */
+#ifdef WIN32
-/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+#include "opensslconf-win32.h"
-
+#else
-/* OpenSSL was configured with the following options: */
+#include "opensslconf-posix.h"
 #ifndef OPENSSL_DOING_MAKEDEPEND
 #ifndef OPENSSL_NO_CAMELLIA
 # define OPENSSL_NO_CAMELLIA
 #endif
 #ifndef OPENSSL_NO_CAPIENG
 # define OPENSSL_NO_CAPIENG
 #endif
 #ifndef OPENSSL_NO_CMS
 # define OPENSSL_NO_CMS
 #endif
 #ifndef OPENSSL_NO_FIPS
 # define OPENSSL_NO_FIPS
 #endif
 #ifndef OPENSSL_NO_GMP
 # define OPENSSL_NO_GMP
 #endif
 #ifndef OPENSSL_NO_IDEA
 # define OPENSSL_NO_IDEA
 #endif
 #ifndef OPENSSL_NO_JPAKE
 # define OPENSSL_NO_JPAKE
 #endif
 #ifndef OPENSSL_NO_KRB5
 # define OPENSSL_NO_KRB5
 #endif
 #ifndef OPENSSL_NO_MDC2
 # define OPENSSL_NO_MDC2
 #endif
 #ifndef OPENSSL_NO_RC5
 # define OPENSSL_NO_RC5
 #endif
 #ifndef OPENSSL_NO_RFC3779
 # define OPENSSL_NO_RFC3779
 #endif
 #ifndef OPENSSL_NO_SEED
 # define OPENSSL_NO_SEED
 #endif
 #ifndef OPENSSL_NO_ASM
 # define OPENSSL_NO_ASM
 #endif
 #endif /* OPENSSL_DOING_MAKEDEPEND */
 #ifndef OPENSSL_THREADS
 # define OPENSSL_THREADS
 #endif
 #ifndef OPENSSL_NO_DYNAMIC_ENGINE
 # define OPENSSL_NO_DYNAMIC_ENGINE
 #endif
 /* The OPENSSL_NO_* macros are also defined as NO_* if the application
   asks for it.  This is a transient feature that is provided for those
   who haven't had the time to do the appropriate changes in their
   applications.  */
 #ifdef OPENSSL_ALGORITHM_DEFINES
 # if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
 #  define NO_CAMELLIA
 # endif
 # if defined(OPENSSL_NO_CAPIENG) && !defined(NO_CAPIENG)
 #  define NO_CAPIENG
 # endif
 # if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)
 #  define NO_CMS
 # endif
 # if defined(OPENSSL_NO_FIPS) && !defined(NO_FIPS)
 #  define NO_FIPS
 # endif
 # if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
 #  define NO_GMP
 # endif
 # if defined(OPENSSL_NO_IDEA) && !defined(NO_IDEA)
 #  define NO_IDEA
 # endif
 # if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
 #  define NO_JPAKE
 # endif
 # if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
 #  define NO_KRB5
 # endif
 # if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2)
 #  define NO_MDC2
 # endif
 # if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
 #  define NO_RC5
 # endif
 # if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
 #  define NO_RFC3779
 # endif
 # if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
 #  define NO_SEED
 # endif
 #endif
 #define OPENSSL_CPUID_OBJ
 /* crypto/opensslconf.h.in */
 #ifdef OPENSSL_DOING_MAKEDEPEND
 /* Include any symbols here that have to be explicitly set to enable a feature
 * that should be visible to makedepend.
 *
 * [Our "make depend" doesn't actually look at this, we use actual build settings
 * instead; we want to make it easy to remove subdirectories with disabled algorithms.]
 */
 #ifndef OPENSSL_FIPS
 #define OPENSSL_FIPS
 #endif
 #endif
 /* Generate 80386 code? */
 #undef I386_ONLY
 #if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
 #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
 #define ENGINESDIR "/usr/local/ssl/lib/engines"
 #define OPENSSLDIR "/usr/local/ssl"
 #endif
 #endif
 #undef OPENSSL_UNISTD
 #define OPENSSL_UNISTD <unistd.h>
 #if !defined(SWIG)
 #include <unistd.h>
 #endif
 #undef OPENSSL_EXPORT_VAR_AS_FUNCTION
 #if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
 #define IDEA_INT unsigned int
 #endif
 #if defined(HEADER_MD2_H) && !defined(MD2_INT)
 #define MD2_INT unsigned int
 #endif
 #if defined(HEADER_RC2_H) && !defined(RC2_INT)
 /* I need to put in a mod for the alpha - eay */
 #define RC2_INT unsigned int
 #endif
 #if defined(HEADER_RC4_H)
 #if !defined(RC4_INT)
 /* using int types make the structure larger but make the code faster
 * on most boxes I have tested - up to %20 faster. */
 /*
 * I don't know what does "most" mean, but declaring "int" is a must on:
 * - Intel P6 because partial register stalls are very expensive;
 * - elder Alpha because it lacks byte load/store instructions;
 */
 #define RC4_INT unsigned int
 #endif
 #if !defined(RC4_CHUNK)
 /*
 * This enables code handling data aligned at natural CPU word
 * boundary. See crypto/rc4/rc4_enc.c for further details.
 */
 #undef RC4_CHUNK
 #endif
 #endif
 #if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
 /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
 * %20 speed up (longs are 8 bytes, int's are 4). */
 #ifndef DES_LONG
 #define DES_LONG unsigned long
 #endif
 #endif
 #if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
 #define CONFIG_HEADER_BN_H
 #define BN_LLONG
 /* Should we define BN_DIV2W here? */
 /* Only one for the following should be defined */
 /* The prime number generation stuff may not work when
 * EIGHT_BIT but I don't care since I've only used this mode
 * for debuging the bignum libraries */
 #undef SIXTY_FOUR_BIT_LONG
 #undef SIXTY_FOUR_BIT
 #define THIRTY_TWO_BIT
 #undef SIXTEEN_BIT
 #undef EIGHT_BIT
 #endif
 #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
 #define CONFIG_HEADER_RC4_LOCL_H
 /* if this is defined data[i] is used instead of *data, this is a %20
 * speedup on x86 */
 #define RC4_INDEX
 #endif
 #if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
 #define CONFIG_HEADER_BF_LOCL_H
 #undef BF_PTR
 #endif /* HEADER_BF_LOCL_H */
 #if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
 #define CONFIG_HEADER_DES_LOCL_H
 #ifndef DES_DEFAULT_OPTIONS
 /* the following is tweaked from a config script, that is why it is a
 * protected undef/define */
 #ifndef DES_PTR
 #define DES_PTR
 #endif
 /* This helps C compiler generate the correct code for multiple functional
 * units.  It reduces register dependancies at the expense of 2 more
 * registers */
 #ifndef DES_RISC1
 #define DES_RISC1
 #endif
 #ifndef DES_RISC2
 #undef DES_RISC2
 #endif
 #if defined(DES_RISC1) && defined(DES_RISC2)
 YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
 #endif
 /* Unroll the inner loop, this sometimes helps, sometimes hinders.
 * Very mucy CPU dependant */
 #ifndef DES_UNROLL
 #define DES_UNROLL
 #endif
 /* These default values were supplied by
 * Peter Gutman <pgut001@cs.auckland.ac.nz>
 * They are only used if nothing else has been defined */
 #if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
 /* Special defines which change the way the code is built depending on the
   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
   even newer MIPS CPU's, but at the moment one size fits all for
   optimization options.  Older Sparc's work better with only UNROLL, but
   there's no way to tell at compile time what it is you're running on */
 #if defined( sun )		/* Newer Sparc's */
 #  define DES_PTR
 #  define DES_RISC1
 #  define DES_UNROLL
 #elif defined( __ultrix )	/* Older MIPS */
 #  define DES_PTR
 #  define DES_RISC2
 #  define DES_UNROLL
 #elif defined( __osf1__ )	/* Alpha */
 #  define DES_PTR
 #  define DES_RISC2
 #elif defined ( _AIX )		/* RS6000 */
  /* Unknown */
 #elif defined( __hpux )		/* HP-PA */
  /* Unknown */
 #elif defined( __aux )		/* 68K */
  /* Unknown */
 #elif defined( __dgux )		/* 88K (but P6 in latest boxes) */
 #  define DES_UNROLL
 #elif defined( __sgi )		/* Newer MIPS */
 #  define DES_PTR
 #  define DES_RISC2
 #  define DES_UNROLL
 #elif defined(i386) || defined(__i386__)	/* x86 boxes, should be gcc */
 #  define DES_PTR
 #  define DES_RISC1
 #  define DES_UNROLL
 #endif /* Systems-specific speed defines */
 #endif
 #endif /* DES_DEFAULT_OPTIONS */
 #endif /* HEADER_DES_LOCL_H */
--- a/deps/openssl/openssl.gyp
+++ b/deps/openssl/openssl.gyp
@ -8,17 +8,58 @@
      'target_name': 'openssl',
      'type': '<(library)',
      'defines': [
        # ENGINESDIR must be defined if OPENSSLDIR is.
        'ENGINESDIR="/dev/null"',
        'L_ENDIAN',
-        # Set to ubuntu default path for convenience. If necessary, override
+        'OPENSSLDIR="ssl"',
-        # this at runtime with the SSL_CERT_DIR environment variable.
+        'ENGINESDIR="ssl/lib/engines"',
        'OPENSSLDIR="/etc/ssl"',
        'OPENSSL_THREADS',
        'PURIFY',
        'TERMIO',
        '_REENTRANT',
      ],
      'conditions': [
        ['OS=="win"', {
          'defines': [
            'WIN32_LEAN_AND_MEAN',     # needed to avoid some name clashes that break the build.
            'MK1MF_BUILD',             # trick buildinf.h into believing that we're building from nmake
            'MK1MF_PLATFORM_VC_WIN32', # ditto
          ],
        }],
        ['OS=="mac"', {
          'defines': [
            'TERMIOS'
          ],
        }],
        ['OS=="linux"', {
          'defines': [
            'TERMIO',
          ],
        }],
        ['target_arch=="ia32"', {
          'include_dirs': [
            'config/piii',
          ],
          'direct_dependent_settings': {
            'include_dirs': [
              'openssl/include',
              'config/piii',
            ],
          },
        }
        # commented out until we have node producing 64-bit builds.
        #, {
        #  'include_dirs': [
        #    'config/k8',
        #  ],
        #  'direct_dependent_settings': {
        #    'include_dirs': [
        #      'openssl/include',
        #      'config/k8',
        #    ],
        #  },
        #}
        ],
      ],
      'copts': [
        '-w',
        '-Wno-cast-qual',
@ -588,33 +629,6 @@
        'openssl/crypto/evp',
        'openssl/include',
      ],
      'conditions': [
        ['OS=="mac"', {
          'defines!': [ 'TERMIO' ],
          'defines': [ 'TERMIOS' ],
        }],
        ['target_arch=="ia32"', {
          'include_dirs': [
            'config/piii',
          ],
          'direct_dependent_settings': {
            'include_dirs': [
              'openssl/include',
              'config/piii',
            ],
          },
        }, {
          'include_dirs': [
            'config/k8',
          ],
          'direct_dependent_settings': {
            'include_dirs': [
              'openssl/include',
              'config/k8',
            ],
          },
        }],
      ],
    },
  ],
 }
--- a/deps/openssl/openssl/ACKNOWLEDGMENTS
+++ b/deps/openssl/openssl/ACKNOWLEDGMENTS
@ -0,0 +1,25 @@
 The OpenSSL project depends on volunteer efforts and financial support from
 the end user community. That support comes in the form of donations and paid
 sponsorships, software support contracts, paid consulting services
 and commissioned software development.
 Since all these activities support the continued development and improvement
 of OpenSSL we consider all these clients and customers as sponsors of the
 OpenSSL project.
 We would like to identify and thank the following such sponsors for their past
 or current significant support of the OpenSSL project:
 Very significant support:
 	OpenGear: www.opengear.com
 Significant support:
 	PSW Group: www.psw.net
 Please note that we ask permission to identify sponsors and that some sponsors
 we consider eligible for inclusion here have requested to remain anonymous.
 Additional sponsorship or financial support is always welcome: for more
 information please contact the OpenSSL Software Foundation.
--- a/deps/openssl/openssl/CHANGES
+++ b/deps/openssl/openssl/CHANGES
@ -2,8 +2,58 @@
 OpenSSL CHANGES
 _______________
 Changes between 0.9.8q and 0.9.8r [8 Feb 2011]
  *) Fix parsing of OCSP stapling ClientHello extension.  CVE-2011-0014
     [Neel Mehta, Adam Langley, Bodo Moeller (Google)]
  *) Fix bug in string printing code: if *any* escaping is enabled we must
     escape the escape character (backslash) or the resulting string is
     ambiguous.
     [Steve Henson]
 Changes between 0.9.8p and 0.9.8q [2 Dec 2010]
  *) Disable code workaround for ancient and obsolete Netscape browsers
     and servers: an attacker can use it in a ciphersuite downgrade attack.
     Thanks to Martin Rex for discovering this bug. CVE-2010-4180
     [Steve Henson]
  *) Fixed J-PAKE implementation error, originally discovered by
     Sebastien Martini, further info and confirmation from Stefan
     Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252
     [Ben Laurie]
 Changes between 0.9.8o and 0.9.8p [16 Nov 2010]
  *) Fix extension code to avoid race conditions which can result in a buffer
     overrun vulnerability: resumed sessions must not be modified as they can
     be shared by multiple threads. CVE-2010-3864
     [Steve Henson]
  *) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
     [Steve Henson]
  *) Don't reencode certificate when calculating signature: cache and use
     the original encoding instead. This makes signature verification of
     some broken encodings work correctly.
     [Steve Henson]
  *) ec2_GF2m_simple_mul bugfix: compute correct result if the output EC_POINT
     is also one of the inputs.
     [Emilia Käsper <emilia.kasper@esat.kuleuven.be> (Google)]
  *) Don't repeatedly append PBE algorithms to table if they already exist.
     Sort table on each new add. This effectively makes the table read only
     after all algorithms are added and subsequent calls to PKCS12_pbe_add
     etc are non-op.
     [Steve Henson]
 Changes between 0.9.8n and 0.9.8o [01 Jun 2010]
  [NB: OpenSSL 0.9.8o and later 0.9.8 patch levels were released after
  OpenSSL 1.0.0.]
  *) Correct a typo in the CMS ASN1 module which can result in invalid memory
     access or freeing data twice (CVE-2010-0742)
     [Steve Henson, Ronald Moesbergen <intercommit@gmail.com>]
--- a/deps/openssl/openssl/Configure
+++ b/deps/openssl/openssl/Configure
@ -371,6 +371,9 @@ my %table=(
 "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${no_asm}",
 "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${no_asm}",
 # Android: Linux but without -DTERMIO and pointers to headers and libs.
 "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 #### *BSD [do see comment about ${BSDthreads} above!]
 "BSD-generic32","gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "BSD-x86",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--- a/deps/openssl/openssl/FAQ
+++ b/deps/openssl/openssl/FAQ
@ -52,6 +52,9 @@ OpenSSL  -  Frequently Asked Questions
 * Why does the OpenSSL test suite fail in sha512t on x86 CPU?
 * Why does compiler fail to compile sha512.c?
 * Test suite still fails, what to do?
 * I think I've found a bug, what should I do?
 * I'm SURE I've found a bug, how do I report it?
 * I've found a security issue, how do I report it?
 [PROG] Questions about programming with OpenSSL
@ -79,7 +82,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 1.0.0 was released on Mar 29th, 2010.
+OpenSSL 1.0.0d was released on Feb 8th, 2011.
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
@ -131,7 +134,7 @@ OpenSSL.  Information on the OpenSSL mailing lists is available from
 * Where can I get a compiled version of OpenSSL?
 You can finder pointers to binary distributions in
-http://www.openssl.org/related/binaries.html .
+<URL: http://www.openssl.org/related/binaries.html> .
 Some applications that use OpenSSL are distributed in binary form.
 When using such an application, you don't need to install OpenSSL
@ -463,7 +466,7 @@ administrators.
 Other projects do have other policies so you can for example extract the CA
 bundle used by Mozilla and/or modssl as described in this article:
-  http://www.mail-archive.com/modssl-users@modssl.org/msg16980.html
+  <URL: http://www.mail-archive.com/modssl-users@modssl.org/msg16980.html>
 [BUILD] =======================================================================
@ -505,7 +508,7 @@ when you run the test suite (using "make test").  The message returned is
 "bc: 1 not implemented".
 The best way to deal with this is to find another implementation of bc
-and compile/install it.  GNU bc (see http://www.gnu.org/software/software.html
+and compile/install it.  GNU bc (see <URL: http://www.gnu.org/software/software.html>
 for download instructions) can be safely used, for example.
@ -516,7 +519,7 @@ that the OpenSSL bntest throws at it.  This gets triggered when you run the
 test suite (using "make test").  The message returned is "bc: stack empty".
 The best way to deal with this is to find another implementation of bc
-and compile/install it.  GNU bc (see http://www.gnu.org/software/software.html
+and compile/install it.  GNU bc (see <URL: http://www.gnu.org/software/software.html>
 for download instructions) can be safely used, for example.
@ -709,6 +712,46 @@ never make sense, and tend to emerge when you least expect them. In order
 to identify one, drop optimization level, e.g. by editing CFLAG line in
 top-level Makefile, recompile and re-run the test.
 * I think I've found a bug, what should I do?
 If you are a new user then it is quite likely you haven't found a bug and
 something is happening you aren't familiar with. Check this FAQ, the associated
 documentation and the mailing lists for similar queries. If you are still
 unsure whether it is a bug or not submit a query to the openssl-users mailing
 list.
 * I'm SURE I've found a bug, how do I report it?
 Bug reports with no security implications should be sent to the request
 tracker. This can be done by mailing the report to <rt@openssl.org> (or its
 alias <openssl-bugs@openssl.org>), please note that messages sent to the
 request tracker also appear in the public openssl-dev mailing list.
 The report should be in plain text. Any patches should be sent as
 plain text attachments because some mailers corrupt patches sent inline.
 If your issue affects multiple versions of OpenSSL check any patches apply
 cleanly and, if possible include patches to each affected version.
 The report should be given a meaningful subject line briefly summarising the
 issue. Just "bug in OpenSSL" or "bug in OpenSSL 0.9.8n" is not very helpful.
 By sending reports to the request tracker the bug can then be given a priority
 and assigned to the appropriate maintainer. The history of discussions can be
 accessed and if the issue has been addressed or a reason why not. If patches
 are only sent to openssl-dev they can be mislaid if a team member has to
 wade through months of old messages to review the discussion.
 See also <URL: http://www.openssl.org/support/rt.html>
 * I've found a security issue, how do I report it?
 If you think your bug has security implications then please send it to
 openssl-security@openssl.org if you don't get a prompt reply at least 
 acknowledging receipt then resend or mail it directly to one of the
 more active team members (e.g. Steve).
 [PROG] ========================================================================
 * Is OpenSSL thread-safe?
--- a/deps/openssl/openssl/LICENSE
+++ b/deps/openssl/openssl/LICENSE
@ -12,7 +12,7 @@
  ---------------
 /* ====================================================================
- * Copyright (c) 1998-2008 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2011 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
--- a/deps/openssl/openssl/Makefile
+++ b/deps/openssl/openssl/Makefile
@ -4,7 +4,7 @@
 ## Makefile for OpenSSL
 ##
-VERSION=0.9.8o
+VERSION=0.9.8r
 MAJOR=0
 MINOR=9.8
 SHLIB_VERSION_NUMBER=0.9.8
@ -12,9 +12,9 @@ SHLIB_VERSION_HISTORY=
 SHLIB_MAJOR=0
 SHLIB_MINOR=9.8
 SHLIB_EXT=
-PLATFORM=dist
+PLATFORM=VC-WIN32
-OPTIONS= no-camellia no-capieng no-cms no-gmp no-jpake no-krb5 no-mdc2 no-montasm no-rc5 no-rfc3779 no-seed no-shared no-zlib no-zlib-dynamic
+OPTIONS=--prefix=build\debug\lib no-camellia no-capieng no-cms no-gmp no-jpake no-krb5 no-mdc2 no-montasm no-rc5 no-rfc3779 no-seed no-shared no-zlib no-zlib-dynamic
-CONFIGURE_ARGS=dist
+CONFIGURE_ARGS=VC-WIN32 --prefix=build\debug\lib no-zlib no-zlib-dynamic
 SHLIB_TARGET=
 # HERE indicates where this Makefile lives.  This can be used to indicate
@ -26,10 +26,10 @@ HERE=.
 # for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
 # Normally it is left empty.
 INSTALL_PREFIX=
-INSTALLTOP=/usr/local/ssl
+INSTALLTOP=build\debug\lib
 # Do not edit this manually. Use Configure --openssldir=DIR do change this!
-OPENSSLDIR=/usr/local/ssl
+OPENSSLDIR=build\debug\lib/build\debug\lib/ssl
 # NO_IDEA - Define to build without the IDEA algorithm
 # NO_RC4  - Define to build without the RC4 algorithm
@ -59,8 +59,8 @@ OPENSSLDIR=/usr/local/ssl
 # equal 4.
 # PKCS1_CHECK - pkcs1 tests.
-CC= cc
+CC= cl
-CFLAG= -O
+CFLAG= -DOPENSSL_THREADS  -DDSO_WIN32 
 DEPFLAG= -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED
 PEX_LIBS= 
 EX_LIBS= 
@ -68,8 +68,8 @@ EXE_EXT=
 ARFLAGS= 
 AR= ar $(ARFLAGS) r
 ARD=ar $(ARFLAGS) d
-RANLIB= /usr/bin/ranlib
+RANLIB= true
-PERL= /usr/bin/perl
+PERL= perl
 TAR= tar
 TARFLAGS= --no-recursion
 MAKEDEPPROG=makedepend
--- a/deps/openssl/openssl/NEWS
+++ b/deps/openssl/openssl/NEWS
@ -5,6 +5,19 @@
  This file gives a brief overview of the major changes between each OpenSSL
  release. For more details please read the CHANGES file.
  Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r:
      o Fix for security issue CVE-2011-0014
  Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q:
      o Fix for security issue CVE-2010-4180
      o Fix for CVE-2010-4252
  Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p:
      o Fix for security issue CVE-2010-3864.
  Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o:
      o Fix for security issue CVE-2010-0742.
@ -172,6 +185,11 @@
      o Added initial support for Win64.
      o Added alternate pkg-config files.
  Major changes between OpenSSL 0.9.7l and OpenSSL 0.9.7m:
      o FIPS 1.1.1 module linking.
      o Various ciphersuite selection fixes.
  Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l:
      o Introduce limits to prevent malicious key DoS  (CVE-2006-2940)
--- a/deps/openssl/openssl/PROBLEMS
+++ b/deps/openssl/openssl/PROBLEMS
@ -36,7 +36,9 @@ may differ on your machine.
 As long as Apple doesn't fix the problem with ld, this problem building
-OpenSSL will remain as is.
+OpenSSL will remain as is. Well, the problem was addressed in 0.9.8f by
 passing -Wl,-search_paths_first, but it's unknown if the flag was
 supported from the initial MacOS X release.
 * Parallell make leads to errors
--- a/deps/openssl/openssl/README
+++ b/deps/openssl/openssl/README
@ -1,7 +1,7 @@
- OpenSSL 0.9.8o 1 Jun 2010
+ OpenSSL 0.9.8r
- Copyright (c) 1998-2009 The OpenSSL Project
+ Copyright (c) 1998-2011 The OpenSSL Project
 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
 All rights reserved.
--- a/deps/openssl/openssl/apps/apps.c
+++ b/deps/openssl/openssl/apps/apps.c
@ -351,13 +351,12 @@ void program_name(char *in, char *out, int size)
 int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
 	{
-	int num,len,i;
+	int num,i;
 	char *p;
 	*argc=0;
 	*argv=NULL;
 	len=strlen(buf);
 	i=0;
 	if (arg->count == 0)
 		{
--- a/deps/openssl/openssl/apps/dh.c
+++ b/deps/openssl/openssl/apps/dh.c
@ -88,9 +88,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 #ifndef OPENSSL_NO_ENGINE
 	ENGINE *e = NULL;
 #endif
 	DH *dh=NULL;
 	int i,badops=0,text=0;
 	BIO *in=NULL,*out=NULL;
@ -189,7 +186,7 @@ bad:
 	ERR_load_crypto_strings();
 #ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine, 0);
+        setup_engine(bio_err, engine, 0);
 #endif
 	in=BIO_new(BIO_s_file());
--- a/deps/openssl/openssl/apps/dhparam.c
+++ b/deps/openssl/openssl/apps/dhparam.c
@ -149,9 +149,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 #ifndef OPENSSL_NO_ENGINE
 	ENGINE *e = NULL;
 #endif
 	DH *dh=NULL;
 	int i,badops=0,text=0;
 #ifndef OPENSSL_NO_DSA
@ -270,7 +267,7 @@ bad:
 	ERR_load_crypto_strings();
 #ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine, 0);
+        setup_engine(bio_err, engine, 0);
 #endif
 	if (g && !num)
--- a/deps/openssl/openssl/apps/dsaparam.c
+++ b/deps/openssl/openssl/apps/dsaparam.c
@ -111,9 +111,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 #ifndef OPENSSL_NO_ENGINE
 	ENGINE *e = NULL;
 #endif
 	DSA *dsa=NULL;
 	int i,badops=0,text=0;
 	BIO *in=NULL,*out=NULL;
@ -278,7 +275,7 @@ bad:
 		}
 #ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine, 0);
+        setup_engine(bio_err, engine, 0);
 #endif
 	if (need_rand)
@ -357,12 +354,10 @@ bad:
 	if (C)
 		{
 		unsigned char *data;
-		int l,len,bits_p,bits_q,bits_g;
+		int l,len,bits_p;
 		len=BN_num_bytes(dsa->p);
 		bits_p=BN_num_bits(dsa->p);
 		bits_q=BN_num_bits(dsa->q);
 		bits_g=BN_num_bits(dsa->g);
 		data=(unsigned char *)OPENSSL_malloc(len+20);
 		if (data == NULL)
 			{
--- a/deps/openssl/openssl/apps/ec.c
+++ b/deps/openssl/openssl/apps/ec.c
@ -85,9 +85,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 {
 #ifndef OPENSSL_NO_ENGINE
 	ENGINE 	*e = NULL;
 #endif
 	int 	ret = 1;
 	EC_KEY 	*eckey = NULL;
 	const EC_GROUP *group;
@ -254,7 +251,7 @@ bad:
 	ERR_load_crypto_strings();
 #ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine, 0);
+        setup_engine(bio_err, engine, 0);
 #endif
 	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) 
--- a/deps/openssl/openssl/apps/ecparam.c
+++ b/deps/openssl/openssl/apps/ecparam.c
@ -129,9 +129,6 @@ int MAIN(int argc, char **argv)
 	char	*infile = NULL, *outfile = NULL, *prog;
 	BIO 	*in = NULL, *out = NULL;
 	int 	informat, outformat, noout = 0, C = 0, ret = 1;
 #ifndef OPENSSL_NO_ENGINE
 	ENGINE	*e = NULL;
 #endif
 	char	*engine = NULL;
 	BIGNUM	*ec_p = NULL, *ec_a = NULL, *ec_b = NULL,
@ -340,7 +337,7 @@ bad:
 		}
 #ifndef OPENSSL_NO_ENGINE
-	e = setup_engine(bio_err, engine, 0);
+	setup_engine(bio_err, engine, 0);
 #endif
 	if (list_curves)
--- a/deps/openssl/openssl/apps/enc.c
+++ b/deps/openssl/openssl/apps/enc.c
@ -100,9 +100,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 #ifndef OPENSSL_NO_ENGINE
 	ENGINE *e = NULL;
 #endif
 	static const char magic[]="Salted__";
 	char mbuf[sizeof magic-1];
 	char *strbuf=NULL;
@ -311,7 +308,7 @@ bad:
 		}
 #ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine, 0);
+        setup_engine(bio_err, engine, 0);
 #endif
 	if (md && (dgst=EVP_get_digestbyname(md)) == NULL)
--- a/deps/openssl/openssl/apps/gendh.c
+++ b/deps/openssl/openssl/apps/gendh.c
@ -89,9 +89,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	BN_GENCB cb;
 #ifndef OPENSSL_NO_ENGINE
 	ENGINE *e = NULL;
 #endif
 	DH *dh=NULL;
 	int ret=1,num=DEFBITS;
 	int g=2;
@ -163,7 +160,7 @@ bad:
 		}
 #ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine, 0);
+        setup_engine(bio_err, engine, 0);
 #endif
 	out=BIO_new(BIO_s_file());
--- a/deps/openssl/openssl/apps/gendsa.c
+++ b/deps/openssl/openssl/apps/gendsa.c
@ -78,9 +78,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 #ifndef OPENSSL_NO_ENGINE
 	ENGINE *e = NULL;
 #endif
 	DSA *dsa=NULL;
 	int ret=1;
 	char *outfile=NULL;
@ -206,7 +203,7 @@ bad:
 		}
 #ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine, 0);
+        setup_engine(bio_err, engine, 0);
 #endif
 	if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
--- a/deps/openssl/openssl/apps/genrsa.c
+++ b/deps/openssl/openssl/apps/genrsa.c
@ -89,9 +89,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 	BN_GENCB cb;
 #ifndef OPENSSL_NO_ENGINE
 	ENGINE *e = NULL;
 #endif
 	int ret=1;
 	int i,num=DEFBITS;
 	long l;
@ -235,7 +232,7 @@ bad:
 	}
 #ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine, 0);
+        setup_engine(bio_err, engine, 0);
 #endif
 	if (outfile == NULL)
--- a/deps/openssl/openssl/apps/pkcs7.c
+++ b/deps/openssl/openssl/apps/pkcs7.c
@ -82,9 +82,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 #ifndef OPENSSL_NO_ENGINE
 	ENGINE *e = NULL;
 #endif
 	PKCS7 *p7=NULL;
 	int i,badops=0;
 	BIO *in=NULL,*out=NULL;
@ -180,7 +177,7 @@ bad:
 	ERR_load_crypto_strings();
 #ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine, 0);
+        setup_engine(bio_err, engine, 0);
 #endif
 	in=BIO_new(BIO_s_file());
--- a/deps/openssl/openssl/apps/rand.c
+++ b/deps/openssl/openssl/apps/rand.c
@ -77,9 +77,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 #ifndef OPENSSL_NO_ENGINE
 	ENGINE *e = NULL;
 #endif
 	int i, r, ret = 1;
 	int badopt;
 	char *outfile = NULL;
@ -178,7 +175,7 @@ int MAIN(int argc, char **argv)
 		}
 #ifndef OPENSSL_NO_ENGINE
-        e = setup_engine(bio_err, engine, 0);
+        setup_engine(bio_err, engine, 0);
 #endif
 	app_RAND_load_file(NULL, bio_err, (inrand != NULL));
--- a/deps/openssl/openssl/apps/s_server.c
+++ b/deps/openssl/openssl/apps/s_server.c
@ -2150,12 +2150,14 @@ static int www_body(char *hostname, int s, unsigned char *context)
 	{
 	char *buf=NULL;
 	int ret=1;
-	int i,j,k,blank,dot;
+	int i,j,k,dot;
 	struct stat st_buf;
 	SSL *con;
 	SSL_CIPHER *c;
 	BIO *io,*ssl_bio,*sbio;
 #ifdef RENEG
 	long total_bytes;
 #endif
 	buf=OPENSSL_malloc(bufsize);
 	if (buf == NULL) return(0);
@ -2226,7 +2228,6 @@ static int www_body(char *hostname, int s, unsigned char *context)
 		SSL_set_msg_callback_arg(con, bio_s_out);
 		}
 	blank=0;
 	for (;;)
 		{
 		if (hack)
@ -2466,7 +2467,9 @@ static int www_body(char *hostname, int s, unsigned char *context)
                                        BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
                                }
 			/* send the file */
 #ifdef RENEG
 			total_bytes=0;
 #endif
 			for (;;)
 				{
 				i=BIO_read(file,buf,bufsize);
--- a/deps/openssl/openssl/apps/s_socket.c
+++ b/deps/openssl/openssl/apps/s_socket.c
@ -329,7 +329,7 @@ static int init_server_long(int *sock, int port, char *ip, int type)
 	{
 	int ret=0;
 	struct sockaddr_in server;
-	int s= -1,i;
+	int s= -1;
 	if (!ssl_sock_init()) return(0);
@ -368,7 +368,6 @@ static int init_server_long(int *sock, int port, char *ip, int type)
 		}
 	/* Make it 128 for linux */
 	if (type==SOCK_STREAM && listen(s,128) == -1) goto err;
 	i=0;
 	*sock=s;
 	ret=1;
 err:
@ -386,7 +385,7 @@ static int init_server(int *sock, int port, int type)
 static int do_accept(int acc_sock, int *sock, char **host)
 	{
-	int ret,i;
+	int ret;
 	struct hostent *h1,*h2;
 	static struct sockaddr_in from;
 	int len;
@ -409,6 +408,7 @@ redoit:
 	if (ret == INVALID_SOCKET)
 		{
 #if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
 		int i;
 		i=WSAGetLastError();
 		BIO_printf(bio_err,"accept error %d\n",i);
 #else
@ -463,7 +463,6 @@ redoit:
 			BIO_printf(bio_err,"gethostbyname failure\n");
 			return(0);
 			}
 		i=0;
 		if (h2->h_addrtype != AF_INET)
 			{
 			BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
--- a/deps/openssl/openssl/apps/speed.c
+++ b/deps/openssl/openssl/apps/speed.c
@ -500,9 +500,6 @@ int MAIN(int, char **);
 int MAIN(int argc, char **argv)
 	{
 #ifndef OPENSSL_NO_ENGINE
 	ENGINE *e = NULL;
 #endif
 	unsigned char *buf=NULL,*buf2=NULL;
 	int mret=1;
 	long count=0,save_count=0;
@ -593,7 +590,6 @@ int MAIN(int argc, char **argv)
 	unsigned char DES_iv[8];
 	unsigned char iv[2*MAX_BLOCK_SIZE/8];
 #ifndef OPENSSL_NO_DES
 	DES_cblock *buf_as_des_cblock = NULL;
 	static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
 	static DES_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
 	static DES_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
@ -806,9 +802,6 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err,"out of memory\n");
 		goto end;
 		}
 #ifndef OPENSSL_NO_DES
 	buf_as_des_cblock = (DES_cblock *)buf;
 #endif
 	if ((buf2=(unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL)
 		{
 		BIO_printf(bio_err,"out of memory\n");
@ -883,7 +876,7 @@ int MAIN(int argc, char **argv)
 				BIO_printf(bio_err,"no engine given\n");
 				goto end;
 				}
-                        e = setup_engine(bio_err, *argv, 0);
+                        setup_engine(bio_err, *argv, 0);
 			/* j will be increased again further down.  We just
 			   don't want speed to confuse an engine with an
 			   algorithm, especially when none is given (which
@ -1388,7 +1381,8 @@ int MAIN(int argc, char **argv)
 		count*=2;
 		Time_F(START);
 		for (it=count; it; it--)
-			DES_ecb_encrypt(buf_as_des_cblock,buf_as_des_cblock,
+			DES_ecb_encrypt((DES_cblock *)buf,
 				(DES_cblock *)buf,
 				&sch,DES_ENCRYPT);
 		d=Time_F(STOP);
 		} while (d <3);
--- a/deps/openssl/openssl/apps/x509.c
+++ b/deps/openssl/openssl/apps/x509.c
@ -539,7 +539,6 @@ bad:
 	if (reqfile)
 		{
 		EVP_PKEY *pkey;
 		X509_CINF *ci;
 		BIO *in;
 		if (!sign_flag && !CA_flag)
@ -607,7 +606,6 @@ bad:
 		print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), nmflag);
 		if ((x=X509_new()) == NULL) goto end;
 		ci=x->cert_info;
 		if (sno == NULL)
 			{
--- a/deps/openssl/openssl/crypto/aes/aes_wrap.c
+++ b/deps/openssl/openssl/crypto/aes/aes_wrap.c
@ -85,9 +85,9 @@ int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
 			A[7] ^= (unsigned char)(t & 0xff);
 			if (t > 0xff)	
 				{
-				A[6] ^= (unsigned char)((t & 0xff) >> 8);
+				A[6] ^= (unsigned char)((t >> 8) & 0xff);
-				A[5] ^= (unsigned char)((t & 0xff) >> 16);
+				A[5] ^= (unsigned char)((t >> 16) & 0xff);
-				A[4] ^= (unsigned char)((t & 0xff) >> 24);
+				A[4] ^= (unsigned char)((t >> 24) & 0xff);
 				}
 			memcpy(R, B + 8, 8);
 			}
@ -119,9 +119,9 @@ int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
 			A[7] ^= (unsigned char)(t & 0xff);
 			if (t > 0xff)	
 				{
-				A[6] ^= (unsigned char)((t & 0xff) >> 8);
+				A[6] ^= (unsigned char)((t >> 8) & 0xff);
-				A[5] ^= (unsigned char)((t & 0xff) >> 16);
+				A[5] ^= (unsigned char)((t >> 16) & 0xff);
-				A[4] ^= (unsigned char)((t & 0xff) >> 24);
+				A[4] ^= (unsigned char)((t >> 24) & 0xff);
 				}
 			memcpy(B + 8, R, 8);
 			AES_decrypt(B, B, key);
--- a/deps/openssl/openssl/crypto/asn1/a_int.c
+++ b/deps/openssl/openssl/crypto/asn1/a_int.c
@ -273,7 +273,7 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
 	{
 	ASN1_INTEGER *ret=NULL;
 	const unsigned char *p;
-	unsigned char *to,*s;
+	unsigned char *s;
 	long len;
 	int inf,tag,xclass;
 	int i;
@ -308,7 +308,6 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
 		i=ERR_R_MALLOC_FAILURE;
 		goto err;
 		}
 	to=s;
 	ret->type=V_ASN1_INTEGER;
 	if(len) {
 		if ((*p == 0) && (len != 1))
--- a/deps/openssl/openssl/crypto/asn1/a_strex.c
+++ b/deps/openssl/openssl/crypto/asn1/a_strex.c
@ -74,6 +74,11 @@
 #define CHARTYPE_BS_ESC		(ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253)
 #define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \
 		  ASN1_STRFLGS_ESC_QUOTE | \
 		  ASN1_STRFLGS_ESC_CTRL | \
 		  ASN1_STRFLGS_ESC_MSB)
 /* Three IO functions for sending data to memory, a BIO and
 * and a FILE pointer.
@ -148,6 +153,13 @@ static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, ch
 		if(!io_ch(arg, tmphex, 3)) return -1;
 		return 3;
 	}
 	/* If we get this far and do any escaping at all must escape 
 	 * the escape character itself: backslash.
 	 */
 	if (chtmp == '\\' && flags & ESC_FLAGS) {
 		if(!io_ch(arg, "\\\\", 2)) return -1;
 		return 2;
 	}
 	if(!io_ch(arg, &chtmp, 1)) return -1;
 	return 1;
 }
@ -292,11 +304,6 @@ static const signed char tag2nbyte[] = {
 	4, -1, 2		/* 28-30 */
 };
 #define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \
 		  ASN1_STRFLGS_ESC_QUOTE | \
 		  ASN1_STRFLGS_ESC_CTRL | \
 		  ASN1_STRFLGS_ESC_MSB)
 /* This is the main function, print out an
 * ASN1_STRING taking note of various escape
 * and display options. Returns number of
--- a/deps/openssl/openssl/crypto/asn1/a_strnid.c
+++ b/deps/openssl/openssl/crypto/asn1/a_strnid.c
@ -96,7 +96,7 @@ unsigned long ASN1_STRING_get_default_mask(void)
 * default:   the default value, Printable, T61, BMP.
 */
-int ASN1_STRING_set_default_mask_asc(char *p)
+int ASN1_STRING_set_default_mask_asc(const char *p)
 {
 	unsigned long mask;
 	char *end;
--- a/deps/openssl/openssl/crypto/asn1/asn1.h
+++ b/deps/openssl/openssl/crypto/asn1/asn1.h
@ -1051,7 +1051,7 @@ ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d,
 ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct);
 void ASN1_STRING_set_default_mask(unsigned long mask);
-int ASN1_STRING_set_default_mask_asc(char *p);
+int ASN1_STRING_set_default_mask_asc(const char *p);
 unsigned long ASN1_STRING_get_default_mask(void);
 int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
 					int inform, unsigned long mask);
--- a/deps/openssl/openssl/crypto/asn1/n_pkey.c
+++ b/deps/openssl/openssl/crypto/asn1/n_pkey.c
@ -242,7 +242,7 @@ RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
 		 int sgckey)
 	{
 	RSA *ret=NULL;
-	const unsigned char *p, *kp;
+	const unsigned char *p;
 	NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
 	p = *pp;
@ -265,7 +265,6 @@ RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
 		ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
 		goto err;
 	}
 	kp = enckey->enckey->digest->data;
 	if (cb == NULL)
 		cb=EVP_read_pw_string;
 	if ((ret=d2i_RSA_NET_2(a, enckey->enckey->digest,cb, sgckey)) == NULL) goto err;
--- a/deps/openssl/openssl/crypto/asn1/t_crl.c
+++ b/deps/openssl/openssl/crypto/asn1/t_crl.c
@ -87,7 +87,7 @@ int X509_CRL_print(BIO *out, X509_CRL *x)
 	STACK_OF(X509_REVOKED) *rev;
 	X509_REVOKED *r;
 	long l;
-	int i, n;
+	int i;
 	char *p;
 	BIO_printf(out, "Certificate Revocation List (CRL):\n");
@ -107,7 +107,6 @@ int X509_CRL_print(BIO *out, X509_CRL *x)
 	else BIO_printf(out,"NONE");
 	BIO_printf(out,"\n");
 	n=X509_CRL_get_ext_count(x);
 	X509V3_extensions_print(out, "CRL extensions",
 						x->crl->extensions, 0, 8);
--- a/deps/openssl/openssl/crypto/asn1/tasn_dec.c
+++ b/deps/openssl/openssl/crypto/asn1/tasn_dec.c
@ -166,7 +166,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
 	int i;
 	int otag;
 	int ret = 0;
-	ASN1_VALUE *pchval, **pchptr, *ptmpval;
+	ASN1_VALUE **pchptr, *ptmpval;
 	if (!pval)
 		return 0;
 	if (aux && aux->asn1_cb)
@ -317,7 +317,6 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
 			goto err;
 			}
 		/* CHOICE type, try each possibility in turn */
 		pchval = NULL;
 		p = *in;
 		for (i = 0, tt=it->templates; i < it->tcount; i++, tt++)
 			{
--- a/deps/openssl/openssl/crypto/asn1/x_x509.c
+++ b/deps/openssl/openssl/crypto/asn1/x_x509.c
@ -63,7 +63,7 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
-ASN1_SEQUENCE(X509_CINF) = {
+ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = {
 	ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0),
 	ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER),
 	ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR),
@ -74,7 +74,7 @@ ASN1_SEQUENCE(X509_CINF) = {
 	ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1),
 	ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2),
 	ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3)
-} ASN1_SEQUENCE_END(X509_CINF)
+} ASN1_SEQUENCE_END_enc(X509_CINF, X509_CINF)
 IMPLEMENT_ASN1_FUNCTIONS(X509_CINF)
 /* X509 top level structure needs a bit of customisation */
--- a/deps/openssl/openssl/crypto/bio/bf_nbio.c
+++ b/deps/openssl/openssl/crypto/bio/bf_nbio.c
@ -125,7 +125,6 @@ static int nbiof_free(BIO *a)
 static int nbiof_read(BIO *b, char *out, int outl)
 	{
 	NBIO_TEST *nt;
 	int ret=0;
 #if 1
 	int num;
@ -134,7 +133,6 @@ static int nbiof_read(BIO *b, char *out, int outl)
 	if (out == NULL) return(0);
 	if (b->next_bio == NULL) return(0);
 	nt=(NBIO_TEST *)b->ptr;
 	BIO_clear_retry_flags(b);
 #if 1
--- a/deps/openssl/openssl/crypto/bio/bio_lib.c
+++ b/deps/openssl/openssl/crypto/bio/bio_lib.c
@ -110,7 +110,7 @@ int BIO_set(BIO *bio, BIO_METHOD *method)
 int BIO_free(BIO *a)
 	{
-	int ret=0,i;
+	int i;
 	if (a == NULL) return(0);
@ -133,7 +133,7 @@ int BIO_free(BIO *a)
 	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data);
 	if ((a->method == NULL) || (a->method->destroy == NULL)) return(1);
-	ret=a->method->destroy(a);
+	a->method->destroy(a);
 	OPENSSL_free(a);
 	return(1);
 	}
--- a/deps/openssl/openssl/crypto/bio/bss_acpt.c
+++ b/deps/openssl/openssl/crypto/bio/bss_acpt.c
@ -340,7 +340,6 @@ static int acpt_write(BIO *b, const char *in, int inl)
 static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr)
 	{
 	BIO *dbio;
 	int *ip;
 	long ret=1;
 	BIO_ACCEPT *data;
@ -437,8 +436,8 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr)
 		ret=(long)data->bind_mode;
 		break;
 	case BIO_CTRL_DUP:
-		dbio=(BIO *)ptr;
+/*		dbio=(BIO *)ptr;
-/*		if (data->param_port) EAY EAY
+		if (data->param_port) EAY EAY
 			BIO_set_port(dbio,data->param_port);
 		if (data->param_hostname)
 			BIO_set_hostname(dbio,data->param_hostname);
--- a/deps/openssl/openssl/crypto/bn/bn_exp2.c
+++ b/deps/openssl/openssl/crypto/bn/bn_exp2.c
@ -301,7 +301,8 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
 			r_is_one = 0;
 			}
 		}
-	BN_from_montgomery(rr,r,mont,ctx);
+	if (!BN_from_montgomery(rr,r,mont,ctx))
 		goto err;
 	ret=1;
 err:
 	if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
--- a/deps/openssl/openssl/crypto/bn/bn_mul.c
+++ b/deps/openssl/openssl/crypto/bn/bn_mul.c
@ -551,7 +551,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
 	     int tna, int tnb, BN_ULONG *t)
 	{
 	int i,j,n2=n*2;
-	int c1,c2,neg,zero;
+	int c1,c2,neg;
 	BN_ULONG ln,lo,*p;
 # ifdef BN_COUNT
@ -567,7 +567,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
 	/* r=(a[0]-a[1])*(b[1]-b[0]) */
 	c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna);
 	c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n);
-	zero=neg=0;
+	neg=0;
 	switch (c1*3+c2)
 		{
 	case -4:
@ -575,7 +575,6 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
 		bn_sub_part_words(&(t[n]),b,      &(b[n]),tnb,n-tnb); /* - */
 		break;
 	case -3:
 		zero=1;
 		/* break; */
 	case -2:
 		bn_sub_part_words(t,      &(a[n]),a,      tna,tna-n); /* - */
@ -585,7 +584,6 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
 	case -1:
 	case 0:
 	case 1:
 		zero=1;
 		/* break; */
 	case 2:
 		bn_sub_part_words(t,      a,      &(a[n]),tna,n-tna); /* + */
@ -593,7 +591,6 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
 		neg=1;
 		break;
 	case 3:
 		zero=1;
 		/* break; */
 	case 4:
 		bn_sub_part_words(t,      a,      &(a[n]),tna,n-tna);
@ -1012,7 +1009,6 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
 		{
 		if (i >= -1 && i <= 1)
 			{
 			int sav_j =0;
 			/* Find out the power of two lower or equal
 			   to the longest of the two numbers */
 			if (i >= 0)
@ -1023,7 +1019,6 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
 				{
 				j = BN_num_bits_word((BN_ULONG)bl);
 				}
 			sav_j = j;
 			j = 1<<(j-1);
 			assert(j <= al || j <= bl);
 			k = j+j;
--- a/deps/openssl/openssl/crypto/comp/c_rle.c
+++ b/deps/openssl/openssl/crypto/comp/c_rle.c
@ -46,7 +46,7 @@ static int rle_expand_block(COMP_CTX *ctx, unsigned char *out,
 	{
 	int i;
-	if (olen < (ilen-1))
+	if (ilen == 0 || olen < (ilen-1))
 		{
 		/* ZZZZZZZZZZZZZZZZZZZZZZ */
 		return(-1);
@ -59,4 +59,3 @@ static int rle_expand_block(COMP_CTX *ctx, unsigned char *out,
 		}
 	return(ilen-1);
 	}
--- a/deps/openssl/openssl/crypto/conf/conf_def.c
+++ b/deps/openssl/openssl/crypto/conf/conf_def.c
@ -213,13 +213,14 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
 	int bufnum=0,i,ii;
 	BUF_MEM *buff=NULL;
 	char *s,*p,*end;
-	int again,n;
+	int again;
 	long eline=0;
 	char btmp[DECIMAL_SIZE(eline)+1];
 	CONF_VALUE *v=NULL,*tv;
 	CONF_VALUE *sv=NULL;
 	char *section=NULL,*buf;
-	STACK_OF(CONF_VALUE) *section_sk=NULL,*ts;
+/*	STACK_OF(CONF_VALUE) *section_sk=NULL;*/
 /*	STACK_OF(CONF_VALUE) *ts=NULL;*/
 	char *start,*psection,*pname;
 	void *h = (void *)(conf->data);
@ -250,7 +251,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
 					CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
 		goto err;
 		}
-	section_sk=(STACK_OF(CONF_VALUE) *)sv->value;
+/*	section_sk=(STACK_OF(CONF_VALUE) *)sv->value;*/
 	bufnum=0;
 	again=0;
@ -309,7 +310,6 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
 		buf=buff->data;
 		clear_comments(conf, buf);
 		n=strlen(buf);
 		s=eat_ws(conf, buf);
 		if (IS_EOF(conf,*s)) continue; /* blank line */
 		if (*s == '[')
@ -343,7 +343,7 @@ again:
 					CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
 				goto err;
 				}
-			section_sk=(STACK_OF(CONF_VALUE) *)sv->value;
+/*			section_sk=(STACK_OF(CONF_VALUE) *)sv->value;*/
 			continue;
 			}
 		else
@ -406,12 +406,12 @@ again:
 					   CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
 					goto err;
 					}
-				ts=(STACK_OF(CONF_VALUE) *)tv->value;
+/*				ts=(STACK_OF(CONF_VALUE) *)tv->value;*/
 				}
 			else
 				{
 				tv=sv;
-				ts=section_sk;
+/*				ts=section_sk;*/
 				}
 #if 1
 			if (_CONF_add_string(conf, tv, v) == 0)
@ -465,9 +465,6 @@ err:
 static void clear_comments(CONF *conf, char *p)
 	{
 	char *to;
 	to=p;
 	for (;;)
 		{
 		if (IS_FCOMMENT(conf,*p))
--- a/deps/openssl/openssl/crypto/dsa/dsa_gen.c
+++ b/deps/openssl/openssl/crypto/dsa/dsa_gen.c
@ -110,7 +110,7 @@ static int dsa_builtin_paramgen(DSA *ret, int bits,
 	BIGNUM *r0,*W,*X,*c,*test;
 	BIGNUM *g=NULL,*q=NULL,*p=NULL;
 	BN_MONT_CTX *mont=NULL;
-	int k,n=0,i,b,m=0;
+	int k,n=0,i,m=0;
 	int counter=0;
 	int r=0;
 	BN_CTX *ctx=NULL;
@ -211,7 +211,6 @@ static int dsa_builtin_paramgen(DSA *ret, int bits,
 		/* "offset = 2" */
 		n=(bits-1)/160;
 		b=(bits-1)-n*160;
 		for (;;)
 			{
--- a/deps/openssl/openssl/crypto/dsa/dsa_ossl.c
+++ b/deps/openssl/openssl/crypto/dsa/dsa_ossl.c
@ -178,7 +178,8 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 	if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
 	if (!BN_add(s, &xr, &m)) goto err;		/* s = m + xr */
 	if (BN_cmp(s,dsa->q) > 0)
-		BN_sub(s,s,dsa->q);
+		if (!BN_sub(s,s,dsa->q))
 			goto err;
 	if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
 	ret=DSA_SIG_new();
--- a/deps/openssl/openssl/crypto/ec/ec2_mult.c
+++ b/deps/openssl/openssl/crypto/ec/ec2_mult.c
@ -318,6 +318,7 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
 	int ret = 0;
 	size_t i;
 	EC_POINT *p=NULL;
 	EC_POINT *acc = NULL;
 	if (ctx == NULL)
 		{
@ -337,15 +338,16 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
 		}
 	if ((p = EC_POINT_new(group)) == NULL) goto err;
 	if ((acc = EC_POINT_new(group)) == NULL) goto err;
-	if (!EC_POINT_set_to_infinity(group, r)) goto err;
+	if (!EC_POINT_set_to_infinity(group, acc)) goto err;
 	if (scalar)
 		{
 		if (!ec_GF2m_montgomery_point_multiply(group, p, scalar, group->generator, ctx)) goto err;
 		if (BN_is_negative(scalar))
 			if (!group->meth->invert(group, p, ctx)) goto err;
-		if (!group->meth->add(group, r, r, p, ctx)) goto err;
+		if (!group->meth->add(group, acc, acc, p, ctx)) goto err;
 		}
 	for (i = 0; i < num; i++)
@ -353,13 +355,16 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
 		if (!ec_GF2m_montgomery_point_multiply(group, p, scalars[i], points[i], ctx)) goto err;
 		if (BN_is_negative(scalars[i]))
 			if (!group->meth->invert(group, p, ctx)) goto err;
-		if (!group->meth->add(group, r, r, p, ctx)) goto err;
+		if (!group->meth->add(group, acc, acc, p, ctx)) goto err;
 		}
 	if (!EC_POINT_copy(r, acc)) goto err;
 	ret = 1;
  err:
 	if (p) EC_POINT_free(p);
 	if (acc) EC_POINT_free(acc);
 	if (new_ctx != NULL)
 		BN_CTX_free(new_ctx);
 	return ret;
--- a/deps/openssl/openssl/crypto/ec/ec2_smpl.c
+++ b/deps/openssl/openssl/crypto/ec/ec2_smpl.c
@ -872,6 +872,9 @@ int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT
 		return EC_POINT_is_at_infinity(group, b) ? 0 : 1;
 		}
 	if (EC_POINT_is_at_infinity(group, b))
 		return 1;
 	if (a->Z_is_one && b->Z_is_one)
 		{
 		return ((BN_cmp(&a->X, &b->X) == 0) && BN_cmp(&a->Y, &b->Y) == 0) ? 0 : 1;
--- a/deps/openssl/openssl/crypto/ec/ec_key.c
+++ b/deps/openssl/openssl/crypto/ec/ec_key.c
@ -305,6 +305,12 @@ int EC_KEY_check_key(const EC_KEY *eckey)
 		return 0;
 		}
 	if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key))
 		{
 		ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_AT_INFINITY);
 		goto err;
 		}
 	if ((ctx = BN_CTX_new()) == NULL)
 		goto err;
 	if ((point = EC_POINT_new(eckey->group)) == NULL)
--- a/deps/openssl/openssl/crypto/ec/ec_mult.c
+++ b/deps/openssl/openssl/crypto/ec/ec_mult.c
@ -169,11 +169,13 @@ static void ec_pre_comp_clear_free(void *pre_)
 		EC_POINT **p;
 		for (p = pre->points; *p != NULL; p++)
 			{
 			EC_POINT_clear_free(*p);
-		OPENSSL_cleanse(pre->points, sizeof pre->points);
+			OPENSSL_cleanse(p, sizeof *p);
 			}
 		OPENSSL_free(pre->points);
 		}
-	OPENSSL_cleanse(pre, sizeof pre);
+	OPENSSL_cleanse(pre, sizeof *pre);
 	OPENSSL_free(pre);
 	}
--- a/deps/openssl/openssl/crypto/ec/ecp_smpl.c
+++ b/deps/openssl/openssl/crypto/ec/ecp_smpl.c
@ -1407,6 +1407,9 @@ int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *
 		return EC_POINT_is_at_infinity(group, b) ? 0 : 1;
 		}
 	if (EC_POINT_is_at_infinity(group, b))
 		return 1;
 	if (a->Z_is_one && b->Z_is_one)
 		{
 		return ((BN_cmp(&a->X, &b->X) == 0) && BN_cmp(&a->Y, &b->Y) == 0) ? 0 : 1;
--- a/deps/openssl/openssl/crypto/ecdh/ech_lib.c
+++ b/deps/openssl/openssl/crypto/ecdh/ech_lib.c
@ -96,7 +96,6 @@ const ECDH_METHOD *ECDH_get_default_method(void)
 int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth)
 	{
 	const ECDH_METHOD *mtmp;
 	ECDH_DATA *ecdh;
 	ecdh = ecdh_check(eckey);
@ -104,11 +103,6 @@ int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth)
 	if (ecdh == NULL)
 		return 0;
        mtmp = ecdh->meth;
 #if 0
        if (mtmp->finish)
 		mtmp->finish(eckey);
 #endif
 #ifndef OPENSSL_NO_ENGINE
 	if (ecdh->engine)
 		{
--- a/deps/openssl/openssl/crypto/ecdsa/ecs_lib.c
+++ b/deps/openssl/openssl/crypto/ecdsa/ecs_lib.c
@ -83,7 +83,6 @@ const ECDSA_METHOD *ECDSA_get_default_method(void)
 int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth)
 {
        const ECDSA_METHOD *mtmp;
 	ECDSA_DATA *ecdsa;
 	ecdsa = ecdsa_check(eckey);
@ -91,7 +90,6 @@ int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth)
 	if (ecdsa == NULL)
 		return 0;
        mtmp = ecdsa->meth;
 #ifndef OPENSSL_NO_ENGINE
 	if (ecdsa->engine)
 	{
--- a/deps/openssl/openssl/crypto/evp/enc_min.c
+++ b/deps/openssl/openssl/crypto/evp/enc_min.c
@ -279,6 +279,7 @@ skip_to_init:
 			case EVP_CIPH_OFB_MODE:
 			ctx->num = 0;
 			/* fall-through */
 			case EVP_CIPH_CBC_MODE:
--- a/deps/openssl/openssl/crypto/evp/encode.c
+++ b/deps/openssl/openssl/crypto/evp/encode.c
@ -235,7 +235,7 @@ void EVP_DecodeInit(EVP_ENCODE_CTX *ctx)
 int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
 	     const unsigned char *in, int inl)
 	{
-	int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,tmp2,exp_nl;
+	int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,exp_nl;
 	unsigned char *d;
 	n=ctx->num;
@ -319,7 +319,6 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
 			 * lines.  We process the line and then need to
 			 * accept the '\n' */
 			if ((v != B64_EOF) && (n >= 64)) exp_nl=1;
 			tmp2=v;
 			if (n > 0)
 				{
 				v=EVP_DecodeBlock(out,d,n);
--- a/deps/openssl/openssl/crypto/evp/evp_pbe.c
+++ b/deps/openssl/openssl/crypto/evp/evp_pbe.c
@ -116,17 +116,50 @@ static int pbe_cmp(const char * const *a, const char * const *b)
 int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
 	     EVP_PBE_KEYGEN *keygen)
 {
-	EVP_PBE_CTL *pbe_tmp;
+	EVP_PBE_CTL *pbe_tmp = NULL, pbelu;
-	if (!pbe_algs) pbe_algs = sk_new(pbe_cmp);
+	int i;
-	if (!(pbe_tmp = (EVP_PBE_CTL*) OPENSSL_malloc (sizeof(EVP_PBE_CTL)))) {
+	if (!pbe_algs)
-		EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE);
+		{
-		return 0;
+		pbe_algs = sk_new(pbe_cmp);
-	}
+		if (!pbe_algs)
-	pbe_tmp->pbe_nid = nid;
+			{
 			EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE);
 			return 0;
 			}
 		}
 	else
 		{
 		/* Check if already present */
 		pbelu.pbe_nid = nid;
 		i = sk_find(pbe_algs, (char *)&pbelu);
 		if (i >= 0)
 			{
 			pbe_tmp = (EVP_PBE_CTL *)sk_value(pbe_algs, i);
 			/* If everything identical leave alone */
 			if (pbe_tmp->cipher == cipher
 				&& pbe_tmp->md == md
 				&& pbe_tmp->keygen == keygen)
 				return 1;
 			}
 		}
 	if (!pbe_tmp)
 		{
 		pbe_tmp = OPENSSL_malloc (sizeof(EVP_PBE_CTL));
 		if (!pbe_tmp)
 			{
 			EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE);
 			return 0;
 			}
 		/* If adding a new PBE, set nid, append and sort */
 		pbe_tmp->pbe_nid = nid;
 		sk_push (pbe_algs, (char *)pbe_tmp);
 		sk_sort(pbe_algs);
 		}
 	pbe_tmp->cipher = cipher;
 	pbe_tmp->md = md;
 	pbe_tmp->keygen = keygen;
 	sk_push (pbe_algs, (char *)pbe_tmp);
 	return 1;
 }
--- a/deps/openssl/openssl/crypto/evp/p_sign.c
+++ b/deps/openssl/openssl/crypto/evp/p_sign.c
@ -81,7 +81,7 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
 	unsigned char m[EVP_MAX_MD_SIZE];
 	unsigned int m_len;
 	int i,ok=0,v;
-	MS_STATIC EVP_MD_CTX tmp_ctx;
+	EVP_MD_CTX tmp_ctx;
 	*siglen=0;
 	for (i=0; i<4; i++)
--- a/deps/openssl/openssl/crypto/evp/p_verify.c
+++ b/deps/openssl/openssl/crypto/evp/p_verify.c
@ -68,7 +68,7 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
 	unsigned char m[EVP_MAX_MD_SIZE];
 	unsigned int m_len;
 	int i,ok=0,v;
-	MS_STATIC EVP_MD_CTX tmp_ctx;
+	EVP_MD_CTX tmp_ctx;
 	for (i=0; i<4; i++)
 		{
--- a/deps/openssl/openssl/crypto/hmac/hmac.c
+++ b/deps/openssl/openssl/crypto/hmac/hmac.c
@ -130,12 +130,9 @@ void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
 void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
 	{
 	int j;
 	unsigned int i;
 	unsigned char buf[EVP_MAX_MD_SIZE];
 	j=EVP_MD_block_size(ctx->md);
 	EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i);
 	EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->o_ctx);
 	EVP_DigestUpdate(&ctx->md_ctx,buf,i);
--- a/deps/openssl/openssl/crypto/jpake/jpake.c
+++ b/deps/openssl/openssl/crypto/jpake/jpake.c
@ -283,23 +283,53 @@ int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx)
    return 1;
    }
 /* g^x is a legal value */
 static int is_legal(const BIGNUM *gx, const JPAKE_CTX *ctx)
    {
    BIGNUM *t;
    int res;
    if(BN_is_negative(gx) || BN_is_zero(gx) || BN_cmp(gx, ctx->p.p) >= 0)
 	return 0;
    t = BN_new();
    BN_mod_exp(t, gx, ctx->p.q, ctx->p.p, ctx->ctx);
    res = BN_is_one(t);
    BN_free(t);
    return res;
    }
 int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received)
    {
-   /* verify their ZKP(xc) */
+    if(!is_legal(received->p1.gx, ctx))
 	{
 	JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL);
 	return 0;
 	}
    if(!is_legal(received->p2.gx, ctx))
 	{
 	JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL);
 	return 0;
 	}
    /* verify their ZKP(xc) */
    if(!verify_zkp(&received->p1, ctx->p.g, ctx))
 	{
 	JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_VERIFY_X3_FAILED);
 	return 0;
 	}
-   /* verify their ZKP(xd) */
+    /* verify their ZKP(xd) */
    if(!verify_zkp(&received->p2, ctx->p.g, ctx))
 	{
 	JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_VERIFY_X4_FAILED);
 	return 0;
 	}
-   /* g^xd != 1 */
+    /* g^xd != 1 */
    if(BN_is_one(received->p2.gx))
 	{
 	JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X4_IS_ONE);
--- a/deps/openssl/openssl/crypto/jpake/jpake.h
+++ b/deps/openssl/openssl/crypto/jpake/jpake.h
@ -115,6 +115,8 @@ void ERR_load_JPAKE_strings(void);
 #define JPAKE_F_VERIFY_ZKP				 100
 /* Reason codes. */
 #define JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL		 108
 #define JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL		 109
 #define JPAKE_R_G_TO_THE_X4_IS_ONE			 105
 #define JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH		 106
 #define JPAKE_R_HASH_OF_KEY_MISMATCH			 107
--- a/deps/openssl/openssl/crypto/jpake/jpake_err.c
+++ b/deps/openssl/openssl/crypto/jpake/jpake_err.c
@ -1,6 +1,6 @@
 /* crypto/jpake/jpake_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2010 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@ -80,6 +80,8 @@ static ERR_STRING_DATA JPAKE_str_functs[]=
 static ERR_STRING_DATA JPAKE_str_reasons[]=
 	{
 {ERR_REASON(JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL),"g to the x3 is not legal"},
 {ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL),"g to the x4 is not legal"},
 {ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_ONE)  ,"g to the x4 is one"},
 {ERR_REASON(JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH),"hash of hash of key mismatch"},
 {ERR_REASON(JPAKE_R_HASH_OF_KEY_MISMATCH),"hash of key mismatch"},
--- a/deps/openssl/openssl/crypto/md2/md2.h
+++ b/deps/openssl/openssl/crypto/md2/md2.h
@ -72,8 +72,6 @@
 extern "C" {
 #endif
 #include <stddef.h>
 typedef struct MD2state_st
 	{
 	unsigned int num;
--- a/deps/openssl/openssl/crypto/md4/md4.h
+++ b/deps/openssl/openssl/crypto/md4/md4.h
@ -66,8 +66,6 @@
 extern "C" {
 #endif
 #include <stddef.h>
 #ifdef OPENSSL_NO_MD4
 #error MD4 is disabled.
 #endif
--- a/deps/openssl/openssl/crypto/md5/md5.h
+++ b/deps/openssl/openssl/crypto/md5/md5.h
@ -66,8 +66,6 @@
 extern "C" {
 #endif
 #include <stddef.h>
 #ifdef OPENSSL_NO_MD5
 #error MD5 is disabled.
 #endif
--- a/deps/openssl/openssl/crypto/ocsp/ocsp_ht.c
+++ b/deps/openssl/openssl/crypto/ocsp/ocsp_ht.c
@ -371,11 +371,12 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx)
 		case OHS_ASN1_HEADER:
-		/* Now reading ASN1 header: can read at least 6 bytes which
+		/* Now reading ASN1 header: can read at least 2 bytes which
-		 * is more than enough for any valid ASN1 SEQUENCE header
+		 * is enough for ASN1 SEQUENCE header and either length field
 		 * or at least the length of the length field.
 		 */
 		n = BIO_get_mem_data(rctx->mem, &p);
-		if (n < 6)
+		if (n < 2)
 			goto next_io;
 		/* Check it is an ASN1 SEQUENCE */
@ -388,6 +389,11 @@ int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx)
 		/* Check out length field */
 		if (*p & 0x80)
 			{
 			/* If MSB set on initial length octet we can now
 			 * always read 6 octets: make sure we have them.
 			 */
 			if (n < 6)
 				goto next_io;
 			n = *p & 0x7F;
 			/* Not NDEF or excessive length */
 			if (!n || (n > 4))
--- a/deps/openssl/openssl/crypto/ocsp/ocsp_prn.c
+++ b/deps/openssl/openssl/crypto/ocsp/ocsp_prn.c
@ -182,7 +182,6 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
        {
 	int i, ret = 0;
 	long l;
 	unsigned char *p;
 	OCSP_CERTID *cid = NULL;
 	OCSP_BASICRESP *br = NULL;
 	OCSP_RESPID *rid = NULL;
@ -207,7 +206,6 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
 		return 1;
 		}
 	p = ASN1_STRING_data(rb->response);
 	i = ASN1_STRING_length(rb->response);
 	if (!(br = OCSP_response_get1_basic(o))) goto err;
 	rd = br->tbsResponseData;
--- a/deps/openssl/openssl/crypto/opensslv.h
+++ b/deps/openssl/openssl/crypto/opensslv.h
@ -25,11 +25,11 @@
 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
 *  major minor fix final patch/beta)
 */
-#define OPENSSL_VERSION_NUMBER	0x009080ffL
+#define OPENSSL_VERSION_NUMBER	0x0090812fL
 #ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.8o-fips 01 Jun 2010"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.8r-fips 8 Feb 2011"
 #else
-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.8o 01 Jun 2010"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.8r 8 Feb 2011"
 #endif
 #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
--- a/deps/openssl/openssl/crypto/pem/pem_lib.c
+++ b/deps/openssl/openssl/crypto/pem/pem_lib.c
@ -434,7 +434,6 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
 int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
 	{
 	int o;
 	const EVP_CIPHER *enc=NULL;
 	char *p,c;
 	char **header_pp = &header;
@ -474,7 +473,6 @@ int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
 		header++;
 		}
 	*header='\0';
 	o=OBJ_sn2nid(p);
 	cipher->cipher=enc=EVP_get_cipherbyname(p);
 	*header=c;
 	header++;
--- a/deps/openssl/openssl/crypto/pkcs12/p12_key.c
+++ b/deps/openssl/openssl/crypto/pkcs12/p12_key.c
@ -110,6 +110,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
 	unsigned char *B, *D, *I, *p, *Ai;
 	int Slen, Plen, Ilen, Ijlen;
 	int i, j, u, v;
 	int ret = 0;
 	BIGNUM *Ij, *Bpl1;	/* These hold Ij and B + 1 */
 	EVP_MD_CTX ctx;
 #ifdef  DEBUG_KEYGEN
@ -145,10 +146,8 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
 	I = OPENSSL_malloc (Ilen);
 	Ij = BN_new();
 	Bpl1 = BN_new();
-	if (!D || !Ai || !B || !I || !Ij || !Bpl1) {
+	if (!D || !Ai || !B || !I || !Ij || !Bpl1)
-		PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_MALLOC_FAILURE);
+		goto err;
 		return 0;
 	}
 	for (i = 0; i < v; i++) D[i] = id;
 	p = I;
 	for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen];
@ -165,28 +164,22 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
 		}
 		memcpy (out, Ai, min (n, u));
 		if (u >= n) {
 			OPENSSL_free (Ai);
 			OPENSSL_free (B);
 			OPENSSL_free (D);
 			OPENSSL_free (I);
 			BN_free (Ij);
 			BN_free (Bpl1);
 			EVP_MD_CTX_cleanup(&ctx);
 #ifdef DEBUG_KEYGEN
 			fprintf(stderr, "Output KEY (length %d)\n", tmpn);
 			h__dump(tmpout, tmpn);
 #endif
-			return 1;	
+			ret = 1;
 			goto end;
 		}
 		n -= u;
 		out += u;
 		for (j = 0; j < v; j++) B[j] = Ai[j % u];
 		/* Work out B + 1 first then can use B as tmp space */
-		BN_bin2bn (B, v, Bpl1);
+		if (!BN_bin2bn (B, v, Bpl1)) goto err;
-		BN_add_word (Bpl1, 1);
+		if (!BN_add_word (Bpl1, 1)) goto err;
 		for (j = 0; j < Ilen ; j+=v) {
-			BN_bin2bn (I + j, v, Ij);
+			if (!BN_bin2bn (I + j, v, Ij)) goto err;
-			BN_add (Ij, Ij, Bpl1);
+			if (!BN_add (Ij, Ij, Bpl1)) goto err;
 			BN_bn2bin (Ij, B);
 			Ijlen = BN_num_bytes (Ij);
 			/* If more than 2^(v*8) - 1 cut off MSB */
@ -202,6 +195,19 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
 			} else BN_bn2bin (Ij, I + j);
 		}
 	}
 err:
 	PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_MALLOC_FAILURE);
 end:
 	OPENSSL_free (Ai);
 	OPENSSL_free (B);
 	OPENSSL_free (D);
 	OPENSSL_free (I);
 	BN_free (Ij);
 	BN_free (Bpl1);
 	EVP_MD_CTX_cleanup(&ctx);
 	return ret;
 }
 #ifdef DEBUG_KEYGEN
 void h__dump (unsigned char *p, int len)
--- a/deps/openssl/openssl/crypto/pkcs7/pk7_doit.c
+++ b/deps/openssl/openssl/crypto/pkcs7/pk7_doit.c
@ -342,7 +342,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
 	X509_ALGOR *enc_alg=NULL;
 	STACK_OF(X509_ALGOR) *md_sk=NULL;
 	STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
 	X509_ALGOR *xalg=NULL;
 	PKCS7_RECIP_INFO *ri=NULL;
 	i=OBJ_obj2nid(p7->type);
@ -365,7 +364,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
 			PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
 			goto err;
 			}
 		xalg=p7->d.signed_and_enveloped->enc_data->algorithm;
 		break;
 	case NID_pkcs7_enveloped:
 		rsk=p7->d.enveloped->recipientinfo;
@ -377,7 +375,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
 			PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
 			goto err;
 			}
 		xalg=p7->d.enveloped->enc_data->algorithm;
 		break;
 	default:
 		PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
--- a/deps/openssl/openssl/crypto/pkcs7/pk7_lib.c
+++ b/deps/openssl/openssl/crypto/pkcs7/pk7_lib.c
@ -558,7 +558,6 @@ X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
 int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
 	{
 	int i;
 	ASN1_OBJECT *objtmp;
 	PKCS7_ENC_CONTENT *ec;
 	i=OBJ_obj2nid(p7->type);
@ -581,7 +580,6 @@ int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
 		PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
 		return(0);
 	}
 	objtmp = OBJ_nid2obj(i);
 	ec->cipher = cipher;
 	return 1;
--- a/deps/openssl/openssl/crypto/pkcs7/pk7_mime.c
+++ b/deps/openssl/openssl/crypto/pkcs7/pk7_mime.c
@ -73,7 +73,6 @@ static int pk7_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
 	{
 	PKCS7 *p7 = (PKCS7 *)val;
 	BIO *tmpbio, *p7bio;
 	int r = 0;
 	if (!(flags & SMIME_DETACHED))
 		{
@ -95,8 +94,6 @@ static int pk7_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
 	if (PKCS7_dataFinal(p7, p7bio) <= 0)
 		goto err;
 	r = 1;
 	err:
 	/* Now remove any digests prepended to the BIO */
--- a/deps/openssl/openssl/crypto/pqueue/pqueue.c
+++ b/deps/openssl/openssl/crypto/pqueue/pqueue.c
@ -166,14 +166,13 @@ pqueue_pop(pqueue_s *pq)
 pitem *
 pqueue_find(pqueue_s *pq, PQ_64BIT priority)
 	{
-	pitem *next, *prev = NULL;
+	pitem *next;
 	pitem *found = NULL;
 	if ( pq->items == NULL)
 		return NULL;
-	for ( next = pq->items; next->next != NULL; 
+	for ( next = pq->items; next->next != NULL; next = next->next)
 		  prev = next, next = next->next)
 		{
 		if ( pq_64bit_eq(&(next->priority), &priority))
 			{
@ -189,13 +188,6 @@ pqueue_find(pqueue_s *pq, PQ_64BIT priority)
 	if ( ! found)
 		return NULL;
 #if 0 /* find works in peek mode */
 	if ( prev == NULL)
 		pq->items = next->next;
 	else
 		prev->next = next->next;
 #endif
 	return found;
 	}
--- a/deps/openssl/openssl/crypto/rand/rand_nw.c
+++ b/deps/openssl/openssl/crypto/rand/rand_nw.c
@ -160,8 +160,8 @@ int RAND_poll(void)
         rdtsc
         mov tsc, eax        
      }
-#else
+#elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
-      asm volatile("rdtsc":"=A" (tsc));
+      asm volatile("rdtsc":"=a"(tsc)::"edx");
 #endif
      RAND_add(&tsc, sizeof(tsc), 1);
--- a/deps/openssl/openssl/crypto/rand/randfile.c
+++ b/deps/openssl/openssl/crypto/rand/randfile.c
@ -265,8 +265,8 @@ err:
 const char *RAND_file_name(char *buf, size_t size)
 	{
 	char *s=NULL;
 	int ok = 0;
 #ifdef __OpenBSD__
 	int ok = 0;
 	struct stat sb;
 #endif
@ -294,7 +294,9 @@ const char *RAND_file_name(char *buf, size_t size)
 			BUF_strlcat(buf,"/",size);
 #endif
 			BUF_strlcat(buf,RFILE,size);
 #ifdef __OpenBSD__
 			ok = 1;
 #endif
 			}
 		else
 		  	buf[0] = '\0'; /* no file name */
--- a/deps/openssl/openssl/crypto/rc4/asm/rc4-x86_64.pl
+++ b/deps/openssl/openssl/crypto/rc4/asm/rc4-x86_64.pl
@ -167,7 +167,7 @@ $code.=<<___;
 	movzb	($dat,$XX[0]),$TX[0]#d
 	test	\$-8,$len
 	jz	.Lcloop1
-	cmp	\$0,260($dat)
+	cmpl	\$0,260($dat)
 	jnz	.Lcloop1
 	push	%rbx
 	jmp	.Lcloop8
--- a/deps/openssl/openssl/crypto/ripemd/ripemd.h
+++ b/deps/openssl/openssl/crypto/ripemd/ripemd.h
@ -66,8 +66,6 @@
 extern "C" {
 #endif
 #include <stddef.h>
 #ifdef OPENSSL_NO_RIPEMD
 #error RIPEMD is disabled.
 #endif
--- a/deps/openssl/openssl/crypto/rsa/rsa_eay.c
+++ b/deps/openssl/openssl/crypto/rsa/rsa_eay.c
@ -673,7 +673,7 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
 		rsa->_method_mod_n)) goto err;
 	if ((padding == RSA_X931_PADDING) && ((ret->d[0] & 0xf) != 12))
-		BN_sub(ret, rsa->n, ret);
+		if (!BN_sub(ret, rsa->n, ret)) goto err;
 	p=buf;
 	i=BN_bn2bin(ret,p);
--- a/deps/openssl/openssl/crypto/sha/sha.h
+++ b/deps/openssl/openssl/crypto/sha/sha.h
@ -66,8 +66,6 @@
 extern "C" {
 #endif
 #include <stddef.h>
 #if defined(OPENSSL_NO_SHA) || (defined(OPENSSL_NO_SHA0) && defined(OPENSSL_NO_SHA1))
 #error SHA is disabled.
 #endif
--- a/deps/openssl/openssl/crypto/stack/safestack.h
+++ b/deps/openssl/openssl/crypto/stack/safestack.h
@ -127,7 +127,7 @@ STACK_OF(type) \
 	sk_is_sorted(CHECKED_PTR_OF(STACK_OF(type), st))
 #define	SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-	(STACK_OF(type) *)d2i_ASN1_SET(CHECKED_PTR_OF(STACK_OF(type), st), \
+	(STACK_OF(type) *)d2i_ASN1_SET(CHECKED_PTR_OF(STACK_OF(type)*, st), \
 				pp, length, \
 				CHECKED_D2I_OF(type, d2i_func), \
 				CHECKED_SK_FREE_FUNC(type, free_func), \
--- a/deps/openssl/openssl/crypto/ui/ui_openssl.c
+++ b/deps/openssl/openssl/crypto/ui/ui_openssl.c
@ -122,10 +122,7 @@
 * sigaction and fileno included. -pedantic would be more appropriate for
 * the intended purposes, but we can't prevent users from adding -ansi.
 */
 #ifndef _POSIX_C_SOURCE
 #define _POSIX_C_SOURCE 1
 #endif
 #include <signal.h>
 #include <stdio.h>
 #include <string.h>
--- a/deps/openssl/openssl/crypto/x509/x509.h
+++ b/deps/openssl/openssl/crypto/x509/x509.h
@ -256,6 +256,7 @@ typedef struct x509_cinf_st
 	ASN1_BIT_STRING *issuerUID;		/* [ 1 ] optional in v2 */
 	ASN1_BIT_STRING *subjectUID;		/* [ 2 ] optional in v2 */
 	STACK_OF(X509_EXTENSION) *extensions;	/* [ 3 ] optional in v3 */
 	ASN1_ENCODING enc;
 	} X509_CINF;
 /* This stuff is certificate "auxiliary info"
--- a/deps/openssl/openssl/crypto/x509/x509_vfy.c
+++ b/deps/openssl/openssl/crypto/x509/x509_vfy.c
@ -97,7 +97,6 @@ static int x509_subject_cmp(X509 **a, X509 **b)
 int X509_verify_cert(X509_STORE_CTX *ctx)
 	{
 	X509 *x,*xtmp,*chain_ss=NULL;
 	X509_NAME *xn;
 	int bad_chain = 0;
 	X509_VERIFY_PARAM *param = ctx->param;
 	int depth,i,ok=0;
@ -149,7 +148,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
 		                         */
 		/* If we are self signed, we break */
 		xn=X509_get_issuer_name(x);
 		if (ctx->check_issued(ctx, x,x)) break;
 		/* If we were passed a cert chain, use it first */
@ -186,7 +184,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
 	i=sk_X509_num(ctx->chain);
 	x=sk_X509_value(ctx->chain,i-1);
 	xn = X509_get_subject_name(x);
 	if (ctx->check_issued(ctx, x, x))
 		{
 		/* we have a self signed certificate */
@ -235,7 +232,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
 		if (depth < num) break;
 		/* If we are self signed, we break */
 		xn=X509_get_issuer_name(x);
 		if (ctx->check_issued(ctx,x,x)) break;
 		ok = ctx->get_issuer(&xtmp, ctx, x);
@ -254,7 +250,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
 		}
 	/* we now have our chain, lets check it... */
 	xn=X509_get_issuer_name(x);
 	/* Is last certificate looked up self signed? */
 	if (!ctx->check_issued(ctx,x,x))
@ -1380,7 +1375,7 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
 	if (store)
 		ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param);
 	else
-		ctx->param->flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE;
+		ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE;
 	if (store)
 		{
--- a/deps/openssl/openssl/crypto/x509/x_all.c
+++ b/deps/openssl/openssl/crypto/x509/x_all.c
@ -97,6 +97,7 @@ int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
 int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
 	{
 	x->cert_info->enc.modified = 1;
 	return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature,
 		x->sig_alg, x->signature, x->cert_info,pkey,md));
 	}
--- a/deps/openssl/openssl/crypto/x509v3/v3_addr.c
+++ b/deps/openssl/openssl/crypto/x509v3/v3_addr.c
@ -177,12 +177,18 @@ static int i2r_address(BIO *out,
  unsigned char addr[ADDR_RAW_BUF_LEN];
  int i, n;
  if (bs->length < 0)
    return 0;
  switch (afi) {
  case IANA_AFI_IPV4:
    if (bs->length > 4)
      return 0;
    addr_expand(addr, bs, 4, fill);
    BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]);
    break;
  case IANA_AFI_IPV6:
    if (bs->length > 16)
      return 0;
    addr_expand(addr, bs, 16, fill);
    for (n = 16; n > 1 && addr[n-1] == 0x00 && addr[n-2] == 0x00; n -= 2)
      ;
--- a/deps/openssl/openssl/crypto/x509v3/v3_asid.c
+++ b/deps/openssl/openssl/crypto/x509v3/v3_asid.c
@ -61,7 +61,6 @@
 #include <stdio.h>
 #include <string.h>
 #include <assert.h>
 #include "cryptlib.h"
 #include <openssl/conf.h>
 #include <openssl/asn1.h>
@ -172,11 +171,11 @@ static int ASIdOrRange_cmp(const ASIdOrRange * const *a_,
 {
  const ASIdOrRange *a = *a_, *b = *b_;
-  assert((a->type == ASIdOrRange_id && a->u.id != NULL) ||
+  OPENSSL_assert((a->type == ASIdOrRange_id && a->u.id != NULL) ||
 	 (a->type == ASIdOrRange_range && a->u.range != NULL &&
 	  a->u.range->min != NULL && a->u.range->max != NULL));
-  assert((b->type == ASIdOrRange_id && b->u.id != NULL) ||
+  OPENSSL_assert((b->type == ASIdOrRange_id && b->u.id != NULL) ||
 	 (b->type == ASIdOrRange_range && b->u.range != NULL &&
 	  b->u.range->min != NULL && b->u.range->max != NULL));
@ -215,7 +214,7 @@ int v3_asid_add_inherit(ASIdentifiers *asid, int which)
  if (*choice == NULL) {
    if ((*choice = ASIdentifierChoice_new()) == NULL)
      return 0;
-    assert((*choice)->u.inherit == NULL);
+    OPENSSL_assert((*choice)->u.inherit == NULL);
    if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL)
      return 0;
    (*choice)->type = ASIdentifierChoice_inherit;
@ -250,7 +249,7 @@ int v3_asid_add_id_or_range(ASIdentifiers *asid,
  if (*choice == NULL) {
    if ((*choice = ASIdentifierChoice_new()) == NULL)
      return 0;
-    assert((*choice)->u.asIdsOrRanges == NULL);
+    OPENSSL_assert((*choice)->u.asIdsOrRanges == NULL);
    (*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp);
    if ((*choice)->u.asIdsOrRanges == NULL)
      return 0;
@ -286,7 +285,7 @@ static void extract_min_max(ASIdOrRange *aor,
 			    ASN1_INTEGER **min,
 			    ASN1_INTEGER **max)
 {
-  assert(aor != NULL && min != NULL && max != NULL);
+  OPENSSL_assert(aor != NULL && min != NULL && max != NULL);
  switch (aor->type) {
  case ASIdOrRange_id:
    *min = aor->u.id;
@ -373,7 +372,7 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
 int v3_asid_is_canonical(ASIdentifiers *asid)
 {
  return (asid == NULL ||
-	  (ASIdentifierChoice_is_canonical(asid->asnum) ||
+	  (ASIdentifierChoice_is_canonical(asid->asnum) &&
 	   ASIdentifierChoice_is_canonical(asid->rdi)));
 }
@ -395,7 +394,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
  /*
   * We have a list.  Sort it.
   */
-  assert(choice->type == ASIdentifierChoice_asIdsOrRanges);
+  OPENSSL_assert(choice->type == ASIdentifierChoice_asIdsOrRanges);
  sk_ASIdOrRange_sort(choice->u.asIdsOrRanges);
  /*
@ -413,7 +412,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
    /*
     * Make sure we're properly sorted (paranoia).
     */
-    assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0);
+    OPENSSL_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0);
    /*
     * Check for overlaps.
@ -472,7 +471,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
    }
  }
-  assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */
+  OPENSSL_assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */
  ret = 1;
@ -709,9 +708,9 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
  int i, ret = 1, inherit_as = 0, inherit_rdi = 0;
  X509 *x = NULL;
-  assert(chain != NULL && sk_X509_num(chain) > 0);
+  OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0);
-  assert(ctx != NULL || ext != NULL);
+  OPENSSL_assert(ctx != NULL || ext != NULL);
-  assert(ctx == NULL || ctx->verify_cb != NULL);
+  OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL);
  /*
   * Figure out where to start.  If we don't have an extension to
@ -723,7 +722,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
  } else {
    i = 0;
    x = sk_X509_value(chain, i);
-    assert(x != NULL);
+    OPENSSL_assert(x != NULL);
    if ((ext = x->rfc3779_asid) == NULL)
      goto done;
  }
@ -756,7 +755,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
   */
  for (i++; i < sk_X509_num(chain); i++) {
    x = sk_X509_value(chain, i);
-    assert(x != NULL);
+    OPENSSL_assert(x != NULL);
    if (x->rfc3779_asid == NULL) {
      if (child_as != NULL || child_rdi != NULL)
 	validation_err(X509_V_ERR_UNNESTED_RESOURCE);
--- a/deps/openssl/openssl/crypto/x509v3/v3_ncons.c
+++ b/deps/openssl/openssl/crypto/x509v3/v3_ncons.c
@ -182,7 +182,6 @@ static int do_i2r_name_constraints(X509V3_EXT_METHOD *method,
 			print_nc_ipadd(bp, tree->base->d.ip);
 		else
 			GENERAL_NAME_print(bp, tree->base);
 		tree = sk_GENERAL_SUBTREE_value(trees, i);
 		BIO_puts(bp, "\n");
 		}
 	return 1;
--- a/deps/openssl/openssl/engines/e_chil.c
+++ b/deps/openssl/openssl/engines/e_chil.c
@ -1080,11 +1080,11 @@ static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 static int hwcrhk_rsa_finish(RSA *rsa)
 	{
 	HWCryptoHook_RSAKeyHandle *hptr;
-	int ret;
+
 	hptr = RSA_get_ex_data(rsa, hndidx_rsa);
 	if (hptr)
                {
-                ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL);
+                p_hwcrhk_RSAUnloadKey(*hptr, NULL);
                OPENSSL_free(hptr);
 		RSA_set_ex_data(rsa, hndidx_rsa, NULL);
                }
--- a/deps/openssl/openssl/engines/e_cswift.c
+++ b/deps/openssl/openssl/engines/e_cswift.c
@ -811,7 +811,6 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 	SW_PARAM sw_param;
 	SW_STATUS sw_status;
 	SW_LARGENUMBER arg, res;
 	unsigned char *ptr;
 	BN_CTX *ctx;
 	BIGNUM *dsa_p = NULL;
 	BIGNUM *dsa_q = NULL;
@ -899,7 +898,6 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 		goto err;
 		}
 	/* Convert the response */
 	ptr = (unsigned char *)result->d;
 	if((to_return = DSA_SIG_new()) == NULL)
 		goto err;
 	to_return->r = BN_bin2bn((unsigned char *)result->d, 20, NULL);
--- a/deps/openssl/openssl/engines/e_ubsec.c
+++ b/deps/openssl/openssl/engines/e_ubsec.c
@ -631,10 +631,8 @@ static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 			const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx)
 	{
 	int	y_len,
 		m_len,
 		fd;
 	m_len = BN_num_bytes(p) + BN_num_bytes(q) + 1;
 	y_len = BN_num_bits(p) + BN_num_bits(q);
 	/* Check if hardware can't handle this argument. */
--- a/deps/openssl/openssl/fips/fips_canister.c
+++ b/deps/openssl/openssl/fips/fips_canister.c
@ -19,6 +19,7 @@
 	(defined(__linux) && (defined(__arm) || defined(__arm__)))	|| \
 	(defined(__i386) || defined(__i386__))				|| \
 	(defined(__x86_64) || defined(__x86_64__))			|| \
 	defined(__ANDROID__)						|| \
 	(defined(vax) || defined(__vax__))
 #  define POINTER_TO_FUNCTION_IS_POINTER_TO_1ST_INSTRUCTION
 # endif
--- a/deps/openssl/openssl/fips/mkfipsscr.pl
+++ b/deps/openssl/openssl/fips/mkfipsscr.pl
@ -297,12 +297,16 @@ my $filter = "";
 my $tvdir;
 my $tprefix;
 my $shwrap_prefix;
 my $shwrap;
 my $rmcmd = "rm -rf";
 my $mkcmd = "mkdir";
 my $debug = 0;
 my $quiet = 0;
 my $rspdir = "rsp";
 my $rspignore = 0;
 my @bogus = ();			# list of unmatched *.rsp files
 my $bufout = '';
 my $bufdir = '';
 my %_programs = ();		# list of external programs to check
 foreach (@ARGV)
@ -331,6 +335,10 @@ foreach (@ARGV)
 		{
 		$rspdir = $1;
 		}
 	elsif (/--noshwrap$/)
 		{
 		$shwrap = "";
 		}
 	elsif (/--rspignore$/)
 		{
 		$rspignore = 1;
@ -347,6 +355,14 @@ foreach (@ARGV)
 		{
 		$filter = $1;
 		}
 	elsif (/--mkdir=(.*)$/)
 		{
 		$mkcmd = $1;
 		}
 	elsif (/--rm=(.*)$/)
 		{
 		$rmcmd = $1;
 		}
 	elsif (/--outfile=(.*)$/)
 		{
 		$outfile = $1;
@ -396,6 +412,8 @@ else
 		$shwrap_prefix = "../util/" unless defined $shwrap_prefix;
 		}
 	$shwrap = "${shwrap_prefix}shlib_wrap.sh " unless defined $shwrap;
 	$bufinit .= <<END;
 #!/bin/sh
@ -403,6 +421,9 @@ else
 # Auto generated by mkfipsscr.pl script
 # Do not edit
 RM="$rmcmd"
 MKDIR="$mkcmd"
 TPREFIX=$tprefix
 END
 	}
@ -546,7 +567,7 @@ sub test_dir
 		{
 		$rsp =~ tr|/|\\|;
 		$req =~ tr|/|\\|;
-		$bufout .= <<END;
+		$bufdir = <<END;
 echo Running tests in $req
 if exist "$rsp" rd /s /q "$rsp"
@ -555,11 +576,11 @@ END
 		}
 	else
 		{
-		$bufout .= <<END;
+		$bufdir = <<END;
 echo Running tests in "$req"
-rm -rf "$rsp"
+\$RM "$rsp"
-mkdir "$rsp"
+\$MKDIR "$rsp"
 END
 		}
@ -571,6 +592,10 @@ sub test_line
 	my ($win32, $req, $tprefix, $tnam) = @_;
 	my $rsp = $req;
 	my $tcmd = $fips_tests{$tnam};
 	$bufout .= $bufdir;
 	$bufdir = "";
 	$rsp =~ s/req\/([^\/]*).req$/$rspdir\/$1.rsp/;
 	if ($tcmd =~ /-f$/)
 		{
@ -584,7 +609,7 @@ sub test_line
 		else
 			{
 			$bufout .= <<END;
-${shwrap_prefix}shlib_wrap.sh $tprefix$tcmd "$req" "$rsp" || { echo "$req failure" ; exit 1 
+${shwrap}\${TPREFIX}$tcmd "$req" "$rsp" || { echo "$req failure" ; exit 1 
 }
 END
 			$_programs{"${shwrap_prefix}shlib_wrap.sh"} = 1;
@ -624,7 +649,7 @@ END
 	else
 		{
 		$bufout .= <<END;
-${shwrap_prefix}shlib_wrap.sh $tprefix$tcmd < "$req" > "$rsp" || { echo "$req failure" ; exit 1; }
+${shwrap}\${TPREFIX}$tcmd < "$req" > "$rsp" || { echo "$req failure" ; exit 1; }
 END
 		$_programs{"$tprefix$tcmd"} = 1;
 		}
--- a/deps/openssl/openssl/openssl.spec
+++ b/deps/openssl/openssl/openssl.spec
@ -2,7 +2,7 @@
 %define libmaj 0
 %define libmin 9
 %define librel 8
-%define librev o
+%define librev r
 Release: 1
 %define openssldir /var/ssl
--- a/deps/openssl/openssl/ssl/d1_clnt.c
+++ b/deps/openssl/openssl/ssl/d1_clnt.c
@ -144,7 +144,7 @@ IMPLEMENT_dtls1_meth_func(DTLSv1_client_method,
 int dtls1_connect(SSL *s)
 	{
 	BUF_MEM *buf=NULL;
-	unsigned long Time=(unsigned long)time(NULL),l;
+	unsigned long Time=(unsigned long)time(NULL);
 	void (*cb)(const SSL *ssl,int type,int val)=NULL;
 	int ret= -1;
 	int new_state,state,skip=0;;
@ -374,7 +374,6 @@ int dtls1_connect(SSL *s)
 			dtls1_start_timer(s);
 			ret=dtls1_send_client_key_exchange(s);
 			if (ret <= 0) goto end;
 			l=s->s3->tmp.new_cipher->algorithms;
 			/* EAY EAY EAY need to check for DH fix cert
 			 * sent back */
 			/* For TLS, cert_req is set to 2, so a cert chain
--- a/deps/openssl/openssl/ssl/d1_enc.c
+++ b/deps/openssl/openssl/ssl/d1_enc.c
@ -131,13 +131,11 @@ int dtls1_enc(SSL *s, int send)
 	SSL3_RECORD *rec;
 	EVP_CIPHER_CTX *ds;
 	unsigned long l;
-	int bs,i,ii,j,k,n=0;
+	int bs,i,ii,j,k;
 	const EVP_CIPHER *enc;
 	if (send)
 		{
 		if (s->write_hash != NULL)
 			n=EVP_MD_size(s->write_hash);
 		ds=s->enc_write_ctx;
 		rec= &(s->s3->wrec);
 		if (s->enc_write_ctx == NULL)
@ -158,8 +156,6 @@ int dtls1_enc(SSL *s, int send)
 		}
 	else
 		{
 		if (s->read_hash != NULL)
 			n=EVP_MD_size(s->read_hash);
 		ds=s->enc_read_ctx;
 		rec= &(s->s3->rrec);
 		if (s->enc_read_ctx == NULL)
@ -224,11 +220,7 @@ int dtls1_enc(SSL *s, int send)
 		if (!send)
 			{
 			if (l == 0 || l%bs != 0)
-				{
+				return -1;
 				SSLerr(SSL_F_DTLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
 				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
 				return 0;
 				}
 			}
 		EVP_Cipher(ds,rec->data,rec->input,l);
--- a/deps/openssl/openssl/ssl/d1_pkt.c
+++ b/deps/openssl/openssl/ssl/d1_pkt.c
@ -256,9 +256,6 @@ dtls1_process_buffered_records(SSL *s)
    item = pqueue_peek(s->d1->unprocessed_rcds.q);
    if (item)
        {
        DTLS1_RECORD_DATA *rdata;
        rdata = (DTLS1_RECORD_DATA *)item->data;
        /* Check if epoch is current. */
        if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch)
            return(1);  /* Nothing to do. */
@ -331,7 +328,7 @@ dtls1_get_buffered_record(SSL *s)
 static int
 dtls1_process_record(SSL *s)
 {
-    int i,al;
+    int al;
 	int clear=0;
    int enc_err;
 	SSL_SESSION *sess;
@ -377,7 +374,8 @@ dtls1_process_record(SSL *s)
 			goto err;
 		/* otherwise enc_err == -1 */
-		goto err;
+		al=SSL_AD_BAD_RECORD_MAC;
 		goto f_err;
 		}
 #ifdef TLS_DEBUG
@ -418,7 +416,7 @@ if (	(sess == NULL) ||
 #endif
 			}
 		rr->length-=mac_size;
-		i=s->method->ssl3_enc->mac(s,md,0);
+		s->method->ssl3_enc->mac(s,md,0);
 		if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
 			{
 			goto err;
@ -484,14 +482,12 @@ int dtls1_get_record(SSL *s)
 	int ssl_major,ssl_minor;
 	int i,n;
 	SSL3_RECORD *rr;
 	SSL_SESSION *sess;
 	unsigned char *p = NULL;
 	unsigned short version;
 	DTLS1_BITMAP *bitmap;
 	unsigned int is_next_epoch;
 	rr= &(s->s3->rrec);
 	sess=s->session;
    /* The epoch may have changed.  If so, process all the
     * pending records.  This is a non-blocking operation. */
--- a/deps/openssl/openssl/ssl/s23_lib.c
+++ b/deps/openssl/openssl/ssl/s23_lib.c
@ -97,14 +97,8 @@ SSL_CIPHER *ssl23_get_cipher(unsigned int u)
 * available */
 SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p)
 	{
-	SSL_CIPHER c,*cp;
+	SSL_CIPHER *cp;
 	unsigned long id;
 	int n;
 	n=ssl3_num_ciphers();
 	id=0x03000000|((unsigned long)p[0]<<16L)|
 		((unsigned long)p[1]<<8L)|(unsigned long)p[2];
 	c.id=id;
 	cp=ssl3_get_cipher_by_char(p);
 #ifndef OPENSSL_NO_SSL2
 	if (cp == NULL)
--- a/deps/openssl/openssl/ssl/s2_srvr.c
+++ b/deps/openssl/openssl/ssl/s2_srvr.c
@ -403,13 +403,14 @@ static int get_client_master_key(SSL *s)
 		p+=3;
 		n2s(p,i); s->s2->tmp.clear=i;
 		n2s(p,i); s->s2->tmp.enc=i;
-		n2s(p,i); s->session->key_arg_length=i;
+		n2s(p,i);
-		if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
+		if(i > SSL_MAX_KEY_ARG_LENGTH)
 			{
 			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
 			SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_KEY_ARG_TOO_LONG);
 			return -1;
 			}
 		s->session->key_arg_length=i;
 		s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
 		}
@ -697,7 +698,6 @@ static int server_hello(SSL *s)
 	{
 	unsigned char *p,*d;
 	int n,hit;
 	STACK_OF(SSL_CIPHER) *sk;
 	p=(unsigned char *)s->init_buf->data;
 	if (s->state == SSL2_ST_SEND_SERVER_HELLO_A)
@ -778,7 +778,6 @@ static int server_hello(SSL *s)
 			/* lets send out the ciphers we like in the
 			 * prefered order */
 			sk= s->session->ciphers;
 			n=ssl_cipher_list_to_bytes(s,s->session->ciphers,d,0);
 			d+=n;
 			s2n(n,p);		/* add cipher length */
--- a/Show More
+++ b/Show More