Update openssl to 1.0.2g

Signed-off-by: Gary Lin <glin@suse.com>
2025-08-14 17:20:17 +00:00 · 2016-03-17 14:59:04 +08:00 · 2016-03-17 14:59:04 +08:00 · 0297aa3cf3
commit 0297aa3cf3
parent 7b9281af14
94 changed files with 1242 additions and 913 deletions
--- a/Cryptlib/Include/openssl/aes.h
+++ b/Cryptlib/Include/openssl/aes.h
@ -1,4 +1,4 @@
-/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes.h */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
--- a/Cryptlib/Include/openssl/asn1_mac.h
+++ b/Cryptlib/Include/openssl/asn1_mac.h
@ -70,7 +70,7 @@ extern "C" {
 # endif
 # define ASN1_MAC_H_err(f,r,line) \
-        ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line))
+        ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),OPENSSL_FILE,(line))
 # define M_ASN1_D2I_vars(a,type,func) \
        ASN1_const_CTX c; \
@ -81,7 +81,7 @@ extern "C" {
        c.error=ERR_R_NESTED_ASN1_ERROR; \
        if ((a == NULL) || ((*a) == NULL)) \
                { if ((ret=(type)func()) == NULL) \
-                        { c.line=__LINE__; goto err; } } \
+                        { c.line=OPENSSL_LINE; goto err; } } \
        else    ret=(*a);
 # define M_ASN1_D2I_Init() \
@ -90,7 +90,7 @@ extern "C" {
 # define M_ASN1_D2I_Finish_2(a) \
        if (!asn1_const_Finish(&c)) \
-                { c.line=__LINE__; goto err; } \
+                { c.line=OPENSSL_LINE; goto err; } \
        *(const unsigned char **)pp=c.p; \
        if (a != NULL) (*a)=ret; \
        return(ret);
@ -105,7 +105,7 @@ err:\
 # define M_ASN1_D2I_start_sequence() \
        if (!asn1_GetSequence(&c,&length)) \
-                { c.line=__LINE__; goto err; }
+                { c.line=OPENSSL_LINE; goto err; }
 /* Begin reading ASN1 without a surrounding sequence */
 # define M_ASN1_D2I_begin() \
        c.slen = length;
@ -129,21 +129,21 @@ err:\
 # define M_ASN1_D2I_get(b, func) \
        c.q=c.p; \
        if (func(&(b),&c.p,c.slen) == NULL) \
-                {c.line=__LINE__; goto err; } \
+                {c.line=OPENSSL_LINE; goto err; } \
        c.slen-=(c.p-c.q);
 /* Don't use this with d2i_ASN1_BOOLEAN() */
 # define M_ASN1_D2I_get_x(type,b,func) \
        c.q=c.p; \
        if (((D2I_OF(type))func)(&(b),&c.p,c.slen) == NULL) \
-                {c.line=__LINE__; goto err; } \
+                {c.line=OPENSSL_LINE; goto err; } \
        c.slen-=(c.p-c.q);
 /* use this instead () */
 # define M_ASN1_D2I_get_int(b,func) \
        c.q=c.p; \
        if (func(&(b),&c.p,c.slen) < 0) \
-                {c.line=__LINE__; goto err; } \
+                {c.line=OPENSSL_LINE; goto err; } \
        c.slen-=(c.p-c.q);
 # define M_ASN1_D2I_get_opt(b,func,type) \
@ -164,7 +164,7 @@ err:\
        M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \
        c.q=c.p; \
        if (func(&(b),&c.p,c.slen) == NULL) \
-                {c.line=__LINE__; M_ASN1_next_prev = _tmp; goto err; } \
+                {c.line=OPENSSL_LINE; M_ASN1_next_prev = _tmp; goto err; } \
        c.slen-=(c.p-c.q);\
        M_ASN1_next_prev=_tmp;
@ -258,20 +258,20 @@ err:\
        c.q=c.p; \
        if (d2i_ASN1_SET(&(r),&c.p,c.slen,(char *(*)())func,\
                (void (*)())free_func,a,b) == NULL) \
-                { c.line=__LINE__; goto err; } \
+                { c.line=OPENSSL_LINE; goto err; } \
        c.slen-=(c.p-c.q);
 # define M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,a,b) \
        c.q=c.p; \
        if (d2i_ASN1_SET_OF_##type(&(r),&c.p,c.slen,func,\
                                   free_func,a,b) == NULL) \
-                { c.line=__LINE__; goto err; } \
+                { c.line=OPENSSL_LINE; goto err; } \
        c.slen-=(c.p-c.q);
 # define M_ASN1_D2I_get_set_strings(r,func,a,b) \
        c.q=c.p; \
        if (d2i_ASN1_STRING_SET(&(r),&c.p,c.slen,a,b) == NULL) \
-                { c.line=__LINE__; goto err; } \
+                { c.line=OPENSSL_LINE; goto err; } \
        c.slen-=(c.p-c.q);
 # define M_ASN1_D2I_get_EXP_opt(r,func,tag) \
@ -285,16 +285,16 @@ err:\
                Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
                if (Tinf & 0x80) \
                        { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
-                        c.line=__LINE__; goto err; } \
+                        c.line=OPENSSL_LINE; goto err; } \
                if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
                                        Tlen = c.slen - (c.p - c.q) - 2; \
                if (func(&(r),&c.p,Tlen) == NULL) \
-                        { c.line=__LINE__; goto err; } \
+                        { c.line=OPENSSL_LINE; goto err; } \
                if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
                        Tlen = c.slen - (c.p - c.q); \
                        if(!ASN1_const_check_infinite_end(&c.p, Tlen)) \
                                { c.error=ERR_R_MISSING_ASN1_EOS; \
-                                c.line=__LINE__; goto err; } \
+                                c.line=OPENSSL_LINE; goto err; } \
                }\
                c.slen-=(c.p-c.q); \
                }
@ -310,18 +310,18 @@ err:\
                Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
                if (Tinf & 0x80) \
                        { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
-                        c.line=__LINE__; goto err; } \
+                        c.line=OPENSSL_LINE; goto err; } \
                if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
                                        Tlen = c.slen - (c.p - c.q) - 2; \
                if (d2i_ASN1_SET(&(r),&c.p,Tlen,(char *(*)())func, \
                        (void (*)())free_func, \
                        b,V_ASN1_UNIVERSAL) == NULL) \
-                        { c.line=__LINE__; goto err; } \
+                        { c.line=OPENSSL_LINE; goto err; } \
                if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
                        Tlen = c.slen - (c.p - c.q); \
                        if(!ASN1_check_infinite_end(&c.p, Tlen)) \
                                { c.error=ERR_R_MISSING_ASN1_EOS; \
-                                c.line=__LINE__; goto err; } \
+                                c.line=OPENSSL_LINE; goto err; } \
                }\
                c.slen-=(c.p-c.q); \
                }
@ -337,17 +337,17 @@ err:\
                Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
                if (Tinf & 0x80) \
                        { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
-                        c.line=__LINE__; goto err; } \
+                        c.line=OPENSSL_LINE; goto err; } \
                if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
                                        Tlen = c.slen - (c.p - c.q) - 2; \
                if (d2i_ASN1_SET_OF_##type(&(r),&c.p,Tlen,func, \
                        free_func,b,V_ASN1_UNIVERSAL) == NULL) \
-                        { c.line=__LINE__; goto err; } \
+                        { c.line=OPENSSL_LINE; goto err; } \
                if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
                        Tlen = c.slen - (c.p - c.q); \
                        if(!ASN1_check_infinite_end(&c.p, Tlen)) \
                                { c.error=ERR_R_MISSING_ASN1_EOS; \
-                                c.line=__LINE__; goto err; } \
+                                c.line=OPENSSL_LINE; goto err; } \
                }\
                c.slen-=(c.p-c.q); \
                }
@ -355,7 +355,7 @@ err:\
 /* New macros */
 # define M_ASN1_New_Malloc(ret,type) \
        if ((ret=(type *)OPENSSL_malloc(sizeof(type))) == NULL) \
-                { c.line=__LINE__; goto err2; }
+                { c.line=OPENSSL_LINE; goto err2; }
 # define M_ASN1_New(arg,func) \
        if (((arg)=func()) == NULL) return(NULL)
--- a/Cryptlib/Include/openssl/bio.h
+++ b/Cryptlib/Include/openssl/bio.h
@ -479,11 +479,11 @@ struct bio_dgram_sctp_prinfo {
 # define BIO_get_conn_hostname(b)  BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)
 # define BIO_get_conn_port(b)      BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)
 # define BIO_get_conn_ip(b)               BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)
-# define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3,0)
+# define BIO_get_conn_int_port(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
 # define BIO_set_nbio(b,n)       BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
-/* BIO_s_accept_socket() */
+/* BIO_s_accept() */
 # define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name)
 # define BIO_get_accept_port(b)  BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)
 /* #define BIO_set_nbio(b,n)    BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */
@ -496,6 +496,7 @@ struct bio_dgram_sctp_prinfo {
 # define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL)
 # define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL)
 /* BIO_s_accept() and BIO_s_connect() */
 # define BIO_do_connect(b)       BIO_do_handshake(b)
 # define BIO_do_accept(b)        BIO_do_handshake(b)
 # define BIO_do_handshake(b)     BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
@ -515,12 +516,15 @@ struct bio_dgram_sctp_prinfo {
 # define BIO_get_url(b,url)      BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url))
 # define BIO_get_no_connect_return(b)    BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,5,NULL)
 /* BIO_s_datagram(), BIO_s_fd(), BIO_s_socket(), BIO_s_accept() and BIO_s_connect() */
 # define BIO_set_fd(b,fd,c)      BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
 # define BIO_get_fd(b,c)         BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)
 /* BIO_s_file() */
 # define BIO_set_fp(b,fp,c)      BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp)
 # define BIO_get_fp(b,fpp)       BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp)
 /* BIO_s_fd() and BIO_s_file() */
 # define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL)
 # define BIO_tell(b)     (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL)
@ -646,10 +650,10 @@ int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix,
 int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix,
                        asn1_ps_func **psuffix_free);
 # ifndef OPENSSL_NO_FP_API
 BIO_METHOD *BIO_s_file(void);
 BIO *BIO_new_file(const char *filename, const char *mode);
 BIO *BIO_new_fp(FILE *stream, int close_flag);
 # ifndef OPENSSL_NO_FP_API
 #  define BIO_s_file_internal    BIO_s_file
 # endif
 BIO *BIO_new(BIO_METHOD *type);
@ -685,7 +689,7 @@ long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi,
                        long argl, long ret);
 BIO_METHOD *BIO_s_mem(void);
-BIO *BIO_new_mem_buf(void *buf, int len);
+BIO *BIO_new_mem_buf(const void *buf, int len);
 BIO_METHOD *BIO_s_socket(void);
 BIO_METHOD *BIO_s_connect(void);
 BIO_METHOD *BIO_s_accept(void);
--- a/Cryptlib/Include/openssl/bn.h
+++ b/Cryptlib/Include/openssl/bn.h
@ -125,6 +125,7 @@
 #ifndef HEADER_BN_H
 # define HEADER_BN_H
 # include <limits.h>
 # include <openssl/e_os2.h>
 # ifndef OPENSSL_NO_FP_API
 #  include <stdio.h>            /* FILE */
@ -721,8 +722,17 @@ const BIGNUM *BN_get0_nist_prime_521(void);
 /* library internal functions */
-# define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\
+# define bn_expand(a,bits) \
-        (a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2))
+    ( \
        bits > (INT_MAX - BN_BITS2 + 1) ? \
            NULL \
        : \
            (((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax) ? \
                (a) \
            : \
                bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2) \
    )
 # define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words)))
 BIGNUM *bn_expand2(BIGNUM *a, int words);
 # ifndef OPENSSL_NO_DEPRECATED
--- a/Cryptlib/Include/openssl/camellia.h
+++ b/Cryptlib/Include/openssl/camellia.h
@ -1,4 +1,4 @@
-/* crypto/camellia/camellia.h -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/camellia/camellia.h */
 /* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
--- a/Cryptlib/Include/openssl/conf.h
+++ b/Cryptlib/Include/openssl/conf.h
@ -118,8 +118,10 @@ typedef void conf_finish_func (CONF_IMODULE *md);
 int CONF_set_default_method(CONF_METHOD *meth);
 void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash);
 # ifndef OPENSSL_NO_STDIO
 LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,
                                long *eline);
 # endif
 # ifndef OPENSSL_NO_FP_API
 LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,
                                   long *eline);
@ -133,7 +135,9 @@ char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group,
 long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group,
                     const char *name);
 void CONF_free(LHASH_OF(CONF_VALUE) *conf);
 #ifndef OPENSSL_NO_FP_API
 int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out);
 #endif
 int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out);
 void OPENSSL_config(const char *config_name);
@ -160,7 +164,9 @@ CONF_METHOD *NCONF_XML(void);
 void NCONF_free(CONF *conf);
 void NCONF_free_data(CONF *conf);
 # ifndef OPENSSL_NO_STDIO
 int NCONF_load(CONF *conf, const char *file, long *eline);
 # endif
 # ifndef OPENSSL_NO_FP_API
 int NCONF_load_fp(CONF *conf, FILE *fp, long *eline);
 # endif
@ -170,7 +176,9 @@ STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,
 char *NCONF_get_string(const CONF *conf, const char *group, const char *name);
 int NCONF_get_number_e(const CONF *conf, const char *group, const char *name,
                       long *result);
 #ifndef OPENSSL_NO_FP_API
 int NCONF_dump_fp(const CONF *conf, FILE *out);
 #endif
 int NCONF_dump_bio(const CONF *conf, BIO *out);
 # if 0                          /* The following function has no error
@ -184,8 +192,10 @@ long NCONF_get_number(CONF *conf, char *group, char *name);
 int CONF_modules_load(const CONF *cnf, const char *appname,
                      unsigned long flags);
 #ifndef OPENSSL_NO_STDIO
 int CONF_modules_load_file(const char *filename, const char *appname,
                           unsigned long flags);
 #endif
 void CONF_modules_unload(int all);
 void CONF_modules_finish(void);
 void CONF_modules_free(void);
--- a/Cryptlib/Include/openssl/crypto.h
+++ b/Cryptlib/Include/openssl/crypto.h
@ -235,15 +235,15 @@ typedef struct openssl_item_st {
 # ifndef OPENSSL_NO_LOCKING
 #  ifndef CRYPTO_w_lock
 #   define CRYPTO_w_lock(type)     \
-        CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,NULL,0)
+        CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE)
 #   define CRYPTO_w_unlock(type)   \
-        CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,NULL,0)
+        CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE)
 #   define CRYPTO_r_lock(type)     \
-        CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,NULL,0)
+        CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE)
 #   define CRYPTO_r_unlock(type)   \
-        CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,NULL,0)
+        CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE)
 #   define CRYPTO_add(addr,amount,type)    \
-        CRYPTO_add_lock(addr,amount,type,NULL,0)
+        CRYPTO_add_lock(addr,amount,type,OPENSSL_FILE,OPENSSL_LINE)
 #  endif
 # else
 #  define CRYPTO_w_lock(a)
@ -378,19 +378,19 @@ int CRYPTO_is_mem_check_on(void);
 # define MemCheck_off()  CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
 # define is_MemCheck_on() CRYPTO_is_mem_check_on()
-# define OPENSSL_malloc(num)     CRYPTO_malloc((int)num,NULL,0)
+# define OPENSSL_malloc(num)     CRYPTO_malloc((int)num,OPENSSL_FILE,OPENSSL_LINE)
-# define OPENSSL_strdup(str)     CRYPTO_strdup((str),NULL,0)
+# define OPENSSL_strdup(str)     CRYPTO_strdup((str),OPENSSL_FILE,OPENSSL_LINE)
 # define OPENSSL_realloc(addr,num) \
-        CRYPTO_realloc((char *)addr,(int)num,NULL,0)
+        CRYPTO_realloc((char *)addr,(int)num,OPENSSL_FILE,OPENSSL_LINE)
 # define OPENSSL_realloc_clean(addr,old_num,num) \
-        CRYPTO_realloc_clean(addr,old_num,num,NULL,0)
+        CRYPTO_realloc_clean(addr,old_num,num,OPENSSL_FILE,OPENSSL_LINE)
 # define OPENSSL_remalloc(addr,num) \
-        CRYPTO_remalloc((char **)addr,(int)num,NULL,0)
+        CRYPTO_remalloc((char **)addr,(int)num,OPENSSL_FILE,OPENSSL_LINE)
 # define OPENSSL_freeFunc        CRYPTO_free
 # define OPENSSL_free(addr)      CRYPTO_free(addr)
 # define OPENSSL_malloc_locked(num) \
-        CRYPTO_malloc_locked((int)num,NULL,0)
+        CRYPTO_malloc_locked((int)num,OPENSSL_FILE,OPENSSL_LINE)
 # define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
 const char *SSLeay_version(int type);
@ -545,7 +545,7 @@ void CRYPTO_set_mem_debug_options(long bits);
 long CRYPTO_get_mem_debug_options(void);
 # define CRYPTO_push_info(info) \
-        CRYPTO_push_info_(info, NULL, 0);
+        CRYPTO_push_info_(info, OPENSSL_FILE, OPENSSL_LINE);
 int CRYPTO_push_info_(const char *info, const char *file, int line);
 int CRYPTO_pop_info(void);
 int CRYPTO_remove_all_info(void);
@ -588,7 +588,7 @@ void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb);
 /* die if we have to */
 void OpenSSLDie(const char *file, int line, const char *assertion);
-# define OPENSSL_assert(e)       (void)((e) ? 0 : (OpenSSLDie(NULL, 0, #e),1))
+# define OPENSSL_assert(e)       (void)((e) ? 0 : (OpenSSLDie(OPENSSL_FILE, OPENSSL_LINE, #e),1))
 unsigned long *OPENSSL_ia32cap_loc(void);
 # define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
@ -605,14 +605,14 @@ void OPENSSL_init(void);
 #  define fips_md_init_ctx(alg, cx) \
        int alg##_Init(cx##_CTX *c) \
        { \
-        if (FIPS_mode()) OpenSSLDie(NULL, 0, \
+        if (FIPS_mode()) OpenSSLDie(OPENSSL_FILE, OPENSSL_LINE, \
                "Low level API call to digest " #alg " forbidden in FIPS mode!"); \
        return private_##alg##_Init(c); \
        } \
        int private_##alg##_Init(cx##_CTX *c)
 #  define fips_cipher_abort(alg) \
-        if (FIPS_mode()) OpenSSLDie(NULL, 0, \
+        if (FIPS_mode()) OpenSSLDie(OPENSSL_FILE, OPENSSL_LINE, \
                "Low level API call to cipher " #alg " forbidden in FIPS mode!")
 # else
@ -628,7 +628,7 @@ void OPENSSL_init(void);
 * into a defined order as the return value when a != b is undefined, other
 * than to be non-zero.
 */
-int CRYPTO_memcmp(const void *a, const void *b, size_t len);
+int CRYPTO_memcmp(const volatile void *a, const volatile void *b, size_t len);
 /* BEGIN ERROR CODES */
 /*
--- a/Cryptlib/Include/openssl/des_old.h
+++ b/Cryptlib/Include/openssl/des_old.h
@ -1,4 +1,4 @@
-/* crypto/des/des_old.h -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/des/des_old.h */
 /*-
 * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
--- a/Cryptlib/Include/openssl/dh.h
+++ b/Cryptlib/Include/openssl/dh.h
@ -174,6 +174,7 @@ struct dh_st {
 /* DH_check_pub_key error codes */
 # define DH_CHECK_PUBKEY_TOO_SMALL       0x01
 # define DH_CHECK_PUBKEY_TOO_LARGE       0x02
 # define DH_CHECK_PUBKEY_INVALID         0x04
 /*
 * primes p where (p-1)/2 is prime too are called "safe"; we define this for
@ -239,11 +240,13 @@ DH *DH_get_1024_160(void);
 DH *DH_get_2048_224(void);
 DH *DH_get_2048_256(void);
 # ifndef OPENSSL_NO_CMS
 /* RFC2631 KDF */
 int DH_KDF_X9_42(unsigned char *out, size_t outlen,
                 const unsigned char *Z, size_t Zlen,
                 ASN1_OBJECT *key_oid,
                 const unsigned char *ukm, size_t ukmlen, const EVP_MD *md);
 # endif
 # define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
@ -336,7 +339,9 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
 /* KDF types */
 # define EVP_PKEY_DH_KDF_NONE                            1
 # ifndef OPENSSL_NO_CMS
 # define EVP_PKEY_DH_KDF_X9_42                           2
 # endif
 /* BEGIN ERROR CODES */
 /*
--- a/Cryptlib/Include/openssl/dso.h
+++ b/Cryptlib/Include/openssl/dso.h
@ -1,4 +1,4 @@
-/* dso.h -*- mode:C; c-file-style: "eay" -*- */
+/* dso.h */
 /*
 * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
 * 2000.
--- a/Cryptlib/Include/openssl/err.h
+++ b/Cryptlib/Include/openssl/err.h
@ -200,39 +200,39 @@ typedef struct err_state_st {
 # define ERR_LIB_USER            128
-# define SYSerr(f,r)  ERR_PUT_error(ERR_LIB_SYS,(f),(r),__FILE__,__LINE__)
+# define SYSerr(f,r)  ERR_PUT_error(ERR_LIB_SYS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define BNerr(f,r)   ERR_PUT_error(ERR_LIB_BN,(f),(r),__FILE__,__LINE__)
+# define BNerr(f,r)   ERR_PUT_error(ERR_LIB_BN,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define RSAerr(f,r)  ERR_PUT_error(ERR_LIB_RSA,(f),(r),__FILE__,__LINE__)
+# define RSAerr(f,r)  ERR_PUT_error(ERR_LIB_RSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define DHerr(f,r)   ERR_PUT_error(ERR_LIB_DH,(f),(r),__FILE__,__LINE__)
+# define DHerr(f,r)   ERR_PUT_error(ERR_LIB_DH,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define EVPerr(f,r)  ERR_PUT_error(ERR_LIB_EVP,(f),(r),__FILE__,__LINE__)
+# define EVPerr(f,r)  ERR_PUT_error(ERR_LIB_EVP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define BUFerr(f,r)  ERR_PUT_error(ERR_LIB_BUF,(f),(r),__FILE__,__LINE__)
+# define BUFerr(f,r)  ERR_PUT_error(ERR_LIB_BUF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define OBJerr(f,r)  ERR_PUT_error(ERR_LIB_OBJ,(f),(r),__FILE__,__LINE__)
+# define OBJerr(f,r)  ERR_PUT_error(ERR_LIB_OBJ,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define PEMerr(f,r)  ERR_PUT_error(ERR_LIB_PEM,(f),(r),__FILE__,__LINE__)
+# define PEMerr(f,r)  ERR_PUT_error(ERR_LIB_PEM,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define DSAerr(f,r)  ERR_PUT_error(ERR_LIB_DSA,(f),(r),__FILE__,__LINE__)
+# define DSAerr(f,r)  ERR_PUT_error(ERR_LIB_DSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),__FILE__,__LINE__)
+# define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),__FILE__,__LINE__)
+# define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),__FILE__,__LINE__)
+# define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),__FILE__,__LINE__)
+# define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define ECerr(f,r)   ERR_PUT_error(ERR_LIB_EC,(f),(r),__FILE__,__LINE__)
+# define ECerr(f,r)   ERR_PUT_error(ERR_LIB_EC,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define SSLerr(f,r)  ERR_PUT_error(ERR_LIB_SSL,(f),(r),__FILE__,__LINE__)
+# define SSLerr(f,r)  ERR_PUT_error(ERR_LIB_SSL,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define BIOerr(f,r)  ERR_PUT_error(ERR_LIB_BIO,(f),(r),__FILE__,__LINE__)
+# define BIOerr(f,r)  ERR_PUT_error(ERR_LIB_BIO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),__FILE__,__LINE__)
+# define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),__FILE__,__LINE__)
+# define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),__FILE__,__LINE__)
+# define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),__FILE__,__LINE__)
+# define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),__FILE__,__LINE__)
+# define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),__FILE__,__LINE__)
+# define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),__FILE__,__LINE__)
+# define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__)
+# define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__)
+# define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define ECDSAerr(f,r)  ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__)
+# define ECDSAerr(f,r)  ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define ECDHerr(f,r)  ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__)
+# define ECDHerr(f,r)  ERR_PUT_error(ERR_LIB_ECDH,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__)
+# define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__)
+# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__)
+# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),__FILE__,__LINE__)
+# define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),__FILE__,__LINE__)
+# define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
-# define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__)
+# define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
 /*
 * Borland C seems too stupid to be able to shift and do longs in the
--- a/Cryptlib/Include/openssl/evp.h
+++ b/Cryptlib/Include/openssl/evp.h
@ -602,11 +602,13 @@ int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in);
 int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
 int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s);
 #ifndef OPENSSL_NO_UI
 int EVP_read_pw_string(char *buf, int length, const char *prompt, int verify);
 int EVP_read_pw_string_min(char *buf, int minlen, int maxlen,
                           const char *prompt, int verify);
 void EVP_set_pw_prompt(const char *prompt);
 char *EVP_get_pw_prompt(void);
 #endif
 int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
                   const unsigned char *salt, const unsigned char *data,
--- a/Cryptlib/Include/openssl/kssl.h
+++ b/Cryptlib/Include/openssl/kssl.h
@ -1,4 +1,4 @@
-/* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */
+/* ssl/kssl.h */
 /*
 * Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project
 * 2000. project 2000.
--- a/Cryptlib/Include/openssl/opensslconf.h
+++ b/Cryptlib/Include/openssl/opensslconf.h
@ -1,475 +1,503 @@
-/* opensslconf.h */
+/* opensslconf.h */
-/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
+/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
-
+
-#ifdef  __cplusplus
+#ifdef  __cplusplus
-extern "C" {
+extern "C" {
-#endif
+#endif
-/* OpenSSL was configured with the following options: */
+/* OpenSSL was configured with the following options: */
-#ifndef OPENSSL_SYSNAME_UEFI
+#ifndef OPENSSL_SYSNAME_UEFI
-# define OPENSSL_SYSNAME_UEFI
+# define OPENSSL_SYSNAME_UEFI
-#endif
+#endif
-#ifndef OPENSSL_DOING_MAKEDEPEND
+#ifndef OPENSSL_DOING_MAKEDEPEND
-
+
-
+
-#ifndef OPENSSL_NO_BF
+#ifndef OPENSSL_NO_BF
-# define OPENSSL_NO_BF
+# define OPENSSL_NO_BF
-#endif
+#endif
-#ifndef OPENSSL_NO_CAMELLIA
+#ifndef OPENSSL_NO_CAMELLIA
-# define OPENSSL_NO_CAMELLIA
+# define OPENSSL_NO_CAMELLIA
-#endif
+#endif
-#ifndef OPENSSL_NO_CAPIENG
+#ifndef OPENSSL_NO_CAPIENG
-# define OPENSSL_NO_CAPIENG
+# define OPENSSL_NO_CAPIENG
-#endif
+#endif
-#ifndef OPENSSL_NO_CAST
+#ifndef OPENSSL_NO_CAST
-# define OPENSSL_NO_CAST
+# define OPENSSL_NO_CAST
-#endif
+#endif
-#ifndef OPENSSL_NO_CMS
+#ifndef OPENSSL_NO_CMS
-# define OPENSSL_NO_CMS
+# define OPENSSL_NO_CMS
-#endif
+#endif
-#ifndef OPENSSL_NO_DEPRECATED
+#ifndef OPENSSL_NO_DEPRECATED
-# define OPENSSL_NO_DEPRECATED
+# define OPENSSL_NO_DEPRECATED
-#endif
+#endif
-#ifndef OPENSSL_NO_DGRAM
+#ifndef OPENSSL_NO_DGRAM
-# define OPENSSL_NO_DGRAM
+# define OPENSSL_NO_DGRAM
-#endif
+#endif
-#ifndef OPENSSL_NO_DSA
+#ifndef OPENSSL_NO_DSA
-# define OPENSSL_NO_DSA
+# define OPENSSL_NO_DSA
-#endif
+#endif
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-# define OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
-#endif
+#endif
-#ifndef OPENSSL_NO_EC
+#ifndef OPENSSL_NO_EC
-# define OPENSSL_NO_EC
+# define OPENSSL_NO_EC
-#endif
+#endif
-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
-# define OPENSSL_NO_EC_NISTP_64_GCC_128
+# define OPENSSL_NO_EC_NISTP_64_GCC_128
-#endif
+#endif
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_ECDH
-# define OPENSSL_NO_ECDH
+# define OPENSSL_NO_ECDH
-#endif
+#endif
-#ifndef OPENSSL_NO_ECDSA
+#ifndef OPENSSL_NO_ECDSA
-# define OPENSSL_NO_ECDSA
+# define OPENSSL_NO_ECDSA
-#endif
+#endif
-#ifndef OPENSSL_NO_ENGINE
+#ifndef OPENSSL_NO_ENGINE
-# define OPENSSL_NO_ENGINE
+# define OPENSSL_NO_ENGINE
-#endif
+#endif
-#ifndef OPENSSL_NO_ENGINES
+#ifndef OPENSSL_NO_ENGINES
-# define OPENSSL_NO_ENGINES
+# define OPENSSL_NO_ENGINES
-#endif
+#endif
-#ifndef OPENSSL_NO_FILENAMES
+#ifndef OPENSSL_NO_FILENAMES
-# define OPENSSL_NO_FILENAMES
+# define OPENSSL_NO_FILENAMES
-#endif
+#endif
-#ifndef OPENSSL_NO_FP_API
+#ifndef OPENSSL_NO_FP_API
-# define OPENSSL_NO_FP_API
+# define OPENSSL_NO_FP_API
-#endif
+#endif
-#ifndef OPENSSL_NO_GMP
+#ifndef OPENSSL_NO_GMP
-# define OPENSSL_NO_GMP
+# define OPENSSL_NO_GMP
-#endif
+#endif
-#ifndef OPENSSL_NO_GOST
+#ifndef OPENSSL_NO_GOST
-# define OPENSSL_NO_GOST
+# define OPENSSL_NO_GOST
-#endif
+#endif
-#ifndef OPENSSL_NO_IDEA
+#ifndef OPENSSL_NO_IDEA
-# define OPENSSL_NO_IDEA
+# define OPENSSL_NO_IDEA
-#endif
+#endif
-#ifndef OPENSSL_NO_JPAKE
+#ifndef OPENSSL_NO_JPAKE
-# define OPENSSL_NO_JPAKE
+# define OPENSSL_NO_JPAKE
-#endif
+#endif
-#ifndef OPENSSL_NO_KRB5
+#ifndef OPENSSL_NO_KRB5
-# define OPENSSL_NO_KRB5
+# define OPENSSL_NO_KRB5
-#endif
+#endif
-#ifndef OPENSSL_NO_LIBUNBOUND
+#ifndef OPENSSL_NO_LIBUNBOUND
-# define OPENSSL_NO_LIBUNBOUND
+# define OPENSSL_NO_LIBUNBOUND
-#endif
+#endif
-#ifndef OPENSSL_NO_LOCKING
+#ifndef OPENSSL_NO_LOCKING
-# define OPENSSL_NO_LOCKING
+# define OPENSSL_NO_LOCKING
-#endif
+#endif
-#ifndef OPENSSL_NO_MD2
+#ifndef OPENSSL_NO_MD2
-# define OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
-#endif
+#endif
-#ifndef OPENSSL_NO_MDC2
+#ifndef OPENSSL_NO_MDC2
-# define OPENSSL_NO_MDC2
+# define OPENSSL_NO_MDC2
-#endif
+#endif
-#ifndef OPENSSL_NO_POSIX_IO
+#ifndef OPENSSL_NO_POSIX_IO
-# define OPENSSL_NO_POSIX_IO
+# define OPENSSL_NO_POSIX_IO
-#endif
+#endif
-#ifndef OPENSSL_NO_RC2
+#ifndef OPENSSL_NO_PQUEUE
-# define OPENSSL_NO_RC2
+# define OPENSSL_NO_PQUEUE
-#endif
+#endif
-#ifndef OPENSSL_NO_RC5
+#ifndef OPENSSL_NO_RC2
-# define OPENSSL_NO_RC5
+# define OPENSSL_NO_RC2
-#endif
+#endif
-#ifndef OPENSSL_NO_RCS
+#ifndef OPENSSL_NO_RC5
-# define OPENSSL_NO_RCS
+# define OPENSSL_NO_RC5
-#endif
+#endif
-#ifndef OPENSSL_NO_RFC3779
+#ifndef OPENSSL_NO_RCS
-# define OPENSSL_NO_RFC3779
+# define OPENSSL_NO_RCS
-#endif
+#endif
-#ifndef OPENSSL_NO_RIPEMD
+#ifndef OPENSSL_NO_RFC3779
-# define OPENSSL_NO_RIPEMD
+# define OPENSSL_NO_RFC3779
-#endif
+#endif
-#ifndef OPENSSL_NO_SCRYPT
+#ifndef OPENSSL_NO_RIPEMD
-# define OPENSSL_NO_SCRYPT
+# define OPENSSL_NO_RIPEMD
-#endif
+#endif
-#ifndef OPENSSL_NO_SCT
+#ifndef OPENSSL_NO_SCRYPT
-# define OPENSSL_NO_SCT
+# define OPENSSL_NO_SCRYPT
-#endif
+#endif
-#ifndef OPENSSL_NO_SCTP
+#ifndef OPENSSL_NO_SCT
-# define OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCT
-#endif
+#endif
-#ifndef OPENSSL_NO_SEED
+#ifndef OPENSSL_NO_SCTP
-# define OPENSSL_NO_SEED
+# define OPENSSL_NO_SCTP
-#endif
+#endif
-#ifndef OPENSSL_NO_SHA0
+#ifndef OPENSSL_NO_SEED
-# define OPENSSL_NO_SHA0
+# define OPENSSL_NO_SEED
-#endif
+#endif
-#ifndef OPENSSL_NO_SOCK
+#ifndef OPENSSL_NO_SHA0
-# define OPENSSL_NO_SOCK
+# define OPENSSL_NO_SHA0
-#endif
+#endif
-#ifndef OPENSSL_NO_SRP
+#ifndef OPENSSL_NO_SOCK
-# define OPENSSL_NO_SRP
+# define OPENSSL_NO_SOCK
-#endif
+#endif
-#ifndef OPENSSL_NO_SSL_TRACE
+#ifndef OPENSSL_NO_SRP
-# define OPENSSL_NO_SSL_TRACE
+# define OPENSSL_NO_SRP
-#endif
+#endif
-#ifndef OPENSSL_NO_SSL2
+#ifndef OPENSSL_NO_SSL_TRACE
-# define OPENSSL_NO_SSL2
+# define OPENSSL_NO_SSL_TRACE
-#endif
+#endif
-#ifndef OPENSSL_NO_SSL3
+#ifndef OPENSSL_NO_SSL2
-# define OPENSSL_NO_SSL3
+# define OPENSSL_NO_SSL2
-#endif
+#endif
-#ifndef OPENSSL_NO_STDIO
+#ifndef OPENSSL_NO_SSL3
-# define OPENSSL_NO_STDIO
+# define OPENSSL_NO_SSL3
-#endif
+#endif
-#ifndef OPENSSL_NO_STORE
+#ifndef OPENSSL_NO_STDIO
-# define OPENSSL_NO_STORE
+# define OPENSSL_NO_STDIO
-#endif
+#endif
-#ifndef OPENSSL_NO_UI
+#ifndef OPENSSL_NO_STORE
-# define OPENSSL_NO_UI
+# define OPENSSL_NO_STORE
-#endif
+#endif
-#ifndef OPENSSL_NO_UNIT_TEST
+#ifndef OPENSSL_NO_TS
-# define OPENSSL_NO_UNIT_TEST
+# define OPENSSL_NO_TS
-#endif
+#endif
-#ifndef OPENSSL_NO_WHIRLPOOL
+#ifndef OPENSSL_NO_UI
-# define OPENSSL_NO_WHIRLPOOL
+# define OPENSSL_NO_UI
-#endif
+#endif
-
+#ifndef OPENSSL_NO_UNIT_TEST
-#endif /* OPENSSL_DOING_MAKEDEPEND */
+# define OPENSSL_NO_UNIT_TEST
-
+#endif
-#ifndef OPENSSL_NO_ASM
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
-# define OPENSSL_NO_ASM
+# define OPENSSL_NO_WEAK_SSL_CIPHERS
-#endif
+#endif
-#ifndef OPENSSL_NO_ERR
+#ifndef OPENSSL_NO_WHIRLPOOL
-# define OPENSSL_NO_ERR
+# define OPENSSL_NO_WHIRLPOOL
-#endif
+#endif
-#ifndef OPENSSL_NO_HW
+
-# define OPENSSL_NO_HW
+#endif /* OPENSSL_DOING_MAKEDEPEND */
-#endif
+
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+#ifndef OPENSSL_NO_ASM
-# define OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_ASM
-#endif
+#endif
-
+#ifndef OPENSSL_NO_ERR
-/* The OPENSSL_NO_* macros are also defined as NO_* if the application
+# define OPENSSL_NO_ERR
-   asks for it.  This is a transient feature that is provided for those
+#endif
-   who haven't had the time to do the appropriate changes in their
+#ifndef OPENSSL_NO_HW
-   applications.  */
+# define OPENSSL_NO_HW
-#ifdef OPENSSL_ALGORITHM_DEFINES
+#endif
-# if defined(OPENSSL_NO_BF) && !defined(NO_BF)
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-#  define NO_BF
+# define OPENSSL_NO_DYNAMIC_ENGINE
-# endif
+#endif
-# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
+
-#  define NO_CAMELLIA
+/* The OPENSSL_NO_* macros are also defined as NO_* if the application
-# endif
+   asks for it.  This is a transient feature that is provided for those
-# if defined(OPENSSL_NO_CAPIENG) && !defined(NO_CAPIENG)
+   who haven't had the time to do the appropriate changes in their
-#  define NO_CAPIENG
+   applications.  */
-# endif
+#ifdef OPENSSL_ALGORITHM_DEFINES
-# if defined(OPENSSL_NO_CAST) && !defined(NO_CAST)
+# if defined(OPENSSL_NO_BF) && !defined(NO_BF)
-#  define NO_CAST
+#  define NO_BF
-# endif
+# endif
-# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)
+# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
-#  define NO_CMS
+#  define NO_CAMELLIA
-# endif
+# endif
-# if defined(OPENSSL_NO_DEPRECATED) && !defined(NO_DEPRECATED)
+# if defined(OPENSSL_NO_CAPIENG) && !defined(NO_CAPIENG)
-#  define NO_DEPRECATED
+#  define NO_CAPIENG
-# endif
+# endif
-# if defined(OPENSSL_NO_DGRAM) && !defined(NO_DGRAM)
+# if defined(OPENSSL_NO_CAST) && !defined(NO_CAST)
-#  define NO_DGRAM
+#  define NO_CAST
-# endif
+# endif
-# if defined(OPENSSL_NO_DSA) && !defined(NO_DSA)
+# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)
-#  define NO_DSA
+#  define NO_CMS
-# endif
+# endif
-# if defined(OPENSSL_NO_DYNAMIC_ENGINE) && !defined(NO_DYNAMIC_ENGINE)
+# if defined(OPENSSL_NO_DEPRECATED) && !defined(NO_DEPRECATED)
-#  define NO_DYNAMIC_ENGINE
+#  define NO_DEPRECATED
-# endif
+# endif
-# if defined(OPENSSL_NO_EC) && !defined(NO_EC)
+# if defined(OPENSSL_NO_DGRAM) && !defined(NO_DGRAM)
-#  define NO_EC
+#  define NO_DGRAM
-# endif
+# endif
-# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
+# if defined(OPENSSL_NO_DSA) && !defined(NO_DSA)
-#  define NO_EC_NISTP_64_GCC_128
+#  define NO_DSA
-# endif
+# endif
-# if defined(OPENSSL_NO_ECDH) && !defined(NO_ECDH)
+# if defined(OPENSSL_NO_DYNAMIC_ENGINE) && !defined(NO_DYNAMIC_ENGINE)
-#  define NO_ECDH
+#  define NO_DYNAMIC_ENGINE
-# endif
+# endif
-# if defined(OPENSSL_NO_ECDSA) && !defined(NO_ECDSA)
+# if defined(OPENSSL_NO_EC) && !defined(NO_EC)
-#  define NO_ECDSA
+#  define NO_EC
-# endif
+# endif
-# if defined(OPENSSL_NO_ENGINE) && !defined(NO_ENGINE)
+# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128)
-#  define NO_ENGINE
+#  define NO_EC_NISTP_64_GCC_128
-# endif
+# endif
-# if defined(OPENSSL_NO_ENGINES) && !defined(NO_ENGINES)
+# if defined(OPENSSL_NO_ECDH) && !defined(NO_ECDH)
-#  define NO_ENGINES
+#  define NO_ECDH
-# endif
+# endif
-# if defined(OPENSSL_NO_FILENAMES) && !defined(NO_FILENAMES)
+# if defined(OPENSSL_NO_ECDSA) && !defined(NO_ECDSA)
-#  define NO_FILENAMES
+#  define NO_ECDSA
-# endif
+# endif
-# if defined(OPENSSL_NO_FP_API) && !defined(NO_FP_API)
+# if defined(OPENSSL_NO_ENGINE) && !defined(NO_ENGINE)
-#  define NO_FP_API
+#  define NO_ENGINE
-# endif
+# endif
-# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
+# if defined(OPENSSL_NO_ENGINES) && !defined(NO_ENGINES)
-#  define NO_GMP
+#  define NO_ENGINES
-# endif
+# endif
-# if defined(OPENSSL_NO_GOST) && !defined(NO_GOST)
+# if defined(OPENSSL_NO_FILENAMES) && !defined(NO_FILENAMES)
-#  define NO_GOST
+#  define NO_FILENAMES
-# endif
+# endif
-# if defined(OPENSSL_NO_IDEA) && !defined(NO_IDEA)
+# if defined(OPENSSL_NO_FP_API) && !defined(NO_FP_API)
-#  define NO_IDEA
+#  define NO_FP_API
-# endif
+# endif
-# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
+# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
-#  define NO_JPAKE
+#  define NO_GMP
-# endif
+# endif
-# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
+# if defined(OPENSSL_NO_GOST) && !defined(NO_GOST)
-#  define NO_KRB5
+#  define NO_GOST
-# endif
+# endif
-# if defined(OPENSSL_NO_LIBUNBOUND) && !defined(NO_LIBUNBOUND)
+# if defined(OPENSSL_NO_IDEA) && !defined(NO_IDEA)
-#  define NO_LIBUNBOUND
+#  define NO_IDEA
-# endif
+# endif
-# if defined(OPENSSL_NO_LOCKING) && !defined(NO_LOCKING)
+# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
-#  define NO_LOCKING
+#  define NO_JPAKE
-# endif
+# endif
-# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
+# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
-#  define NO_MD2
+#  define NO_KRB5
-# endif
+# endif
-# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2)
+# if defined(OPENSSL_NO_LIBUNBOUND) && !defined(NO_LIBUNBOUND)
-#  define NO_MDC2
+#  define NO_LIBUNBOUND
-# endif
+# endif
-# if defined(OPENSSL_NO_POSIX_IO) && !defined(NO_POSIX_IO)
+# if defined(OPENSSL_NO_LOCKING) && !defined(NO_LOCKING)
-#  define NO_POSIX_IO
+#  define NO_LOCKING
-# endif
+# endif
-# if defined(OPENSSL_NO_RC2) && !defined(NO_RC2)
+# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
-#  define NO_RC2
+#  define NO_MD2
-# endif
+# endif
-# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
+# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2)
-#  define NO_RC5
+#  define NO_MDC2
-# endif
+# endif
-# if defined(OPENSSL_NO_RCS) && !defined(NO_RCS)
+# if defined(OPENSSL_NO_POSIX_IO) && !defined(NO_POSIX_IO)
-#  define NO_RCS
+#  define NO_POSIX_IO
-# endif
+# endif
-# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
+# if defined(OPENSSL_NO_PQUEUE) && !defined(NO_PQUEUE)
-#  define NO_RFC3779
+#  define NO_PQUEUE
-# endif
+# endif
-# if defined(OPENSSL_NO_RIPEMD) && !defined(NO_RIPEMD)
+# if defined(OPENSSL_NO_RC2) && !defined(NO_RC2)
-#  define NO_RIPEMD
+#  define NO_RC2
-# endif
+# endif
-# if defined(OPENSSL_NO_SCRYPT) && !defined(NO_SCRYPT)
+# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
-#  define NO_SCRYPT
+#  define NO_RC5
-# endif
+# endif
-# if defined(OPENSSL_NO_SCT) && !defined(NO_SCT)
+# if defined(OPENSSL_NO_RCS) && !defined(NO_RCS)
-#  define NO_SCT
+#  define NO_RCS
-# endif
+# endif
-# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
+# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
-#  define NO_SCTP
+#  define NO_RFC3779
-# endif
+# endif
-# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
+# if defined(OPENSSL_NO_RIPEMD) && !defined(NO_RIPEMD)
-#  define NO_SEED
+#  define NO_RIPEMD
-# endif
+# endif
-# if defined(OPENSSL_NO_SHA0) && !defined(NO_SHA0)
+# if defined(OPENSSL_NO_SCRYPT) && !defined(NO_SCRYPT)
-#  define NO_SHA0
+#  define NO_SCRYPT
-# endif
+# endif
-# if defined(OPENSSL_NO_SOCK) && !defined(NO_SOCK)
+# if defined(OPENSSL_NO_SCT) && !defined(NO_SCT)
-#  define NO_SOCK
+#  define NO_SCT
-# endif
+# endif
-# if defined(OPENSSL_NO_SRP) && !defined(NO_SRP)
+# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP)
-#  define NO_SRP
+#  define NO_SCTP
-# endif
+# endif
-# if defined(OPENSSL_NO_SSL_TRACE) && !defined(NO_SSL_TRACE)
+# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
-#  define NO_SSL_TRACE
+#  define NO_SEED
-# endif
+# endif
-# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
+# if defined(OPENSSL_NO_SHA0) && !defined(NO_SHA0)
-#  define NO_SSL2
+#  define NO_SHA0
-# endif
+# endif
-# if defined(OPENSSL_NO_SSL3) && !defined(NO_SSL3)
+# if defined(OPENSSL_NO_SOCK) && !defined(NO_SOCK)
-#  define NO_SSL3
+#  define NO_SOCK
-# endif
+# endif
-# if defined(OPENSSL_NO_STDIO) && !defined(NO_STDIO)
+# if defined(OPENSSL_NO_SRP) && !defined(NO_SRP)
-#  define NO_STDIO
+#  define NO_SRP
-# endif
+# endif
-# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
+# if defined(OPENSSL_NO_SSL_TRACE) && !defined(NO_SSL_TRACE)
-#  define NO_STORE
+#  define NO_SSL_TRACE
-# endif
+# endif
-# if defined(OPENSSL_NO_UI) && !defined(NO_UI)
+# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
-#  define NO_UI
+#  define NO_SSL2
-# endif
+# endif
-# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
+# if defined(OPENSSL_NO_SSL3) && !defined(NO_SSL3)
-#  define NO_UNIT_TEST
+#  define NO_SSL3
-# endif
+# endif
-# if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL)
+# if defined(OPENSSL_NO_STDIO) && !defined(NO_STDIO)
-#  define NO_WHIRLPOOL
+#  define NO_STDIO
-# endif
+# endif
-#endif
+# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
-
+#  define NO_STORE
-/* crypto/opensslconf.h.in */
+# endif
-
+# if defined(OPENSSL_NO_TS) && !defined(NO_TS)
-/* Generate 80386 code? */
+#  define NO_TS
-#undef I386_ONLY
+# endif
-
+# if defined(OPENSSL_NO_UI) && !defined(NO_UI)
-#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#  define NO_UI
-#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+# endif
-#define ENGINESDIR "/usr/local/ssl/lib/engines"
+# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST)
-#define OPENSSLDIR "/usr/local/ssl"
+#  define NO_UNIT_TEST
-#endif
+# endif
-#endif
+# if defined(OPENSSL_NO_WEAK_SSL_CIPHERS) && !defined(NO_WEAK_SSL_CIPHERS)
-
+#  define NO_WEAK_SSL_CIPHERS
-#undef OPENSSL_UNISTD
+# endif
-#define OPENSSL_UNISTD <unistd.h>
+# if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL)
-
+#  define NO_WHIRLPOOL
-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+# endif
-
+#endif
-#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+
-#define IDEA_INT unsigned int
+/* crypto/opensslconf.h.in */
-#endif
+
-
+#ifndef OPENSSL_FILE
-#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#ifdef OPENSSL_NO_FILENAMES
-#define MD2_INT unsigned int
+#define OPENSSL_FILE ""
-#endif
+#define OPENSSL_LINE 0
-
+#else
-#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+#define OPENSSL_FILE __FILE__
-/* I need to put in a mod for the alpha - eay */
+#define OPENSSL_LINE __LINE__
-#define RC2_INT unsigned int
+#endif
-#endif
+#endif
-
+
-#if defined(HEADER_RC4_H)
+/* Generate 80386 code? */
-#if !defined(RC4_INT)
+#undef I386_ONLY
-/* using int types make the structure larger but make the code faster
+
- * on most boxes I have tested - up to %20 faster. */
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
-/*
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
- * I don't know what does "most" mean, but declaring "int" is a must on:
+#define ENGINESDIR "/usr/local/ssl/lib/engines"
- * - Intel P6 because partial register stalls are very expensive;
+#define OPENSSLDIR "/usr/local/ssl"
- * - elder Alpha because it lacks byte load/store instructions;
+#endif
- */
+#endif
-#define RC4_INT unsigned int
+
-#endif
+#undef OPENSSL_UNISTD
-#if !defined(RC4_CHUNK)
+#define OPENSSL_UNISTD <unistd.h>
-/*
+
- * This enables code handling data aligned at natural CPU word
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
- * boundary. See crypto/rc4/rc4_enc.c for further details.
+
- */
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
-#undef RC4_CHUNK
+#define IDEA_INT unsigned int
-#endif
+#endif
-#endif
+
-
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
-#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
+#define MD2_INT unsigned int
-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+#endif
- * %20 speed up (longs are 8 bytes, int's are 4). */
+
-#ifndef DES_LONG
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
-#define DES_LONG unsigned long
+/* I need to put in a mod for the alpha - eay */
-#endif
+#define RC2_INT unsigned int
-#endif
+#endif
-
+
-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) && !defined(OPENSSL_SYSNAME_UEFI)
+#if defined(HEADER_RC4_H)
-#define CONFIG_HEADER_BN_H
+#if !defined(RC4_INT)
-#undef BN_LLONG
+/* using int types make the structure larger but make the code faster
-
+ * on most boxes I have tested - up to %20 faster. */
-/* Should we define BN_DIV2W here? */
+/*
-
+ * I don't know what does "most" mean, but declaring "int" is a must on:
-/* Only one for the following should be defined */
+ * - Intel P6 because partial register stalls are very expensive;
-#undef SIXTY_FOUR_BIT_LONG
+ * - elder Alpha because it lacks byte load/store instructions;
-#undef SIXTY_FOUR_BIT
+ */
-#define THIRTY_TWO_BIT
+#define RC4_INT unsigned int
-#endif
+#endif
-
+#if !defined(RC4_CHUNK)
-#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+/*
-#define CONFIG_HEADER_RC4_LOCL_H
+ * This enables code handling data aligned at natural CPU word
-/* if this is defined data[i] is used instead of *data, this is a %20
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
- * speedup on x86 */
+ */
-#undef RC4_INDEX
+#undef RC4_CHUNK
-#endif
+#endif
-
+#endif
-#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+
-#define CONFIG_HEADER_BF_LOCL_H
+#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
-#undef BF_PTR
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
-#endif /* HEADER_BF_LOCL_H */
+ * %20 speed up (longs are 8 bytes, int's are 4). */
-
+#ifndef DES_LONG
-#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define DES_LONG unsigned long
-#define CONFIG_HEADER_DES_LOCL_H
+#endif
-#ifndef DES_DEFAULT_OPTIONS
+#endif
-/* the following is tweaked from a config script, that is why it is a
+
- * protected undef/define */
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) && !defined(OPENSSL_SYSNAME_UEFI)
-#ifndef DES_PTR
+#define CONFIG_HEADER_BN_H
-#undef DES_PTR
+#undef BN_LLONG
-#endif
+
-
+/* Should we define BN_DIV2W here? */
-/* This helps C compiler generate the correct code for multiple functional
+
- * units.  It reduces register dependancies at the expense of 2 more
+/* Only one for the following should be defined */
- * registers */
+#undef SIXTY_FOUR_BIT_LONG
-#ifndef DES_RISC1
+#undef SIXTY_FOUR_BIT
-#undef DES_RISC1
+#define THIRTY_TWO_BIT
-#endif
+#endif
-
+
-#ifndef DES_RISC2
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
-#undef DES_RISC2
+#define CONFIG_HEADER_RC4_LOCL_H
-#endif
+/* if this is defined data[i] is used instead of *data, this is a %20
-
+ * speedup on x86 */
-#if defined(DES_RISC1) && defined(DES_RISC2)
+#undef RC4_INDEX
-#error YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
-#endif
+
-
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
-/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+#define CONFIG_HEADER_BF_LOCL_H
- * Very mucy CPU dependant */
+#undef BF_PTR
-#ifndef DES_UNROLL
+#endif /* HEADER_BF_LOCL_H */
-#undef DES_UNROLL
+
-#endif
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
-
+#define CONFIG_HEADER_DES_LOCL_H
-/* These default values were supplied by
+#ifndef DES_DEFAULT_OPTIONS
- * Peter Gutman <pgut001@cs.auckland.ac.nz>
+/* the following is tweaked from a config script, that is why it is a
- * They are only used if nothing else has been defined */
+ * protected undef/define */
-#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+#ifndef DES_PTR
-/* Special defines which change the way the code is built depending on the
+#undef DES_PTR
-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+#endif
-   even newer MIPS CPU's, but at the moment one size fits all for
+
-   optimization options.  Older Sparc's work better with only UNROLL, but
+/* This helps C compiler generate the correct code for multiple functional
-   there's no way to tell at compile time what it is you're running on */
+ * units.  It reduces register dependancies at the expense of 2 more
- 
+ * registers */
-#if defined( __sun ) || defined ( sun )		/* Newer Sparc's */
+#ifndef DES_RISC1
-#  define DES_PTR
+#undef DES_RISC1
-#  define DES_RISC1
+#endif
-#  define DES_UNROLL
+
-#elif defined( __ultrix )	/* Older MIPS */
+#ifndef DES_RISC2
-#  define DES_PTR
+#undef DES_RISC2
-#  define DES_RISC2
+#endif
-#  define DES_UNROLL
+
-#elif defined( __osf1__ )	/* Alpha */
+#if defined(DES_RISC1) && defined(DES_RISC2)
-#  define DES_PTR
+#error YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
-#  define DES_RISC2
+#endif
-#elif defined ( _AIX )		/* RS6000 */
+
-  /* Unknown */
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
-#elif defined( __hpux )		/* HP-PA */
+ * Very mucy CPU dependant */
-  /* Unknown */
+#ifndef DES_UNROLL
-#elif defined( __aux )		/* 68K */
+#undef DES_UNROLL
-  /* Unknown */
+#endif
-#elif defined( __dgux )		/* 88K (but P6 in latest boxes) */
+
-#  define DES_UNROLL
+/* These default values were supplied by
-#elif defined( __sgi )		/* Newer MIPS */
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
-#  define DES_PTR
+ * They are only used if nothing else has been defined */
-#  define DES_RISC2
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
-#  define DES_UNROLL
+/* Special defines which change the way the code is built depending on the
-#elif defined(i386) || defined(__i386__)	/* x86 boxes, should be gcc */
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
-#  define DES_PTR
+   even newer MIPS CPU's, but at the moment one size fits all for
-#  define DES_RISC1
+   optimization options.  Older Sparc's work better with only UNROLL, but
-#  define DES_UNROLL
+   there's no way to tell at compile time what it is you're running on */
-#endif /* Systems-specific speed defines */
+ 
-#endif
+#if defined( __sun ) || defined ( sun )		/* Newer Sparc's */
-
+#  define DES_PTR
-#endif /* DES_DEFAULT_OPTIONS */
+#  define DES_RISC1
-#endif /* HEADER_DES_LOCL_H */
+#  define DES_UNROLL
-#ifdef  __cplusplus
+#elif defined( __ultrix )	/* Older MIPS */
-}
+#  define DES_PTR
-#endif
+#  define DES_RISC2
 #  define DES_UNROLL
 #elif defined( __osf1__ )	/* Alpha */
 #  define DES_PTR
 #  define DES_RISC2
 #elif defined ( _AIX )		/* RS6000 */
  /* Unknown */
 #elif defined( __hpux )		/* HP-PA */
  /* Unknown */
 #elif defined( __aux )		/* 68K */
  /* Unknown */
 #elif defined( __dgux )		/* 88K (but P6 in latest boxes) */
 #  define DES_UNROLL
 #elif defined( __sgi )		/* Newer MIPS */
 #  define DES_PTR
 #  define DES_RISC2
 #  define DES_UNROLL
 #elif defined(i386) || defined(__i386__)	/* x86 boxes, should be gcc */
 #  define DES_PTR
 #  define DES_RISC1
 #  define DES_UNROLL
 #endif /* Systems-specific speed defines */
 #endif
 #endif /* DES_DEFAULT_OPTIONS */
 #endif /* HEADER_DES_LOCL_H */
 #ifdef  __cplusplus
 }
 #endif
--- a/Cryptlib/Include/openssl/opensslv.h
+++ b/Cryptlib/Include/openssl/opensslv.h
@ -30,11 +30,11 @@ extern "C" {
 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
 *  major minor fix final patch/beta)
 */
-# define OPENSSL_VERSION_NUMBER  0x1000205fL
+# define OPENSSL_VERSION_NUMBER  0x1000207fL
 # ifdef OPENSSL_FIPS
-#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2e-fips 3 Dec 2015"
+#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2g-fips  1 Mar 2016"
 # else
-#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2e 3 Dec 2015"
+#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2g  1 Mar 2016"
 # endif
 # define OPENSSL_VERSION_PTEXT   " part of " OPENSSL_VERSION_TEXT
--- a/Cryptlib/Include/openssl/pem.h
+++ b/Cryptlib/Include/openssl/pem.h
@ -418,6 +418,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
                            pem_password_cb *cd, void *u);
 # endif
 #ifndef OPENSSL_NO_FP_API
 int PEM_read(FILE *fp, char **name, char **header,
             unsigned char **data, long *len);
 int PEM_write(FILE *fp, const char *name, const char *hdr,
@ -429,6 +430,7 @@ int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
                   int klen, pem_password_cb *callback, void *u);
 STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
                                        pem_password_cb *cb, void *u);
 #endif
 int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type,
                 EVP_MD *md_type, unsigned char **ek, int *ekl,
@ -495,6 +497,7 @@ int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
 EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
                                  void *u);
 #ifndef OPENSSL_NO_FP_API
 int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
                           char *kstr, int klen,
                           pem_password_cb *cb, void *u);
@ -511,7 +514,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
 int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
                              char *kstr, int klen, pem_password_cb *cd,
                              void *u);
-
+#endif
 EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);
 int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x);
--- a/Cryptlib/Include/openssl/srp.h
+++ b/Cryptlib/Include/openssl/srp.h
@ -82,16 +82,21 @@ typedef struct SRP_gN_cache_st {
 DECLARE_STACK_OF(SRP_gN_cache)
 typedef struct SRP_user_pwd_st {
    /* Owned by us. */
    char *id;
    BIGNUM *s;
    BIGNUM *v;
    /* Not owned by us. */
    const BIGNUM *g;
    const BIGNUM *N;
    /* Owned by us. */
    char *info;
 } SRP_user_pwd;
 DECLARE_STACK_OF(SRP_user_pwd)
 void SRP_user_pwd_free(SRP_user_pwd *user_pwd);
 typedef struct SRP_VBASE_st {
    STACK_OF(SRP_user_pwd) *users_pwd;
    STACK_OF(SRP_gN_cache) *gN_cache;
@ -114,8 +119,14 @@ DECLARE_STACK_OF(SRP_gN)
 SRP_VBASE *SRP_VBASE_new(char *seed_key);
 int SRP_VBASE_free(SRP_VBASE *vb);
 #ifndef OPENSSL_NO_STDIO
 int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file);
 #endif
 /* This method ignores the configured seed and fails for an unknown user. */
 SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username);
 /* NOTE: unlike in SRP_VBASE_get_by_user, caller owns the returned pointer.*/
 SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username);
 char *SRP_create_verifier(const char *user, const char *pass, char **salt,
                          char **verifier, const char *N, const char *g);
 int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
--- a/Cryptlib/Include/openssl/ssl.h
+++ b/Cryptlib/Include/openssl/ssl.h
@ -625,7 +625,7 @@ struct ssl_session_st {
 # define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION        0x00040000L
 /* If set, always create a new key when using tmp_ecdh parameters */
 # define SSL_OP_SINGLE_ECDH_USE                          0x00080000L
-/* If set, always create a new key when using tmp_dh parameters */
+/* Does nothing: retained for compatibility */
 # define SSL_OP_SINGLE_DH_USE                            0x00100000L
 /* Does nothing: retained for compatibiity */
 # define SSL_OP_EPHEMERAL_RSA                            0x0
@ -2092,7 +2092,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_CTX_set1_sigalgs_list(ctx, s) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s)
 # define SSL_set1_sigalgs(ctx, slist, slistlen) \
-        SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS,clistlen,(int *)slist)
+        SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)slist)
 # define SSL_set1_sigalgs_list(ctx, s) \
        SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s)
 # define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \
@ -3056,6 +3056,7 @@ void ERR_load_SSL_strings(void);
 # define SSL_R_SERVERHELLO_TLSEXT                         275
 # define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
 # define SSL_R_SHORT_READ                                 219
 # define SSL_R_SHUTDOWN_WHILE_IN_INIT                     407
 # define SSL_R_SIGNATURE_ALGORITHMS_ERROR                 360
 # define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE      220
 # define SSL_R_SRP_A_CALC                                 361
--- a/Cryptlib/Include/openssl/ts.h
+++ b/Cryptlib/Include/openssl/ts.h
@ -281,8 +281,10 @@ TS_REQ *d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length);
 TS_REQ *TS_REQ_dup(TS_REQ *a);
 #ifndef OPENSSL_NO_FP_API
 TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a);
 int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a);
 #endif
 TS_REQ *d2i_TS_REQ_bio(BIO *fp, TS_REQ **a);
 int i2d_TS_REQ_bio(BIO *fp, TS_REQ *a);
@ -294,10 +296,12 @@ TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT **a,
 TS_MSG_IMPRINT *TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT *a);
 #ifndef OPENSSL_NO_FP_API
 TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a);
 int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a);
-TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT **a);
+#endif
-int i2d_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT *a);
+TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT **a);
 int i2d_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT *a);
 TS_RESP *TS_RESP_new(void);
 void TS_RESP_free(TS_RESP *a);
@ -306,10 +310,12 @@ TS_RESP *d2i_TS_RESP(TS_RESP **a, const unsigned char **pp, long length);
 TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token);
 TS_RESP *TS_RESP_dup(TS_RESP *a);
 #ifndef OPENSSL_NO_FP_API
 TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a);
 int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a);
-TS_RESP *d2i_TS_RESP_bio(BIO *fp, TS_RESP **a);
+#endif
-int i2d_TS_RESP_bio(BIO *fp, TS_RESP *a);
+TS_RESP *d2i_TS_RESP_bio(BIO *bio, TS_RESP **a);
 int i2d_TS_RESP_bio(BIO *bio, TS_RESP *a);
 TS_STATUS_INFO *TS_STATUS_INFO_new(void);
 void TS_STATUS_INFO_free(TS_STATUS_INFO *a);
@ -325,10 +331,12 @@ TS_TST_INFO *d2i_TS_TST_INFO(TS_TST_INFO **a, const unsigned char **pp,
                             long length);
 TS_TST_INFO *TS_TST_INFO_dup(TS_TST_INFO *a);
 #ifndef OPENSSL_NO_FP_API
 TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a);
 int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a);
-TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO **a);
+#endif
-int i2d_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO *a);
+TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO **a);
 int i2d_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO *a);
 TS_ACCURACY *TS_ACCURACY_new(void);
 void TS_ACCURACY_free(TS_ACCURACY *a);
@ -728,15 +736,18 @@ int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg);
 * ts/ts_conf.c
 */
 #ifndef OPENSSL_NO_STDIO
 X509 *TS_CONF_load_cert(const char *file);
 STACK_OF(X509) *TS_CONF_load_certs(const char *file);
 EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass);
 #endif
 const char *TS_CONF_get_tsa_section(CONF *conf, const char *section);
 int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb,
                       TS_RESP_CTX *ctx);
 int TS_CONF_set_crypto_device(CONF *conf, const char *section,
                              const char *device);
 int TS_CONF_set_default_engine(const char *name);
 #ifndef OPENSSL_NO_STDIO
 int TS_CONF_set_signer_cert(CONF *conf, const char *section,
                            const char *cert, TS_RESP_CTX *ctx);
 int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,
@ -744,6 +755,7 @@ int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,
 int TS_CONF_set_signer_key(CONF *conf, const char *section,
                           const char *key, const char *pass,
                           TS_RESP_CTX *ctx);
 #endif
 int TS_CONF_set_def_policy(CONF *conf, const char *section,
                           const char *policy, TS_RESP_CTX *ctx);
 int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx);
@ -784,6 +796,11 @@ void ERR_load_TS_strings(void);
 # define TS_F_TS_CHECK_SIGNING_CERTS                      103
 # define TS_F_TS_CHECK_STATUS_INFO                        104
 # define TS_F_TS_COMPUTE_IMPRINT                          145
 # define TS_F_TS_CONF_INVALID                             151
 # define TS_F_TS_CONF_LOAD_CERT                           153
 # define TS_F_TS_CONF_LOAD_CERTS                          154
 # define TS_F_TS_CONF_LOAD_KEY                            155
 # define TS_F_TS_CONF_LOOKUP_FAIL                         152
 # define TS_F_TS_CONF_SET_DEFAULT_ENGINE                  146
 # define TS_F_TS_GET_STATUS_TEXT                          105
 # define TS_F_TS_MSG_IMPRINT_SET_ALGO                     118
@ -822,6 +839,8 @@ void ERR_load_TS_strings(void);
 /* Reason codes. */
 # define TS_R_BAD_PKCS7_TYPE                              132
 # define TS_R_BAD_TYPE                                    133
 # define TS_R_CANNOT_LOAD_CERT                            137
 # define TS_R_CANNOT_LOAD_KEY                             138
 # define TS_R_CERTIFICATE_VERIFY_ERROR                    100
 # define TS_R_COULD_NOT_SET_ENGINE                        127
 # define TS_R_COULD_NOT_SET_TIME                          115
@ -854,6 +873,8 @@ void ERR_load_TS_strings(void);
 # define TS_R_UNACCEPTABLE_POLICY                         125
 # define TS_R_UNSUPPORTED_MD_ALGORITHM                    126
 # define TS_R_UNSUPPORTED_VERSION                         113
 # define TS_R_VAR_BAD_VALUE                               135
 # define TS_R_VAR_LOOKUP_FAILURE                          136
 # define TS_R_WRONG_CONTENT_TYPE                          114
 #ifdef  __cplusplus
--- a/Cryptlib/Include/openssl/ui.h
+++ b/Cryptlib/Include/openssl/ui.h
@ -1,4 +1,4 @@
-/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/ui/ui.h */
 /*
 * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
 * 2001.
--- a/Cryptlib/Include/openssl/ui_compat.h
+++ b/Cryptlib/Include/openssl/ui_compat.h
@ -1,4 +1,4 @@
-/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/ui/ui.h */
 /*
 * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
 * 2001.
--- a/Cryptlib/Include/openssl/x509_vfy.h
+++ b/Cryptlib/Include/openssl/x509_vfy.h
@ -313,7 +313,7 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
                X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL)
 # define         X509_V_OK                                       0
-/* illegal error (for uninitialized values, to avoid X509_V_OK): 1 */
+# define         X509_V_ERR_UNSPECIFIED                          1
 # define         X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT            2
 # define         X509_V_ERR_UNABLE_TO_GET_CRL                    3
@ -492,9 +492,10 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
 X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx);
 X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
-
+#ifndef OPENSSL_NO_STDIO
 X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
 X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
 #endif
 int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
 int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
--- a/Cryptlib/Include/openssl/x509v3.h
+++ b/Cryptlib/Include/openssl/x509v3.h
@ -688,8 +688,9 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
                        int ml);
 int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag,
                     int indent);
 #ifndef OPENSSL_NO_FP_API
 int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
-
+#endif
 int X509V3_extensions_print(BIO *out, char *title,
                            STACK_OF(X509_EXTENSION) *exts,
                            unsigned long flag, int indent);
--- a/Cryptlib/OpenSSL/crypto/aes/aes_cbc.c
+++ b/Cryptlib/OpenSSL/crypto/aes/aes_cbc.c
@ -1,4 +1,4 @@
-/* crypto/aes/aes_cbc.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_cbc.c */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
--- a/Cryptlib/OpenSSL/crypto/aes/aes_cfb.c
+++ b/Cryptlib/OpenSSL/crypto/aes/aes_cfb.c
@ -1,4 +1,4 @@
-/* crypto/aes/aes_cfb.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_cfb.c */
 /* ====================================================================
 * Copyright (c) 2002-2006 The OpenSSL Project.  All rights reserved.
 *
--- a/Cryptlib/OpenSSL/crypto/aes/aes_core.c
+++ b/Cryptlib/OpenSSL/crypto/aes/aes_core.c
@ -1,4 +1,4 @@
-/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_core.c */
 /**
 * rijndael-alg-fst.c
 *
--- a/Cryptlib/OpenSSL/crypto/aes/aes_ctr.c
+++ b/Cryptlib/OpenSSL/crypto/aes/aes_ctr.c
@ -1,4 +1,4 @@
-/* crypto/aes/aes_ctr.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_ctr.c */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
--- a/Cryptlib/OpenSSL/crypto/aes/aes_ecb.c
+++ b/Cryptlib/OpenSSL/crypto/aes/aes_ecb.c
@ -1,4 +1,4 @@
-/* crypto/aes/aes_ecb.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_ecb.c */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
--- a/Cryptlib/OpenSSL/crypto/aes/aes_ige.c
+++ b/Cryptlib/OpenSSL/crypto/aes/aes_ige.c
@ -1,4 +1,4 @@
-/* crypto/aes/aes_ige.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_ige.c */
 /* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
--- a/Cryptlib/OpenSSL/crypto/aes/aes_locl.h
+++ b/Cryptlib/OpenSSL/crypto/aes/aes_locl.h
@ -1,4 +1,4 @@
-/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes.h */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
--- a/Cryptlib/OpenSSL/crypto/aes/aes_misc.c
+++ b/Cryptlib/OpenSSL/crypto/aes/aes_misc.c
@ -1,4 +1,4 @@
-/* crypto/aes/aes_misc.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_misc.c */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
--- a/Cryptlib/OpenSSL/crypto/aes/aes_ofb.c
+++ b/Cryptlib/OpenSSL/crypto/aes/aes_ofb.c
@ -1,4 +1,4 @@
-/* crypto/aes/aes_ofb.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/aes/aes_ofb.c */
 /* ====================================================================
 * Copyright (c) 2002-2006 The OpenSSL Project.  All rights reserved.
 *
--- a/Cryptlib/OpenSSL/crypto/asn1/a_strex.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/a_strex.c
@ -104,6 +104,7 @@ static int send_bio_chars(void *arg, const void *buf, int len)
    return 1;
 }
 #ifndef OPENSSL_NO_FP_API
 static int send_fp_chars(void *arg, const void *buf, int len)
 {
    if (!arg)
@ -112,6 +113,7 @@ static int send_fp_chars(void *arg, const void *buf, int len)
        return 0;
    return 1;
 }
 #endif
 typedef int char_io (void *arg, const void *buf, int len);
--- a/Cryptlib/OpenSSL/crypto/asn1/n_pkey.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/n_pkey.c
@ -193,7 +193,12 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp,
    OPENSSL_cleanse(pkey->private_key->data, rsalen);
    if (cb == NULL)
 #ifndef OPENSSL_NO_UI
        cb = EVP_read_pw_string;
 #else
        i = 1;
    else
 #endif
    i = cb((char *)buf, 256, "Enter Private Key password:", 1);
    if (i != 0) {
        ASN1err(ASN1_F_I2D_RSA_NET, ASN1_R_BAD_PASSWORD_READ);
@ -264,7 +269,11 @@ RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
        goto err;
    }
    if (cb == NULL)
 #ifndef OPENSSL_NO_UI
        cb = EVP_read_pw_string;
 #else
        goto err;
 #endif
    if ((ret = d2i_RSA_NET_2(a, enckey->enckey->digest, cb, sgckey)) == NULL)
        goto err;
--- a/Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c
@ -717,7 +717,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
    long plen;
    char cst, inf, free_cont = 0;
    const unsigned char *p;
-    BUF_MEM buf;
+    BUF_MEM buf = { 0, NULL, 0 };
    const unsigned char *cont = NULL;
    long len;
    if (!pval) {
@ -793,7 +793,6 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
        } else {
            len = p - cont + plen;
            p += plen;
            buf.data = NULL;
        }
    } else if (cst) {
        if (utype == V_ASN1_NULL || utype == V_ASN1_BOOLEAN
@ -802,9 +801,9 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
            ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_TYPE_NOT_PRIMITIVE);
            return 0;
        }
-        buf.length = 0;
+
-        buf.max = 0;
+        /* Free any returned 'buf' content */
-        buf.data = NULL;
+        free_cont = 1;
        /*
         * Should really check the internal tags are correct but some things
         * may get this wrong. The relevant specs say that constructed string
@ -812,18 +811,16 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
         * So instead just check for UNIVERSAL class and ignore the tag.
         */
        if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0)) {
            free_cont = 1;
            goto err;
        }
        len = buf.length;
        /* Append a final null to string */
        if (!BUF_MEM_grow_clean(&buf, len + 1)) {
            ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE);
-            return 0;
+            goto err;
        }
        buf.data[len] = 0;
        cont = (const unsigned char *)buf.data;
        free_cont = 1;
    } else {
        cont = p;
        len = plen;
@ -831,6 +828,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
    }
    /* We now have content length and type: translate into a structure */
    /* asn1_ex_c2i may reuse allocated buffer, and so sets free_cont to 0 */
    if (!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it))
        goto err;
--- a/Cryptlib/OpenSSL/crypto/bio/b_print.c
+++ b/Cryptlib/OpenSSL/crypto/bio/b_print.c
@ -125,18 +125,18 @@
 # define LLONG long
 #endif
-static void fmtstr(char **, char **, size_t *, size_t *,
+static int fmtstr(char **, char **, size_t *, size_t *,
-                   const char *, int, int, int);
+                  const char *, int, int, int);
-static void fmtint(char **, char **, size_t *, size_t *,
+static int fmtint(char **, char **, size_t *, size_t *,
-                   LLONG, int, int, int, int);
+                  LLONG, int, int, int, int);
 #ifndef OPENSSL_SYS_UEFI
-static void fmtfp(char **, char **, size_t *, size_t *,
+static int fmtfp(char **, char **, size_t *, size_t *,
-                  LDOUBLE, int, int, int);
+                 LDOUBLE, int, int, int);
 #endif
-static void doapr_outch(char **, char **, size_t *, size_t *, int);
+static int doapr_outch(char **, char **, size_t *, size_t *, int);
-static void _dopr(char **sbuffer, char **buffer,
+static int _dopr(char **sbuffer, char **buffer,
-                  size_t *maxlen, size_t *retlen, int *truncated,
+                 size_t *maxlen, size_t *retlen, int *truncated,
-                  const char *format, va_list args);
+                 const char *format, va_list args);
 /* format read states */
 #define DP_S_DEFAULT    0
@ -167,7 +167,7 @@ static void _dopr(char **sbuffer, char **buffer,
 #define char_to_int(p) (p - '0')
 #define OSSL_MAX(p,q) ((p >= q) ? p : q)
-static void
+static int
 _dopr(char **sbuffer,
      char **buffer,
      size_t *maxlen,
@ -200,7 +200,8 @@ _dopr(char **sbuffer,
            if (ch == '%')
                state = DP_S_FLAGS;
            else
-                doapr_outch(sbuffer, buffer, &currlen, maxlen, ch);
+                if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch))
                    return 0;
            ch = *format++;
            break;
        case DP_S_FLAGS:
@ -308,8 +309,9 @@ _dopr(char **sbuffer,
                    value = va_arg(args, int);
                    break;
                }
-                fmtint(sbuffer, buffer, &currlen, maxlen,
+                if (!fmtint(sbuffer, buffer, &currlen, maxlen, value, 10, min,
-                       value, 10, min, max, flags);
+                            max, flags))
                    return 0;
                break;
            case 'X':
                flags |= DP_F_UP;
@ -332,9 +334,10 @@ _dopr(char **sbuffer,
                    value = (LLONG) va_arg(args, unsigned int);
                    break;
                }
-                fmtint(sbuffer, buffer, &currlen, maxlen, value,
+                if (!fmtint(sbuffer, buffer, &currlen, maxlen, value,
-                       ch == 'o' ? 8 : (ch == 'u' ? 10 : 16),
+                            ch == 'o' ? 8 : (ch == 'u' ? 10 : 16),
-                       min, max, flags);
+                            min, max, flags))
                    return 0;
                break;
 #ifndef OPENSSL_SYS_UEFI
            case 'f':
@ -342,8 +345,9 @@ _dopr(char **sbuffer,
                    fvalue = va_arg(args, LDOUBLE);
                else
                    fvalue = va_arg(args, double);
-                fmtfp(sbuffer, buffer, &currlen, maxlen,
+                if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max,
-                      fvalue, min, max, flags);
+                           flags))
                    return 0;
                break;
            case 'E':
                flags |= DP_F_UP;
@ -363,8 +367,9 @@ _dopr(char **sbuffer,
                break;
 #endif
            case 'c':
-                doapr_outch(sbuffer, buffer, &currlen, maxlen,
+                if(!doapr_outch(sbuffer, buffer, &currlen, maxlen,
-                            va_arg(args, int));
+                            va_arg(args, int)))
                    return 0;
                break;
            case 's':
                strvalue = va_arg(args, char *);
@ -374,13 +379,15 @@ _dopr(char **sbuffer,
                    else
                        max = *maxlen;
                }
-                fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue,
+                if (!fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue,
-                       flags, min, max);
+                            flags, min, max))
                    return 0;
                break;
            case 'p':
                value = (long)va_arg(args, void *);
-                fmtint(sbuffer, buffer, &currlen, maxlen,
+                if (!fmtint(sbuffer, buffer, &currlen, maxlen,
-                       value, 16, min, max, flags | DP_F_NUM);
+                            value, 16, min, max, flags | DP_F_NUM))
                    return 0;
                break;
            case 'n':          /* XXX */
                if (cflags == DP_C_SHORT) {
@ -402,7 +409,8 @@ _dopr(char **sbuffer,
                }
                break;
            case '%':
-                doapr_outch(sbuffer, buffer, &currlen, maxlen, ch);
+                if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch))
                    return 0;
                break;
            case 'w':
                /* not supported yet, treat as next char */
@ -426,46 +434,56 @@ _dopr(char **sbuffer,
    *truncated = (currlen > *maxlen - 1);
    if (*truncated)
        currlen = *maxlen - 1;
-    doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0');
+    if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0'))
        return 0;
    *retlen = currlen - 1;
-    return;
+    return 1;
 }
-static void
+static int
 fmtstr(char **sbuffer,
       char **buffer,
       size_t *currlen,
       size_t *maxlen, const char *value, int flags, int min, int max)
 {
-    int padlen, strln;
+    int padlen;
    size_t strln;
    int cnt = 0;
    if (value == 0)
        value = "<NULL>";
-    for (strln = 0; value[strln]; ++strln) ;
+
    strln = strlen(value);
    if (strln > INT_MAX)
        strln = INT_MAX;
    padlen = min - strln;
-    if (padlen < 0)
+    if (min < 0 || padlen < 0)
        padlen = 0;
    if (flags & DP_F_MINUS)
        padlen = -padlen;
    while ((padlen > 0) && (cnt < max)) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
            return 0;
        --padlen;
        ++cnt;
    }
    while (*value && (cnt < max)) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, *value++);
+        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *value++))
            return 0;
        ++cnt;
    }
    while ((padlen < 0) && (cnt < max)) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
            return 0;
        ++padlen;
        ++cnt;
    }
    return 1;
 }
-static void
+static int
 fmtint(char **sbuffer,
       char **buffer,
       size_t *currlen,
@ -525,37 +543,44 @@ fmtint(char **sbuffer,
    /* spaces */
    while (spadlen > 0) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
            return 0;
        --spadlen;
    }
    /* sign */
    if (signvalue)
-        doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
+        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
            return 0;
    /* prefix */
    while (*prefix) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix);
+        if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix))
            return 0;
        prefix++;
    }
    /* zeros */
    if (zpadlen > 0) {
        while (zpadlen > 0) {
-            doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
+            if(!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
                return 0;
            --zpadlen;
        }
    }
    /* digits */
-    while (place > 0)
+    while (place > 0) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]);
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]))
            return 0;
    }
    /* left justified spaces */
    while (spadlen < 0) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
            return 0;
        ++spadlen;
    }
-    return;
+    return 1;
 }
 #ifndef OPENSSL_SYS_UEFI
@ -587,7 +612,7 @@ static long roundv(LDOUBLE value)
    return intpart;
 }
-static void
+static int
 fmtfp(char **sbuffer,
      char **buffer,
      size_t *currlen,
@ -666,48 +691,62 @@ fmtfp(char **sbuffer,
    if ((flags & DP_F_ZERO) && (padlen > 0)) {
        if (signvalue) {
-            doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
+            if (!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
                return 0;
            --padlen;
            signvalue = 0;
        }
        while (padlen > 0) {
-            doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
+            if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
                return 0;
            --padlen;
        }
    }
    while (padlen > 0) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
            return 0;
        --padlen;
    }
-    if (signvalue)
+    if (signvalue && !doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
-        doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
+        return 0;
-    while (iplace > 0)
+    while (iplace > 0) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace]);
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace]))
            return 0;
    }
    /*
     * Decimal point. This should probably use locale to find the correct
     * char to print out.
     */
    if (max > 0 || (flags & DP_F_NUM)) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, '.');
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '.'))
            return 0;
-        while (fplace > 0)
+        while (fplace > 0) {
-            doapr_outch(sbuffer, buffer, currlen, maxlen, fconvert[--fplace]);
+            if(!doapr_outch(sbuffer, buffer, currlen, maxlen,
                            fconvert[--fplace]))
                return 0;
        }
    }
    while (zpadlen > 0) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
            return 0;
        --zpadlen;
    }
    while (padlen < 0) {
-        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
            return 0;
        ++padlen;
    }
    return 1;
 }
 #endif
-static void
+#define BUFFER_INC  1024
 static int
 doapr_outch(char **sbuffer,
            char **buffer, size_t *currlen, size_t *maxlen, int c)
 {
@ -718,24 +757,25 @@ doapr_outch(char **sbuffer,
    assert(*currlen <= *maxlen);
    if (buffer && *currlen == *maxlen) {
-        *maxlen += 1024;
+        if (*maxlen > INT_MAX - BUFFER_INC)
            return 0;
        *maxlen += BUFFER_INC;
        if (*buffer == NULL) {
            *buffer = OPENSSL_malloc(*maxlen);
-            if (!*buffer) {
+            if (*buffer == NULL)
-                /* Panic! Can't really do anything sensible. Just return */
+                return 0;
                return;
            }
            if (*currlen > 0) {
                assert(*sbuffer != NULL);
                memcpy(*buffer, *sbuffer, *currlen);
            }
            *sbuffer = NULL;
        } else {
-            *buffer = OPENSSL_realloc(*buffer, *maxlen);
+            char *tmpbuf;
-            if (!*buffer) {
+            tmpbuf = OPENSSL_realloc(*buffer, *maxlen);
-                /* Panic! Can't really do anything sensible. Just return */
+            if (tmpbuf == NULL)
-                return;
+                return 0;
-            }
+            *buffer = tmpbuf;
        }
    }
@ -746,7 +786,7 @@ doapr_outch(char **sbuffer,
            (*buffer)[(*currlen)++] = (char)c;
    }
-    return;
+    return 1;
 }
 /***************************************************************************/
@ -778,7 +818,11 @@ int BIO_vprintf(BIO *bio, const char *format, va_list args)
    dynbuf = NULL;
    CRYPTO_push_info("doapr()");
-    _dopr(&hugebufp, &dynbuf, &hugebufsize, &retlen, &ignored, format, args);
+    if (!_dopr(&hugebufp, &dynbuf, &hugebufsize, &retlen, &ignored, format,
                args)) {
        OPENSSL_free(dynbuf);
        return -1;
    }
    if (dynbuf) {
        ret = BIO_write(bio, dynbuf, (int)retlen);
        OPENSSL_free(dynbuf);
@ -813,7 +857,8 @@ int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
    size_t retlen;
    int truncated;
-    _dopr(&buf, NULL, &n, &retlen, &truncated, format, args);
+    if(!_dopr(&buf, NULL, &n, &retlen, &truncated, format, args))
        return -1;
    if (truncated)
        /*
--- a/Cryptlib/OpenSSL/crypto/bio/bss_bio.c
+++ b/Cryptlib/OpenSSL/crypto/bio/bss_bio.c
@ -1,4 +1,4 @@
-/* crypto/bio/bss_bio.c  -*- Mode: C; c-file-style: "eay" -*- */
+/* crypto/bio/bss_bio.c  */
 /* ====================================================================
 * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
 *
--- a/Cryptlib/OpenSSL/crypto/bio/bss_conn.c
+++ b/Cryptlib/OpenSSL/crypto/bio/bss_conn.c
@ -419,7 +419,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
 {
    BIO *dbio;
    int *ip;
-    const char **pptr;
+    const char **pptr = NULL;
    long ret = 1;
    BIO_CONNECT *data;
@ -442,19 +442,28 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
    case BIO_C_GET_CONNECT:
        if (ptr != NULL) {
            pptr = (const char **)ptr;
-            if (num == 0) {
+        }
                *pptr = data->param_hostname;
-            } else if (num == 1) {
+        if (b->init) {
-                *pptr = data->param_port;
+            if (pptr != NULL) {
-            } else if (num == 2) {
+                ret = 1;
-                *pptr = (char *)&(data->ip[0]);
+                if (num == 0) {
-            } else if (num == 3) {
+                    *pptr = data->param_hostname;
-                *((int *)ptr) = data->port;
+                } else if (num == 1) {
                    *pptr = data->param_port;
                } else if (num == 2) {
                    *pptr = (char *)&(data->ip[0]);
                } else {
                    ret = 0;
                }
            }
-            if ((!b->init) || (ptr == NULL))
+            if (num == 3) {
                ret = data->port;
            }
        } else {
            if (pptr != NULL)
                *pptr = "not initialized";
-            ret = 1;
+            ret = 0;
        }
        break;
    case BIO_C_SET_CONNECT:
--- a/Cryptlib/OpenSSL/crypto/bio/bss_dgram.c
+++ b/Cryptlib/OpenSSL/crypto/bio/bss_dgram.c
@ -519,10 +519,8 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
    switch (cmd) {
    case BIO_CTRL_RESET:
        num = 0;
    case BIO_C_FILE_SEEK:
        ret = 0;
        break;
    case BIO_C_FILE_TELL:
    case BIO_CTRL_INFO:
        ret = 0;
        break;
--- a/Cryptlib/OpenSSL/crypto/bio/bss_file.c
+++ b/Cryptlib/OpenSSL/crypto/bio/bss_file.c
@ -467,23 +467,6 @@ static int MS_CALLBACK file_puts(BIO *bp, const char *str)
    return (ret);
 }
 # else
 BIO_METHOD *BIO_s_file(void)
 {
    return NULL;
 }
 BIO *BIO_new_file(const char *filename, const char *mode)
 {
    return NULL;
 }
 BIO *BIO_new_fp(FILE *stream, int close_flag)
 {
    return NULL;
 }
 # endif                         /* OPENSSL_NO_STDIO */
 #endif                          /* HEADER_BSS_FILE_C */
--- a/Cryptlib/OpenSSL/crypto/bio/bss_mem.c
+++ b/Cryptlib/OpenSSL/crypto/bio/bss_mem.c
@ -91,7 +91,8 @@ BIO_METHOD *BIO_s_mem(void)
    return (&mem_method);
 }
-BIO *BIO_new_mem_buf(void *buf, int len)
+
 BIO *BIO_new_mem_buf(const void *buf, int len)
 {
    BIO *ret;
    BUF_MEM *b;
@ -105,7 +106,8 @@ BIO *BIO_new_mem_buf(void *buf, int len)
    if (!(ret = BIO_new(BIO_s_mem())))
        return NULL;
    b = (BUF_MEM *)ret->ptr;
-    b->data = buf;
+    /* Cast away const and trust in the MEM_RDONLY flag. */
    b->data = (void *)buf;
    b->length = sz;
    b->max = sz;
    ret->flags |= BIO_FLAGS_MEM_RDONLY;
--- a/Cryptlib/OpenSSL/crypto/bn/bn.h
+++ b/Cryptlib/OpenSSL/crypto/bn/bn.h
@ -125,6 +125,7 @@
 #ifndef HEADER_BN_H
 # define HEADER_BN_H
 # include <limits.h>
 # include <openssl/e_os2.h>
 # ifndef OPENSSL_NO_FP_API
 #  include <stdio.h>            /* FILE */
@ -721,8 +722,17 @@ const BIGNUM *BN_get0_nist_prime_521(void);
 /* library internal functions */
-# define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\
+# define bn_expand(a,bits) \
-        (a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2))
+    ( \
        bits > (INT_MAX - BN_BITS2 + 1) ? \
            NULL \
        : \
            (((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax) ? \
                (a) \
            : \
                bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2) \
    )
 # define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words)))
 BIGNUM *bn_expand2(BIGNUM *a, int words);
 # ifndef OPENSSL_NO_DEPRECATED
--- a/Cryptlib/OpenSSL/crypto/bn/bn_exp.c
+++ b/Cryptlib/OpenSSL/crypto/bn/bn_exp.c
@ -110,6 +110,7 @@
 */
 #include "cryptlib.h"
 #include "constant_time_locl.h"
 #include "bn_lcl.h"
 #include <stdlib.h>
@ -282,9 +283,14 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
    }
    bits = BN_num_bits(p);
    if (bits == 0) {
-        ret = BN_one(r);
+        /* x**0 mod 1 is still zero. */
        if (BN_is_one(m)) {
            ret = 1;
            BN_zero(r);
        } else {
            ret = BN_one(r);
        }
        return ret;
    }
@ -418,7 +424,13 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
    }
    bits = BN_num_bits(p);
    if (bits == 0) {
-        ret = BN_one(rr);
+        /* x**0 mod 1 is still zero. */
        if (BN_is_one(m)) {
            ret = 1;
            BN_zero(rr);
        } else {
            ret = BN_one(rr);
        }
        return ret;
    }
@ -595,15 +607,17 @@ static BN_ULONG bn_get_bits(const BIGNUM *a, int bitpos)
 static int MOD_EXP_CTIME_COPY_TO_PREBUF(const BIGNUM *b, int top,
                                        unsigned char *buf, int idx,
-                                        int width)
+                                        int window)
 {
-    size_t i, j;
+    int i, j;
    int width = 1 << window;
    BN_ULONG *table = (BN_ULONG *)buf;
    if (top > b->top)
        top = b->top;           /* this works because 'buf' is explicitly
                                 * zeroed */
-    for (i = 0, j = idx; i < top * sizeof b->d[0]; i++, j += width) {
+    for (i = 0, j = idx; i < top; i++, j += width) {
-        buf[j] = ((unsigned char *)b->d)[i];
+        table[j] = b->d[i];
    }
    return 1;
@ -611,15 +625,51 @@ static int MOD_EXP_CTIME_COPY_TO_PREBUF(const BIGNUM *b, int top,
 static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
                                          unsigned char *buf, int idx,
-                                          int width)
+                                          int window)
 {
-    size_t i, j;
+    int i, j;
    int width = 1 << window;
    volatile BN_ULONG *table = (volatile BN_ULONG *)buf;
    if (bn_wexpand(b, top) == NULL)
        return 0;
-    for (i = 0, j = idx; i < top * sizeof b->d[0]; i++, j += width) {
+    if (window <= 3) {
-        ((unsigned char *)b->d)[i] = buf[j];
+        for (i = 0; i < top; i++, table += width) {
            BN_ULONG acc = 0;
            for (j = 0; j < width; j++) {
                acc |= table[j] &
                       ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1));
            }
            b->d[i] = acc;
        }
    } else {
        int xstride = 1 << (window - 2);
        BN_ULONG y0, y1, y2, y3;
        i = idx >> (window - 2);        /* equivalent of idx / xstride */
        idx &= xstride - 1;             /* equivalent of idx % xstride */
        y0 = (BN_ULONG)0 - (constant_time_eq_int(i,0)&1);
        y1 = (BN_ULONG)0 - (constant_time_eq_int(i,1)&1);
        y2 = (BN_ULONG)0 - (constant_time_eq_int(i,2)&1);
        y3 = (BN_ULONG)0 - (constant_time_eq_int(i,3)&1);
        for (i = 0; i < top; i++, table += width) {
            BN_ULONG acc = 0;
            for (j = 0; j < xstride; j++) {
                acc |= ( (table[j + 0 * xstride] & y0) |
                         (table[j + 1 * xstride] & y1) |
                         (table[j + 2 * xstride] & y2) |
                         (table[j + 3 * xstride] & y3) )
                       & ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1));
            }
            b->d[i] = acc;
        }
    }
    b->top = top;
@ -639,7 +689,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
 * precomputation memory layout to limit data-dependency to a minimum to
 * protect secret exponents (cf. the hyper-threading timing attacks pointed
 * out by Colin Percival,
- * http://www.daemong-consideredperthreading-considered-harmful/)
+ * http://www.daemonology.net/hyperthreading-considered-harmful/)
 */
 int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
                              const BIGNUM *m, BN_CTX *ctx,
@ -671,7 +721,13 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
    bits = BN_num_bits(p);
    if (bits == 0) {
-        ret = BN_one(rr);
+        /* x**0 mod 1 is still zero. */
        if (BN_is_one(m)) {
            ret = 1;
            BN_zero(rr);
        } else {
            ret = BN_one(rr);
        }
        return ret;
    }
@ -732,8 +788,8 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
    if (window >= 5) {
        window = 5;             /* ~5% improvement for RSA2048 sign, and even
                                 * for RSA4096 */
-        if ((top & 7) == 0)
+        /* reserve space for mont->N.d[] copy */
-            powerbufLen += 2 * top * sizeof(m->d[0]);
+        powerbufLen += top * sizeof(mont->N.d[0]);
    }
 #endif
    (void)0;
@ -954,7 +1010,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
                               const BN_ULONG *not_used, const BN_ULONG *np,
                               const BN_ULONG *n0, int num);
-        BN_ULONG *np = mont->N.d, *n0 = mont->n0, *np2;
+        BN_ULONG *n0 = mont->n0, *np;
        /*
         * BN_to_montgomery can contaminate words above .top [in
@ -965,11 +1021,11 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
        for (i = tmp.top; i < top; i++)
            tmp.d[i] = 0;
-        if (top & 7)
+        /*
-            np2 = np;
+         * copy mont->N.d[] to improve cache locality
-        else
+         */
-            for (np2 = am.d + top, i = 0; i < top; i++)
+        for (np = am.d + top, i = 0; i < top; i++)
-                np2[2 * i] = np[i];
+            np[i] = mont->N.d[i];
        bn_scatter5(tmp.d, top, powerbuf, 0);
        bn_scatter5(am.d, am.top, powerbuf, 1);
@ -979,7 +1035,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
 # if 0
        for (i = 3; i < 32; i++) {
            /* Calculate a^i = a^(i-1) * a */
-            bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np2, n0, top, i - 1);
+            bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);
            bn_scatter5(tmp.d, top, powerbuf, i);
        }
 # else
@ -990,7 +1046,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
        }
        for (i = 3; i < 8; i += 2) {
            int j;
-            bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np2, n0, top, i - 1);
+            bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);
            bn_scatter5(tmp.d, top, powerbuf, i);
            for (j = 2 * i; j < 32; j *= 2) {
                bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
@ -998,13 +1054,13 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
            }
        }
        for (; i < 16; i += 2) {
-            bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np2, n0, top, i - 1);
+            bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);
            bn_scatter5(tmp.d, top, powerbuf, i);
            bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
            bn_scatter5(tmp.d, top, powerbuf, 2 * i);
        }
        for (; i < 32; i += 2) {
-            bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np2, n0, top, i - 1);
+            bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);
            bn_scatter5(tmp.d, top, powerbuf, i);
        }
 # endif
@ -1033,11 +1089,11 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
            while (bits >= 0) {
                wvalue = bn_get_bits5(p->d, bits - 4);
                bits -= 5;
-                bn_power5(tmp.d, tmp.d, powerbuf, np2, n0, top, wvalue);
+                bn_power5(tmp.d, tmp.d, powerbuf, np, n0, top, wvalue);
            }
        }
-        ret = bn_from_montgomery(tmp.d, tmp.d, NULL, np2, n0, top);
+        ret = bn_from_montgomery(tmp.d, tmp.d, NULL, np, n0, top);
        tmp.top = top;
        bn_correct_top(&tmp);
        if (ret) {
@ -1048,9 +1104,9 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
    } else
 #endif
    {
-        if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 0, numPowers))
+        if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 0, window))
            goto err;
-        if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&am, top, powerbuf, 1, numPowers))
+        if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&am, top, powerbuf, 1, window))
            goto err;
        /*
@ -1062,15 +1118,15 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
        if (window > 1) {
            if (!BN_mod_mul_montgomery(&tmp, &am, &am, mont, ctx))
                goto err;
-            if (!MOD_EXP_CTIME_COPY_TO_PREBUF
+            if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 2,
-                (&tmp, top, powerbuf, 2, numPowers))
+                                              window))
                goto err;
            for (i = 3; i < numPowers; i++) {
                /* Calculate a^i = a^(i-1) * a */
                if (!BN_mod_mul_montgomery(&tmp, &am, &tmp, mont, ctx))
                    goto err;
-                if (!MOD_EXP_CTIME_COPY_TO_PREBUF
+                if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, i,
-                    (&tmp, top, powerbuf, i, numPowers))
+                                                  window))
                    goto err;
            }
        }
@ -1078,8 +1134,8 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
        bits--;
        for (wvalue = 0, i = bits % window; i >= 0; i--, bits--)
            wvalue = (wvalue << 1) + BN_is_bit_set(p, bits);
-        if (!MOD_EXP_CTIME_COPY_FROM_PREBUF
+        if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&tmp, top, powerbuf, wvalue,
-            (&tmp, top, powerbuf, wvalue, numPowers))
+                                            window))
            goto err;
        /*
@ -1099,8 +1155,8 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
            /*
             * Fetch the appropriate pre-computed value from the pre-buf
             */
-            if (!MOD_EXP_CTIME_COPY_FROM_PREBUF
+            if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&am, top, powerbuf, wvalue,
-                (&am, top, powerbuf, wvalue, numPowers))
+                                                window))
                goto err;
            /* Multiply the result into the intermediate result */
@ -1182,8 +1238,9 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
        if (BN_is_one(m)) {
            ret = 1;
            BN_zero(rr);
-        } else
+        } else {
            ret = BN_one(rr);
        }
        return ret;
    }
    if (a == 0) {
@ -1297,9 +1354,14 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
    }
    bits = BN_num_bits(p);
-
+   if (bits == 0) {
-    if (bits == 0) {
+        /* x**0 mod 1 is still zero. */
-        ret = BN_one(r);
+        if (BN_is_one(m)) {
            ret = 1;
            BN_zero(r);
        } else {
            ret = BN_one(r);
        }
        return ret;
    }
--- a/Cryptlib/OpenSSL/crypto/bn/bn_prime.c
+++ b/Cryptlib/OpenSSL/crypto/bn/bn_prime.c
@ -131,7 +131,7 @@
 static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
                   const BIGNUM *a1_odd, int k, BN_CTX *ctx,
                   BN_MONT_CTX *mont);
-static int probable_prime(BIGNUM *rnd, int bits);
+static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods);
 static int probable_prime_dh(BIGNUM *rnd, int bits,
                             const BIGNUM *add, const BIGNUM *rem,
                             BN_CTX *ctx);
@ -166,9 +166,13 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
    BIGNUM *t;
    int found = 0;
    int i, j, c1 = 0;
-    BN_CTX *ctx;
+    BN_CTX *ctx = NULL;
    prime_t *mods = NULL;
    int checks = BN_prime_checks_for_size(bits);
    mods = OPENSSL_malloc(sizeof(*mods) * NUMPRIMES);
    if (mods == NULL)
 	    goto err;
    ctx = BN_CTX_new();
    if (ctx == NULL)
        goto err;
@ -179,7 +183,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
 loop:
    /* make a random number and set the top and bottom bits */
    if (add == NULL) {
-        if (!probable_prime(ret, bits))
+        if (!probable_prime(ret, bits, mods))
            goto err;
    } else {
        if (safe) {
@ -230,6 +234,7 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
    /* we have a prime :-) */
    found = 1;
 err:
    OPENSSL_free(mods);
    if (ctx != NULL) {
        BN_CTX_end(ctx);
        BN_CTX_free(ctx);
@ -375,10 +380,9 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
    return 1;
 }
-static int probable_prime(BIGNUM *rnd, int bits)
+static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods)
 {
    int i;
    prime_t mods[NUMPRIMES];
    BN_ULONG delta, maxdelta;
 again:
--- a/Cryptlib/OpenSSL/crypto/bn/bn_print.c
+++ b/Cryptlib/OpenSSL/crypto/bn/bn_print.c
@ -58,6 +58,7 @@
 #include <stdio.h>
 #include <ctype.h>
 #include <limits.h>
 #include "cryptlib.h"
 #include <openssl/buffer.h>
 #include "bn_lcl.h"
@ -189,7 +190,11 @@ int BN_hex2bn(BIGNUM **bn, const char *a)
        a++;
    }
-    for (i = 0; isxdigit((unsigned char)a[i]); i++) ;
+    for (i = 0; i <= (INT_MAX/4) && isxdigit((unsigned char)a[i]); i++)
        continue;
    if (i > INT_MAX/4)
        goto err;
    num = i + neg;
    if (bn == NULL)
@ -204,7 +209,7 @@ int BN_hex2bn(BIGNUM **bn, const char *a)
        BN_zero(ret);
    }
-    /* i is the number of hex digests; */
+    /* i is the number of hex digits */
    if (bn_expand(ret, i * 4) == NULL)
        goto err;
@ -260,7 +265,11 @@ int BN_dec2bn(BIGNUM **bn, const char *a)
        a++;
    }
-    for (i = 0; isdigit((unsigned char)a[i]); i++) ;
+    for (i = 0; i <= (INT_MAX/4) && isdigit((unsigned char)a[i]); i++)
        continue;
    if (i > INT_MAX/4)
        goto err;
    num = i + neg;
    if (bn == NULL)
@ -278,7 +287,7 @@ int BN_dec2bn(BIGNUM **bn, const char *a)
        BN_zero(ret);
    }
-    /* i is the number of digests, a bit of an over expand; */
+    /* i is the number of digits, a bit of an over expand */
    if (bn_expand(ret, i * 4) == NULL)
        goto err;
--- a/Cryptlib/OpenSSL/crypto/bn/bn_recp.c
+++ b/Cryptlib/OpenSSL/crypto/bn/bn_recp.c
@ -65,6 +65,7 @@ void BN_RECP_CTX_init(BN_RECP_CTX *recp)
    BN_init(&(recp->N));
    BN_init(&(recp->Nr));
    recp->num_bits = 0;
    recp->shift = 0;
    recp->flags = 0;
 }
--- a/Cryptlib/OpenSSL/crypto/cmac/cmac.c
+++ b/Cryptlib/OpenSSL/crypto/cmac/cmac.c
@ -160,6 +160,14 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
            EVPerr(EVP_F_CMAC_INIT, EVP_R_DISABLED_FOR_FIPS);
            return 0;
        }
        /* Switch to FIPS cipher implementation if possible */
        if (cipher != NULL) {
            const EVP_CIPHER *fcipher;
            fcipher = FIPS_get_cipherbynid(EVP_CIPHER_nid(cipher));
            if (fcipher != NULL)
                cipher = fcipher;
        }
        /*
         * Other algorithm blocking will be done in FIPS_cmac_init, via
         * FIPS_cipherinit().
--- a/Cryptlib/OpenSSL/crypto/conf/conf_def.c
+++ b/Cryptlib/OpenSSL/crypto/conf/conf_def.c
@ -182,6 +182,10 @@ static int def_destroy_data(CONF *conf)
 static int def_load(CONF *conf, const char *name, long *line)
 {
 #ifdef OPENSSL_NO_STDIO
    CONFerr(CONF_F_DEF_LOAD, ERR_R_SYS_LIB);
    return 0;
 #else
    int ret;
    BIO *in = NULL;
@ -202,6 +206,7 @@ static int def_load(CONF *conf, const char *name, long *line)
    BIO_free(in);
    return ret;
 #endif
 }
 static int def_load_bio(CONF *conf, BIO *in, long *line)
--- a/Cryptlib/OpenSSL/crypto/conf/conf_lib.c
+++ b/Cryptlib/OpenSSL/crypto/conf/conf_lib.c
@ -90,6 +90,7 @@ int CONF_set_default_method(CONF_METHOD *meth)
    return 1;
 }
 #ifndef OPENSSL_NO_STDIO
 LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,
                                long *eline)
 {
@ -111,6 +112,7 @@ LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,
    return ltmp;
 }
 #endif
 #ifndef OPENSSL_NO_FP_API
 LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,
@ -255,6 +257,7 @@ void NCONF_free_data(CONF *conf)
    conf->meth->destroy_data(conf);
 }
 #ifndef OPENSSL_NO_STDIO
 int NCONF_load(CONF *conf, const char *file, long *eline)
 {
    if (conf == NULL) {
@ -264,6 +267,7 @@ int NCONF_load(CONF *conf, const char *file, long *eline)
    return conf->meth->load(conf, file, eline);
 }
 #endif
 #ifndef OPENSSL_NO_FP_API
 int NCONF_load_fp(CONF *conf, FILE *fp, long *eline)
--- a/Cryptlib/OpenSSL/crypto/conf/conf_mod.c
+++ b/Cryptlib/OpenSSL/crypto/conf/conf_mod.c
@ -159,6 +159,7 @@ int CONF_modules_load(const CONF *cnf, const char *appname,
 }
 #ifndef OPENSSL_NO_STDIO
 int CONF_modules_load_file(const char *filename, const char *appname,
                           unsigned long flags)
 {
@ -194,6 +195,7 @@ int CONF_modules_load_file(const char *filename, const char *appname,
    return ret;
 }
 #endif
 static int module_run(const CONF *cnf, char *name, char *value,
                      unsigned long flags)
--- a/Cryptlib/OpenSSL/crypto/conf/conf_sap.c
+++ b/Cryptlib/OpenSSL/crypto/conf/conf_sap.c
@ -87,9 +87,11 @@ void OPENSSL_config(const char *config_name)
    ENGINE_load_builtin_engines();
 #endif
    ERR_clear_error();
 #ifndef OPENSSL_NO_STDIO
    CONF_modules_load_file(NULL, config_name,
                               CONF_MFLAGS_DEFAULT_SECTION |
                               CONF_MFLAGS_IGNORE_MISSING_FILE);
 #endif
    openssl_configured = 1;
 }
--- a/Cryptlib/OpenSSL/crypto/cryptlib.c
+++ b/Cryptlib/OpenSSL/crypto/cryptlib.c
@ -263,7 +263,7 @@ int CRYPTO_get_new_dynlockid(void)
        return (0);
    }
    pointer->references = 1;
-    pointer->data = dynlock_create_callback(__FILE__, __LINE__);
+    pointer->data = dynlock_create_callback(OPENSSL_FILE, OPENSSL_LINE);
    if (pointer->data == NULL) {
        OPENSSL_free(pointer);
        CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, ERR_R_MALLOC_FAILURE);
@ -289,7 +289,7 @@ int CRYPTO_get_new_dynlockid(void)
    CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
    if (i == -1) {
-        dynlock_destroy_callback(pointer->data, __FILE__, __LINE__);
+        dynlock_destroy_callback(pointer->data, OPENSSL_FILE, OPENSSL_LINE);
        OPENSSL_free(pointer);
    } else
        i += 1;                 /* to avoid 0 */
@ -328,7 +328,7 @@ void CRYPTO_destroy_dynlockid(int i)
    CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
    if (pointer) {
-        dynlock_destroy_callback(pointer->data, __FILE__, __LINE__);
+        dynlock_destroy_callback(pointer->data, OPENSSL_FILE, OPENSSL_LINE);
        OPENSSL_free(pointer);
    }
 }
@ -670,6 +670,7 @@ unsigned long *OPENSSL_ia32cap_loc(void)
 }
 # if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY)
 #include <stdio.h>
 #  define OPENSSL_CPUID_SETUP
 #  if defined(_WIN32)
 typedef unsigned __int64 IA32CAP;
@ -980,11 +981,13 @@ void OPENSSL_showfatal(const char *fmta, ...)
 #else
 void OPENSSL_showfatal(const char *fmta, ...)
 {
 #ifndef OPENSSL_NO_STDIO
    va_list ap;
    va_start(ap, fmta);
    vfprintf(stderr, fmta, ap);
    va_end(ap);
 #endif
 }
 int OPENSSL_isservice(void)
@ -1011,16 +1014,18 @@ void OpenSSLDie(const char *file, int line, const char *assertion)
 #endif
 }
 #ifndef OPENSSL_NO_STDIO
 void *OPENSSL_stderr(void)
 {
    return stderr;
 }
 #endif
-int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len)
+int CRYPTO_memcmp(const volatile void *in_a, const volatile void *in_b, size_t len)
 {
    size_t i;
-    const unsigned char *a = in_a;
+    const volatile unsigned char *a = in_a;
-    const unsigned char *b = in_b;
+    const volatile unsigned char *b = in_b;
    unsigned char x = 0;
    for (i = 0; i < len; i++)
--- a/Cryptlib/OpenSSL/crypto/cryptlib.h
+++ b/Cryptlib/OpenSSL/crypto/cryptlib.h
@ -101,7 +101,9 @@ extern "C" {
 void OPENSSL_cpuid_setup(void);
 extern unsigned int OPENSSL_ia32cap_P[];
 void OPENSSL_showfatal(const char *fmta, ...);
 #ifndef OPENSSL_NO_STDIO
 void *OPENSSL_stderr(void);
 #endif
 extern int OPENSSL_NONPIC_relocated;
 #ifdef  __cplusplus
--- a/Cryptlib/OpenSSL/crypto/des/des_old.c
+++ b/Cryptlib/OpenSSL/crypto/des/des_old.c
@ -1,4 +1,4 @@
-/* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/des/des_old.c */
 /*-
 * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
--- a/Cryptlib/OpenSSL/crypto/des/des_old2.c
+++ b/Cryptlib/OpenSSL/crypto/des/des_old2.c
@ -1,4 +1,4 @@
-/* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/des/des_old.c */
 /*
 * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING The
--- a/Cryptlib/OpenSSL/crypto/des/read2pwd.c
+++ b/Cryptlib/OpenSSL/crypto/des/read2pwd.c
@ -114,6 +114,10 @@
 #include <openssl/ui.h>
 #include <openssl/crypto.h>
 #ifndef BUFSIZ
 #define BUFSIZ 256
 #endif
 int DES_read_password(DES_cblock *key, const char *prompt, int verify)
 {
    int ok;
--- a/Cryptlib/OpenSSL/crypto/dh/dh_check.c
+++ b/Cryptlib/OpenSSL/crypto/dh/dh_check.c
@ -151,23 +151,37 @@ int DH_check(const DH *dh, int *ret)
 int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
 {
    int ok = 0;
-    BIGNUM *q = NULL;
+    BIGNUM *tmp = NULL;
    BN_CTX *ctx = NULL;
    *ret = 0;
-    q = BN_new();
+    ctx = BN_CTX_new();
-    if (q == NULL)
+    if (ctx == NULL)
        goto err;
-    BN_set_word(q, 1);
+    BN_CTX_start(ctx);
-    if (BN_cmp(pub_key, q) <= 0)
+    tmp = BN_CTX_get(ctx);
    if (tmp == NULL || !BN_set_word(tmp, 1))
        goto err;
    if (BN_cmp(pub_key, tmp) <= 0)
        *ret |= DH_CHECK_PUBKEY_TOO_SMALL;
-    BN_copy(q, dh->p);
+    if (BN_copy(tmp, dh->p) == NULL || !BN_sub_word(tmp, 1))
-    BN_sub_word(q, 1);
+        goto err;
-    if (BN_cmp(pub_key, q) >= 0)
+    if (BN_cmp(pub_key, tmp) >= 0)
        *ret |= DH_CHECK_PUBKEY_TOO_LARGE;
    if (dh->q != NULL) {
        /* Check pub_key^q == 1 mod p */
        if (!BN_mod_exp(tmp, pub_key, dh->q, dh->p, ctx))
            goto err;
        if (!BN_is_one(tmp))
            *ret |= DH_CHECK_PUBKEY_INVALID;
    }
    ok = 1;
 err:
-    if (q != NULL)
+    if (ctx != NULL) {
-        BN_free(q);
+        BN_CTX_end(ctx);
        BN_CTX_free(ctx);
    }
    return (ok);
 }
--- a/Cryptlib/OpenSSL/crypto/dh/dh_pmeth.c
+++ b/Cryptlib/OpenSSL/crypto/dh/dh_pmeth.c
@ -207,7 +207,11 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
    case EVP_PKEY_CTRL_DH_KDF_TYPE:
        if (p1 == -2)
            return dctx->kdf_type;
 #ifdef OPENSSL_NO_CMS
        if (p1 != EVP_PKEY_DH_KDF_NONE)
 #else
        if (p1 != EVP_PKEY_DH_KDF_NONE && p1 != EVP_PKEY_DH_KDF_X9_42)
 #endif
            return -2;
        dctx->kdf_type = p1;
        return 1;
@ -448,10 +452,10 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
            return ret;
        *keylen = ret;
        return 1;
-    } else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
+    }
-#ifdef OPENSSL_NO_CMS
+#ifndef OPENSSL_NO_CMS
-        return 0;
+    else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
-#else
+
        unsigned char *Z = NULL;
        size_t Zlen = 0;
        if (!dctx->kdf_outlen || !dctx->kdf_oid)
@ -481,9 +485,9 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
            OPENSSL_free(Z);
        }
        return ret;
 #endif
    }
-    return 1;
+#endif
    return 0;
 }
 const EVP_PKEY_METHOD dh_pkey_meth = {
--- a/Cryptlib/OpenSSL/crypto/dso/dso_dl.c
+++ b/Cryptlib/OpenSSL/crypto/dso/dso_dl.c
@ -1,4 +1,4 @@
-/* dso_dl.c -*- mode:C; c-file-style: "eay" -*- */
+/* dso_dl.c */
 /*
 * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
 * 2000.
--- a/Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c
+++ b/Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c
@ -1,4 +1,4 @@
-/* dso_dlfcn.c -*- mode:C; c-file-style: "eay" -*- */
+/* dso_dlfcn.c */
 /*
 * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
 * 2000.
--- a/Cryptlib/OpenSSL/crypto/dso/dso_lib.c
+++ b/Cryptlib/OpenSSL/crypto/dso/dso_lib.c
@ -1,4 +1,4 @@
-/* dso_lib.c -*- mode:C; c-file-style: "eay" -*- */
+/* dso_lib.c */
 /*
 * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
 * 2000.
@ -122,6 +122,7 @@ DSO *DSO_new_method(DSO_METHOD *meth)
        ret->meth = meth;
    ret->references = 1;
    if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
        sk_void_free(ret->meth_data);
        OPENSSL_free(ret);
        ret = NULL;
    }
--- a/Cryptlib/OpenSSL/crypto/dso/dso_vms.c
+++ b/Cryptlib/OpenSSL/crypto/dso/dso_vms.c
@ -1,4 +1,4 @@
-/* dso_vms.c -*- mode:C; c-file-style: "eay" -*- */
+/* dso_vms.c */
 /*
 * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
 * 2000.
--- a/Cryptlib/OpenSSL/crypto/dso/dso_win32.c
+++ b/Cryptlib/OpenSSL/crypto/dso/dso_win32.c
@ -1,4 +1,4 @@
-/* dso_win32.c -*- mode:C; c-file-style: "eay" -*- */
+/* dso_win32.c */
 /*
 * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
 * 2000.
--- a/Cryptlib/OpenSSL/crypto/evp/e_camellia.c
+++ b/Cryptlib/OpenSSL/crypto/evp/e_camellia.c
@ -1,4 +1,4 @@
-/* crypto/evp/e_camellia.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/evp/e_camellia.c */
 /* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
--- a/Cryptlib/OpenSSL/crypto/evp/e_des.c
+++ b/Cryptlib/OpenSSL/crypto/evp/e_des.c
@ -71,12 +71,13 @@ typedef struct {
        DES_key_schedule ks;
    } ks;
    union {
-        void (*cbc) (const void *, void *, size_t, const void *, void *);
+        void (*cbc) (const void *, void *, size_t,
                     const DES_key_schedule *, unsigned char *);
    } stream;
 } EVP_DES_KEY;
 # if defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
-/* ---------^^^ this is not a typo, just a way to detect that
+/* ----------^^^ this is not a typo, just a way to detect that
 * assembler support was in general requested... */
 #  include "sparc_arch.h"
@ -86,9 +87,9 @@ extern unsigned int OPENSSL_sparcv9cap_P[];
 void des_t4_key_expand(const void *key, DES_key_schedule *ks);
 void des_t4_cbc_encrypt(const void *inp, void *out, size_t len,
-                        DES_key_schedule *ks, unsigned char iv[8]);
+                        const DES_key_schedule *ks, unsigned char iv[8]);
 void des_t4_cbc_decrypt(const void *inp, void *out, size_t len,
-                        DES_key_schedule *ks, unsigned char iv[8]);
+                        const DES_key_schedule *ks, unsigned char iv[8]);
 # endif
 static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
@ -130,7 +131,7 @@ static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 {
    EVP_DES_KEY *dat = (EVP_DES_KEY *) ctx->cipher_data;
-    if (dat->stream.cbc) {
+    if (dat->stream.cbc != NULL) {
        (*dat->stream.cbc) (in, out, inl, &dat->ks.ks, ctx->iv);
        return 1;
    }
--- a/Cryptlib/OpenSSL/crypto/evp/e_des3.c
+++ b/Cryptlib/OpenSSL/crypto/evp/e_des3.c
@ -75,7 +75,8 @@ typedef struct {
        DES_key_schedule ks[3];
    } ks;
    union {
-        void (*cbc) (const void *, void *, size_t, const void *, void *);
+        void (*cbc) (const void *, void *, size_t,
                     const DES_key_schedule *, unsigned char *);
    } stream;
 } DES_EDE_KEY;
 # define ks1 ks.ks[0]
@ -93,9 +94,9 @@ extern unsigned int OPENSSL_sparcv9cap_P[];
 void des_t4_key_expand(const void *key, DES_key_schedule *ks);
 void des_t4_ede3_cbc_encrypt(const void *inp, void *out, size_t len,
-                             DES_key_schedule *ks, unsigned char iv[8]);
+                             const DES_key_schedule ks[3], unsigned char iv[8]);
 void des_t4_ede3_cbc_decrypt(const void *inp, void *out, size_t len,
-                             DES_key_schedule *ks, unsigned char iv[8]);
+                             const DES_key_schedule ks[3], unsigned char iv[8]);
 # endif
 static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
@ -162,7 +163,7 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
    }
 # endif                         /* KSSL_DEBUG */
    if (dat->stream.cbc) {
-        (*dat->stream.cbc) (in, out, inl, &dat->ks, ctx->iv);
+        (*dat->stream.cbc) (in, out, inl, dat->ks.ks, ctx->iv);
        return 1;
    }
@ -395,7 +396,7 @@ static int des_ede3_unwrap(EVP_CIPHER_CTX *ctx, unsigned char *out,
    int rv = -1;
    if (inl < 24)
        return -1;
-    if (!out)
+    if (out == NULL)
        return inl - 16;
    memcpy(ctx->iv, wrap_iv, 8);
    /* Decrypt first block which will end up as icv */
@ -438,7 +439,7 @@ static int des_ede3_wrap(EVP_CIPHER_CTX *ctx, unsigned char *out,
                         const unsigned char *in, size_t inl)
 {
    unsigned char sha1tmp[SHA_DIGEST_LENGTH];
-    if (!out)
+    if (out == NULL)
        return inl + 16;
    /* Copy input to output buffer + 8 so we have space for IV */
    memmove(out + 8, in, inl);
--- a/Cryptlib/OpenSSL/crypto/evp/e_old.c
+++ b/Cryptlib/OpenSSL/crypto/evp/e_old.c
@ -1,4 +1,4 @@
-/* crypto/evp/e_old.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/evp/e_old.c */
 /*
 * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
 * 2004.
--- a/Cryptlib/OpenSSL/crypto/evp/e_seed.c
+++ b/Cryptlib/OpenSSL/crypto/evp/e_seed.c
@ -1,4 +1,4 @@
-/* crypto/evp/e_seed.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/evp/e_seed.c */
 /* ====================================================================
 * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
 *
--- a/Cryptlib/OpenSSL/crypto/evp/evp_key.c
+++ b/Cryptlib/OpenSSL/crypto/evp/evp_key.c
@ -63,6 +63,7 @@
 #include <openssl/evp.h>
 #include <openssl/ui.h>
 #ifndef OPENSSL_NO_UI
 /* should be init to zeros. */
 static char prompt_string[80];
@ -117,6 +118,7 @@ int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt,
    OPENSSL_cleanse(buff, BUFSIZ);
    return ret;
 }
 #endif /* OPENSSL_NO_UI */
 int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
                   const unsigned char *salt, const unsigned char *data,
--- a/Cryptlib/OpenSSL/crypto/mem_clr.c
+++ b/Cryptlib/OpenSSL/crypto/mem_clr.c
@ -1,4 +1,4 @@
-/* crypto/mem_clr.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/mem_clr.c */
 /*
 * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
 * 2002.
--- a/Cryptlib/OpenSSL/crypto/modes/ctr128.c
+++ b/Cryptlib/OpenSSL/crypto/modes/ctr128.c
@ -67,23 +67,20 @@
 /* increment counter (128-bit int) by 1 */
 static void ctr128_inc(unsigned char *counter)
 {
-    u32 n = 16;
+    u32 n = 16, c = 1;
    u8 c;
    do {
        --n;
-        c = counter[n];
+        c += counter[n];
-        ++c;
+        counter[n] = (u8)c;
-        counter[n] = c;
+        c >>= 8;
        if (c)
            return;
    } while (n);
 }
 #if !defined(OPENSSL_SMALL_FOOTPRINT)
 static void ctr128_inc_aligned(unsigned char *counter)
 {
-    size_t *data, c, n;
+    size_t *data, c, d, n;
    const union {
        long one;
        char little;
@ -91,20 +88,19 @@ static void ctr128_inc_aligned(unsigned char *counter)
        1
    };
-    if (is_endian.little) {
+    if (is_endian.little || ((size_t)counter % sizeof(size_t)) != 0) {
        ctr128_inc(counter);
        return;
    }
    data = (size_t *)counter;
    c = 1;
    n = 16 / sizeof(size_t);
    do {
        --n;
-        c = data[n];
+        d = data[n] += c;
-        ++c;
+        /* did addition carry? */
-        data[n] = c;
+        c = ((d - c) ^ d) >> (sizeof(size_t) * 8 - 1);
        if (c)
            return;
    } while (n);
 }
 #endif
@ -144,14 +140,14 @@ void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
            }
 # if defined(STRICT_ALIGNMENT)
-            if (((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) !=
+            if (((size_t)in | (size_t)out | (size_t)ecount_buf)
-                0)
+                % sizeof(size_t) != 0)
                break;
 # endif
            while (len >= 16) {
                (*block) (ivec, ecount_buf, key);
                ctr128_inc_aligned(ivec);
-                for (; n < 16; n += sizeof(size_t))
+                for (n = 0; n < 16; n += sizeof(size_t))
                    *(size_t *)(out + n) =
                        *(size_t *)(in + n) ^ *(size_t *)(ecount_buf + n);
                len -= 16;
@ -189,16 +185,13 @@ void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
 /* increment upper 96 bits of 128-bit counter by 1 */
 static void ctr96_inc(unsigned char *counter)
 {
-    u32 n = 12;
+    u32 n = 12, c = 1;
    u8 c;
    do {
        --n;
-        c = counter[n];
+        c += counter[n];
-        ++c;
+        counter[n] = (u8)c;
-        counter[n] = c;
+        c >>= 8;
        if (c)
            return;
    } while (n);
 }
--- a/Cryptlib/OpenSSL/crypto/o_dir.c
+++ b/Cryptlib/OpenSSL/crypto/o_dir.c
@ -1,4 +1,4 @@
-/* crypto/o_dir.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/o_dir.c */
 /*
 * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
 * 2004.
--- a/Cryptlib/OpenSSL/crypto/o_dir.h
+++ b/Cryptlib/OpenSSL/crypto/o_dir.h
@ -1,4 +1,4 @@
-/* crypto/o_dir.h -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/o_dir.h */
 /*
 * Copied from Richard Levitte's (richard@levitte.org) LP library.  All
 * symbol names have been changed, with permission from the author.
--- a/Cryptlib/OpenSSL/crypto/o_str.c
+++ b/Cryptlib/OpenSSL/crypto/o_str.c
@ -1,4 +1,4 @@
-/* crypto/o_str.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/o_str.c */
 /*
 * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
 * 2003.
--- a/Cryptlib/OpenSSL/crypto/o_str.h
+++ b/Cryptlib/OpenSSL/crypto/o_str.h
@ -1,4 +1,4 @@
-/* crypto/o_str.h -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/o_str.h */
 /*
 * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
 * 2003.
--- a/Cryptlib/OpenSSL/crypto/o_time.c
+++ b/Cryptlib/OpenSSL/crypto/o_time.c
@ -1,4 +1,4 @@
-/* crypto/o_time.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/o_time.c */
 /*
 * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
 * 2001.
--- a/Cryptlib/OpenSSL/crypto/o_time.h
+++ b/Cryptlib/OpenSSL/crypto/o_time.h
@ -1,4 +1,4 @@
-/* crypto/o_time.h -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/o_time.h */
 /*
 * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
 * 2001.
--- a/Cryptlib/OpenSSL/crypto/pem/pem_lib.c
+++ b/Cryptlib/OpenSSL/crypto/pem/pem_lib.c
@ -84,7 +84,7 @@ int pem_check_suffix(const char *pem_str, const char *suffix);
 int PEM_def_callback(char *buf, int num, int w, void *key)
 {
-#ifdef OPENSSL_NO_FP_API
+#if defined(OPENSSL_NO_FP_API) || defined(OPENSSL_NO_UI)
    /*
     * We should not ever call the default callback routine from windows.
     */
--- a/Cryptlib/OpenSSL/crypto/pem/pem_pk8.c
+++ b/Cryptlib/OpenSSL/crypto/pem/pem_pk8.c
@ -69,10 +69,12 @@
 static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder,
                      int nid, const EVP_CIPHER *enc,
                      char *kstr, int klen, pem_password_cb *cb, void *u);
 #ifndef OPENSSL_NO_FP_API
 static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder,
                         int nid, const EVP_CIPHER *enc,
                         char *kstr, int klen, pem_password_cb *cb, void *u);
-
+#endif
 /*
 * These functions write a private key in PKCS#8 format: it is a "drop in"
 * replacement for PEM_write_bio_PrivateKey() and friends. As usual if 'enc'
--- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c
@ -64,6 +64,9 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 #define BUFFERSIZE 4096
 static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
 PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
@ -255,7 +258,6 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
    PKCS7_SIGNER_INFO *si;
    X509_STORE_CTX cert_ctx;
    char *buf = NULL;
    int bufsiz;
    int i, j = 0, k, ret = 0;
    BIO *p7bio = NULL;
    BIO *tmpin = NULL, *tmpout = NULL;
@ -275,6 +277,29 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
        PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_CONTENT);
        return 0;
    }
 #if 0
    /*
     * NB: this test commented out because some versions of Netscape
     * illegally include zero length content when signing data. Also
     * Microsoft Authenticode includes a SpcIndirectDataContent data
     * structure which describes the content to be protected by the
     * signature, rather than directly embedding that content. So
     * Authenticode implementations are also expected to use
     * PKCS7_verify() with explicit external data, on non-detached
     * PKCS#7 signatures.
     *
     * In OpenSSL 1.1 a new flag PKCS7_NO_DUAL_CONTENT has been
     * introduced to disable this sanity check. For the 1.0.2 branch
     * this change is not acceptable, so the check remains completely
     * commented out (as it has been for a long time).
     */
    /* Check for data and content: two sets of data */
    if (!PKCS7_get_detached(p7) && indata) {
        PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT);
        return 0;
    }
 #endif
    sinfos = PKCS7_get_signer_info(p7);
@ -350,14 +375,13 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
    } else
        tmpout = out;
-    bufsiz = 4096;
+    /* We now have to 'read' from p7bio to calculate digests etc. */
-    buf = OPENSSL_malloc(bufsiz);
+    if ((buf = OPENSSL_malloc(BUFFERSIZE)) == NULL) {
-    if (buf == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE);
        goto err;
    }
    /* We now have to 'read' from p7bio to calculate digests etc. */
    for (;;) {
-        i = BIO_read(p7bio, buf, bufsiz);
+        i = BIO_read(p7bio, buf, BUFFERSIZE);
        if (i <= 0)
            break;
        if (tmpout)
@ -388,16 +412,13 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
    ret = 1;
 err:
    OPENSSL_free(buf);
    if (tmpin == indata) {
        if (indata)
            BIO_pop(p7bio);
    }
    BIO_free_all(p7bio);
    sk_X509_free(signers);
    if (buf != NULL) {
      OPENSSL_free(buf);
    }
    return ret;
 }
@ -510,7 +531,7 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
 {
    BIO *tmpmem;
    int ret, i;
-    char buf[4096];
+    char *buf = NULL;
    if (!p7) {
        PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_INVALID_NULL_POINTER);
@ -554,24 +575,29 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
        }
        BIO_free_all(bread);
        return ret;
    } else {
        for (;;) {
            i = BIO_read(tmpmem, buf, sizeof(buf));
            if (i <= 0) {
                ret = 1;
                if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) {
                    if (!BIO_get_cipher_status(tmpmem))
                        ret = 0;
                }
                break;
            }
            if (BIO_write(data, buf, i) != i) {
                ret = 0;
                break;
            }
        }
        BIO_free_all(tmpmem);
        return ret;
    }
    if ((buf = OPENSSL_malloc(BUFFERSIZE)) == NULL) {
        PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
        goto err;
    }
    for (;;) {
        i = BIO_read(tmpmem, buf, BUFFERSIZE);
        if (i <= 0) {
            ret = 1;
            if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) {
                if (!BIO_get_cipher_status(tmpmem))
                    ret = 0;
            }
            break;
        }
        if (BIO_write(data, buf, i) != i) {
            ret = 0;
            break;
        }
    }
 err:
    OPENSSL_free(buf);
    BIO_free_all(tmpmem);
    return ret;
 }
--- a/Cryptlib/OpenSSL/crypto/rc4/rc4_utl.c
+++ b/Cryptlib/OpenSSL/crypto/rc4/rc4_utl.c
@ -1,4 +1,4 @@
-/* crypto/rc4/rc4_utl.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/rc4/rc4_utl.c */
 /* ====================================================================
 * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
 *
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c
@ -768,6 +768,7 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
    return 2;
 }
 #ifndef OPENSSL_NO_CMS
 static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg,
                                        X509_ALGOR **pmaskHash)
 {
@ -791,7 +792,6 @@ static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg,
    return pss;
 }
 #ifndef OPENSSL_NO_CMS
 static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
 {
    EVP_PKEY_CTX *pkctx;
@ -864,9 +864,7 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
        X509_ALGOR_free(maskHash);
    return rv;
 }
 #endif
 #ifndef OPENSSL_NO_CMS
 static int rsa_cms_encrypt(CMS_RecipientInfo *ri)
 {
    const EVP_MD *md, *mgf1md;
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c
@ -1,4 +1,4 @@
-/* crypto/rsa/rsa_chk.c  -*- Mode: C; c-file-style: "eay" -*- */
+/* crypto/rsa/rsa_chk.c  */
 /* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
--- a/Cryptlib/OpenSSL/crypto/stack/stack.c
+++ b/Cryptlib/OpenSSL/crypto/stack/stack.c
@ -360,7 +360,7 @@ void *sk_set(_STACK *st, int i, void *value)
 void sk_sort(_STACK *st)
 {
-    if (st && !st->sorted) {
+    if (st && !st->sorted && st->comp != NULL) {
        int (*comp_func) (const void *, const void *);
        /*
--- a/Cryptlib/OpenSSL/crypto/ui/ui_compat.c
+++ b/Cryptlib/OpenSSL/crypto/ui/ui_compat.c
@ -1,4 +1,4 @@
-/* crypto/ui/ui_compat.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/ui/ui_compat.c */
 /* ====================================================================
 * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.
 *
--- a/Cryptlib/OpenSSL/crypto/ui/ui_lib.c
+++ b/Cryptlib/OpenSSL/crypto/ui/ui_lib.c
@ -1,4 +1,4 @@
-/* crypto/ui/ui_lib.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/ui/ui_lib.c */
 /*
 * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
 * 2001.
--- a/Cryptlib/OpenSSL/crypto/ui/ui_locl.h
+++ b/Cryptlib/OpenSSL/crypto/ui/ui_locl.h
@ -1,4 +1,4 @@
-/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/ui/ui.h */
 /*
 * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
 * 2001.
--- a/Cryptlib/OpenSSL/crypto/ui/ui_util.c
+++ b/Cryptlib/OpenSSL/crypto/ui/ui_util.c
@ -1,4 +1,4 @@
-/* crypto/ui/ui_util.c -*- mode:C; c-file-style: "eay" -*- */
+/* crypto/ui/ui_util.c */
 /* ====================================================================
 * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.
 *
@ -56,6 +56,10 @@
 #include <string.h>
 #include "ui_locl.h"
 #ifndef BUFSIZ
 #define BUFSIZ 256
 #endif
 int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt,
                           int verify)
 {
--- a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c
+++ b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c
@ -194,6 +194,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
    int num, j, retry;
    int (*cb) (int xok, X509_STORE_CTX *xctx);
    STACK_OF(X509) *sktmp = NULL;
    int trust = X509_TRUST_UNTRUSTED;
    int err;
    if (ctx->cert == NULL) {
        X509err(X509_F_X509_VERIFY_CERT, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
        return -1;
@ -216,7 +219,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
    if (((ctx->chain = sk_X509_new_null()) == NULL) ||
        (!sk_X509_push(ctx->chain, ctx->cert))) {
        X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
-        goto end;
+        ok = -1;
        goto err;
    }
    CRYPTO_add(&ctx->cert->references, 1, CRYPTO_LOCK_X509);
    ctx->last_untrusted = 1;
@ -225,7 +229,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
    if (ctx->untrusted != NULL
        && (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) {
        X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
-        goto end;
+        ok = -1;
        goto err;
    }
    num = sk_X509_num(ctx->chain);
@ -249,7 +254,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
        if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) {
            ok = ctx->get_issuer(&xtmp, ctx, x);
            if (ok < 0)
-                goto end;
+                goto err;
            /*
             * If successful for now free up cert so it will be picked up
             * again later.
@ -266,7 +271,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
            if (xtmp != NULL) {
                if (!sk_X509_push(ctx->chain, xtmp)) {
                    X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
-                    goto end;
+                    ok = -1;
                    goto err;
                }
                CRYPTO_add(&xtmp->references, 1, CRYPTO_LOCK_X509);
                (void)sk_X509_delete_ptr(sktmp, xtmp);
@ -314,7 +320,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
                    bad_chain = 1;
                    ok = cb(0, ctx);
                    if (!ok)
-                        goto end;
+                        goto err;
                } else {
                    /*
                     * We have a match: replace certificate with store
@ -347,25 +353,26 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
            ok = ctx->get_issuer(&xtmp, ctx, x);
            if (ok < 0)
-                goto end;
+                goto err;
            if (ok == 0)
                break;
            x = xtmp;
            if (!sk_X509_push(ctx->chain, x)) {
                X509_free(xtmp);
                X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
-                ok = 0;
+                ok = -1;
-                goto end;
+                goto err;
            }
            num++;
        }
        /* we now have our chain, lets check it... */
-        i = check_trust(ctx);
+        if ((trust = check_trust(ctx)) == X509_TRUST_REJECTED) {
            /* Callback already issued */
            ok = 0;
            goto err;
        }
        /* If explicitly rejected error */
        if (i == X509_TRUST_REJECTED)
            goto end;
        /*
         * If it's not explicitly trusted then check if there is an alternative
         * chain that could be used. We only do this if we haven't already
@ -373,14 +380,14 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
         * chain checking
         */
        retry = 0;
-        if (i != X509_TRUST_TRUSTED
+        if (trust != X509_TRUST_TRUSTED
            && !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST)
            && !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) {
            while (j-- > 1) {
                xtmp2 = sk_X509_value(ctx->chain, j - 1);
                ok = ctx->get_issuer(&xtmp, ctx, xtmp2);
                if (ok < 0)
-                    goto end;
+                    goto err;
                /* Check if we found an alternate chain */
                if (ok > 0) {
                    /*
@ -410,7 +417,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
     * self signed certificate in which case we've indicated an error already
     * and set bad_chain == 1
     */
-    if (i != X509_TRUST_TRUSTED && !bad_chain) {
+    if (trust != X509_TRUST_TRUSTED && !bad_chain) {
        if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) {
            if (ctx->last_untrusted >= num)
                ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
@ -431,26 +438,26 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
        bad_chain = 1;
        ok = cb(0, ctx);
        if (!ok)
-            goto end;
+            goto err;
    }
    /* We have the chain complete: now we need to check its purpose */
    ok = check_chain_extensions(ctx);
    if (!ok)
-        goto end;
+        goto err;
    /* Check name constraints */
    ok = check_name_constraints(ctx);
    if (!ok)
-        goto end;
+        goto err;
    ok = check_id(ctx);
    if (!ok)
-        goto end;
+        goto err;
    /* We may as well copy down any DSA parameters that are required */
    X509_get_pubkey_parameters(NULL, ctx->chain);
@ -462,16 +469,16 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
    ok = ctx->check_revocation(ctx);
    if (!ok)
-        goto end;
+        goto err;
-    i = X509_chain_check_suiteb(&ctx->error_depth, NULL, ctx->chain,
+    err = X509_chain_check_suiteb(&ctx->error_depth, NULL, ctx->chain,
-                                ctx->param->flags);
+                                  ctx->param->flags);
-    if (i != X509_V_OK) {
+    if (err != X509_V_OK) {
-        ctx->error = i;
+        ctx->error = err;
        ctx->current_cert = sk_X509_value(ctx->chain, ctx->error_depth);
        ok = cb(0, ctx);
        if (!ok)
-            goto end;
+            goto err;
    }
    /* At this point, we have a chain and need to verify it */
@ -480,25 +487,28 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
    else
        ok = internal_verify(ctx);
    if (!ok)
-        goto end;
+        goto err;
 #ifndef OPENSSL_NO_RFC3779
    /* RFC 3779 path validation, now that CRL check has been done */
    ok = v3_asid_validate_path(ctx);
    if (!ok)
-        goto end;
+        goto err;
    ok = v3_addr_validate_path(ctx);
    if (!ok)
-        goto end;
+        goto err;
 #endif
    /* If we get this far evaluate policies */
    if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK))
        ok = ctx->check_policy(ctx);
    if (!ok)
-        goto end;
+        goto err;
    if (0) {
- end:
+ err:
        /* Ensure we return an error */
        if (ok > 0)
            ok = 0;
        X509_get_pubkey_parameters(NULL, ctx->chain);
    }
    if (sktmp != NULL)
@ -2287,9 +2297,10 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
    ctx->current_reasons = 0;
    ctx->tree = NULL;
    ctx->parent = NULL;
    /* Zero ex_data to make sure we're cleanup-safe */
    memset(&ctx->ex_data, 0, sizeof(ctx->ex_data));
    ctx->param = X509_VERIFY_PARAM_new();
    if (!ctx->param) {
        X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
        return 0;
@ -2298,7 +2309,6 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
    /*
     * Inherit callbacks and flags from X509_STORE if not set use defaults.
     */
    if (store)
        ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param);
    else
@ -2306,6 +2316,7 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
    if (store) {
        ctx->verify_cb = store->verify_cb;
        /* Seems to always be 0 in OpenSSL, else must be idempotent */
        ctx->cleanup = store->cleanup;
    } else
        ctx->cleanup = 0;
@ -2316,7 +2327,7 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
    if (ret == 0) {
        X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
-        return 0;
+        goto err;
    }
    if (store && store->check_issued)
@ -2371,19 +2382,18 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
    ctx->check_policy = check_policy;
    if (CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx,
                           &ctx->ex_data))
        return 1;
    X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
 err:
    /*
-     * This memset() can't make any sense anyway, so it's removed. As
+     * On error clean up allocated storage, if the store context was not
-     * X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a
+     * allocated with X509_STORE_CTX_new() this is our last chance to do so.
     * corresponding "new" here and remove this bogus initialisation.
     */
-    /* memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); */
+    X509_STORE_CTX_cleanup(ctx);
-    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx,
+    return 0;
                            &(ctx->ex_data))) {
        OPENSSL_free(ctx);
        X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
        return 0;
    }
    return 1;
 }
 /*
@ -2399,8 +2409,17 @@ void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
 {
-    if (ctx->cleanup)
+    /*
     * We need to be idempotent because, unfortunately, free() also calls
     * cleanup(), so the natural call sequence new(), init(), cleanup(), free()
     * calls cleanup() for the same object twice!  Thus we must zero the
     * pointers below after they're freed!
     */
    /* Seems to always be 0 in OpenSSL, do this at most once. */
    if (ctx->cleanup != NULL) {
        ctx->cleanup(ctx);
        ctx->cleanup = NULL;
    }
    if (ctx->param != NULL) {
        if (ctx->parent == NULL)
            X509_VERIFY_PARAM_free(ctx->param);
--- a/Cryptlib/OpenSSL/crypto/x509/x509_vpm.c
+++ b/Cryptlib/OpenSSL/crypto/x509/x509_vpm.c
@ -94,11 +94,11 @@ static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode,
     * Refuse names with embedded NUL bytes, except perhaps as final byte.
     * XXX: Do we need to push an error onto the error stack?
     */
-    if (namelen == 0)
+    if (namelen == 0 || name == NULL)
        namelen = name ? strlen(name) : 0;
    else if (name && memchr(name, '\0', namelen > 1 ? namelen - 1 : namelen))
        return 0;
-    if (name && name[namelen - 1] == '\0')
+    if (namelen > 0 && name[namelen - 1] == '\0')
        --namelen;
    if (mode == SET_HOST && id->hosts) {
--- a/Cryptlib/OpenSSL/crypto/x509v3/ext_dat.h
+++ b/Cryptlib/OpenSSL/crypto/x509v3/ext_dat.h
@ -127,7 +127,7 @@ static const X509V3_EXT_METHOD *standard_exts[] = {
    &v3_idp,
    &v3_alt[2],
    &v3_freshest_crl,
-#ifndef OPENSSL_SYS_UEFI
+#ifndef OPENSSL_NO_SCT
    &v3_ct_scts[0],
    &v3_ct_scts[1],
 #endif
--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c
+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c
@ -1,4 +1,4 @@
-/* v3_pci.c -*- mode:C; c-file-style: "eay" -*- */
+/* v3_pci.c */
 /*
 * Contributed to the OpenSSL Project 2004 by Richard Levitte
 * (richard@levitte.org)
@ -149,6 +149,7 @@ static int process_pci_value(CONF_VALUE *val,
                goto err;
            }
            OPENSSL_free(tmp_data2);
 #ifndef OPENSSL_NO_STDIO
        } else if (strncmp(val->value, "file:", 5) == 0) {
            unsigned char buf[2048];
            int n;
@ -181,6 +182,7 @@ static int process_pci_value(CONF_VALUE *val,
                X509V3_conf_err(val);
                goto err;
            }
 #endif /* !OPENSSL_NO_STDIO */
        } else if (strncmp(val->value, "text:", 5) == 0) {
            val_len = strlen(val->value + 5);
            tmp_data = OPENSSL_realloc((*policy)->data,
--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c
+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c
@ -1,4 +1,4 @@
-/* v3_pcia.c -*- mode:C; c-file-style: "eay" -*- */
+/* v3_pcia.c */
 /*
 * Contributed to the OpenSSL Project 2004 by Richard Levitte
 * (richard@levitte.org)
--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c
+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c
@ -841,7 +841,8 @@ static const unsigned char *valid_star(const unsigned char *p, size_t len,
            state = LABEL_START;
            ++dots;
        } else if (p[i] == '-') {
-            if ((state & LABEL_HYPHEN) != 0)
+            /* no domain/subdomain starts with '-' */
            if ((state & LABEL_START) != 0)
                return NULL;
            state |= LABEL_HYPHEN;
        } else