1.1.1b

2025-05-06 06:29:39 +00:00 · 2019-05-09 09:34:00 +02:00 · 2019-05-09 09:34:00 +02:00 · 49fea9bb8c
commit 49fea9bb8c
parent d9afd2404b
510 changed files with 11084 additions and 5915 deletions
--- a/75
+++ b/75
@ -7,6 +7,80 @@
 https://github.com/openssl/openssl/commits/ and pick the appropriate
 release branch.
 Changes between 1.1.1a and 1.1.1b [26 Feb 2019]
  *) Added SCA hardening for modular field inversion in EC_GROUP through
     a new dedicated field_inv() pointer in EC_METHOD.
     This also addresses a leakage affecting conversions from projective
     to affine coordinates.
     [Billy Bob Brumley, Nicola Tuveri]
  *) Change the info callback signals for the start and end of a post-handshake
     message exchange in TLSv1.3. In 1.1.1/1.1.1a we used SSL_CB_HANDSHAKE_START
     and SSL_CB_HANDSHAKE_DONE. Experience has shown that many applications get
     confused by this and assume that a TLSv1.2 renegotiation has started. This
     can break KeyUpdate handling. Instead we no longer signal the start and end
     of a post handshake message exchange (although the messages themselves are
     still signalled). This could break some applications that were expecting
     the old signals. However without this KeyUpdate is not usable for many
     applications.
     [Matt Caswell]
  *) Fix a bug in the computation of the endpoint-pair shared secret used
     by DTLS over SCTP. This breaks interoperability with older versions
     of OpenSSL like OpenSSL 1.1.0 and OpenSSL 1.0.2. There is a runtime
     switch SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG (off by default) enabling
     interoperability with such broken implementations. However, enabling
     this switch breaks interoperability with correct implementations.
  *) Fix a use after free bug in d2i_X509_PUBKEY when overwriting a
     re-used X509_PUBKEY object if the second PUBKEY is malformed.
     [Bernd Edlinger]
  *) Move strictness check from EVP_PKEY_asn1_new() to EVP_PKEY_asn1_add0().
     [Richard Levitte]
  *) Remove the 'dist' target and add a tarball building script.  The
     'dist' target has fallen out of use, and it shouldn't be
     necessary to configure just to create a source distribution.
     [Richard Levitte]
 Changes between 1.1.1 and 1.1.1a [20 Nov 2018]
  *) Timing vulnerability in DSA signature generation
     The OpenSSL DSA signature algorithm has been shown to be vulnerable to a
     timing side channel attack. An attacker could use variations in the signing
     algorithm to recover the private key.
     This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser.
     (CVE-2018-0734)
     [Paul Dale]
  *) Timing vulnerability in ECDSA signature generation
     The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a
     timing side channel attack. An attacker could use variations in the signing
     algorithm to recover the private key.
     This issue was reported to OpenSSL on 25th October 2018 by Samuel Weiser.
     (CVE-2018-0735)
     [Paul Dale]
  *) Added EVP_PKEY_ECDH_KDF_X9_63 and ecdh_KDF_X9_63() as replacements for
     the EVP_PKEY_ECDH_KDF_X9_62 KDF type and ECDH_KDF_X9_62(). The old names
     are retained for backwards compatibility.
     [Antoine Salon]
  *) Fixed the issue that RAND_add()/RAND_seed() silently discards random input
     if its length exceeds 4096 bytes. The limit has been raised to a buffer size
     of two gigabytes and the error handling improved.
     This issue was reported to OpenSSL by Dr. Falko Strenzke. It has been
     categorized as a normal bug, not a security issue, because the DRBG reseeds
     automatically and is fully functional even without additional randomness
     provided by the application.
 Changes between 1.1.0i and 1.1.1 [11 Sep 2018]
  *) Add a new ClientHello callback. Provides a callback interface that gives
@ -13103,4 +13177,3 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
  *) A minor bug in ssl/s3_clnt.c where there would always be 4 0
     bytes sent in the client random.
     [Edward Bishop <ebishop@spyglass.com>]
--- a/2
+++ b/2
@ -57,7 +57,7 @@ guidelines:
    7.  For user visible changes (API changes, behaviour changes, ...),
    consider adding a note in CHANGES.  This could be a summarising
    description of the change, and could explain the grander details.
-    Have a look through existing entries for inspiration. 
+    Have a look through existing entries for inspiration.
    Please note that this is NOT simply a copy of git-log oneliners.
    Also note that security fixes get an entry in CHANGES.
    This file helps users get more in depth information of what comes
--- a/Configurations/00-base-templates.conf
+++ b/Configurations/00-base-templates.conf
@ -45,7 +45,7 @@ my %targets=(
 	shared_extension	=> "",
 	#### Defaults for the benefit of the config targets who don't inherit
-	#### a BASE and assume Unixly defaults
+	#### a BASE and assume Unix defaults
 	#### THESE WILL DISAPPEAR IN OpenSSL 1.2
 	build_scheme	=> [ "unified", "unix" ],
 	build_file	=> "Makefile",
@ -102,6 +102,8 @@ my %targets=(
                                     ? "ranlib" : "" },
        RC              => "windres",
        shared_extension => ".so",
        build_scheme    => [ "unified", "unix" ],
        build_file      => "Makefile",
    },
@ -142,6 +144,8 @@ my %targets=(
        mtinflag        => "-manifest ",
        mtoutflag       => "-outputresource:",
        shared_extension => ".dll",
        build_file      => "makefile",
        build_scheme    => [ "unified", "windows" ],
    },
@ -160,6 +164,8 @@ my %targets=(
                    return [ @incs ];
                }),
        shared_extension => ".exe",
        build_file       => "descrip.mms",
        build_scheme     => [ "unified", "VMS" ],
    },
@ -300,7 +306,7 @@ my %targets=(
 	sha1_asm_src    => "sha1-armv4-large.S sha256-armv4.S sha512-armv4.S",
 	modes_asm_src   => "ghash-armv4.S ghashv8-armx.S",
 	chacha_asm_src  => "chacha-armv4.S",
-	poly1305_asm_src=> "poly1305-armv4.S", 
+	poly1305_asm_src=> "poly1305-armv4.S",
 	keccak1600_asm_src	=> "keccak1600-armv4.S",
 	perlasm_scheme	=> "void"
    },
--- a/Configurations/10-main.conf
+++ b/Configurations/10-main.conf
@ -360,7 +360,7 @@ my %targets = (
        inherit_from     => [ "BASE_unix" ],
        template         => 1,
        cppflags         => threads("-D_SGI_MP_SOURCE"),
-        lib_cppflags     => "-DB_ENDIAN -DBN_DIV3W",
+        lib_cppflags     => "-DB_ENDIAN",
        ex_libs          => add(threads("-lpthread")),
        thread_scheme    => "pthreads",
        dso_scheme       => "dlfcn",
@ -651,7 +651,7 @@ my %targets = (
        dso_scheme       => "dlfcn",
        shared_target    => "linux-shared",
        shared_cflag     => "-fPIC",
-        shared_ldflag    => "-Wl,-znodelete",
+        shared_ldflag    => sub { $disabled{pinshared} ? () : "-Wl,-znodelete" },
        shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)",
        enable           => [ "afalgeng" ],
    },
@ -733,7 +733,6 @@ my %targets = (
        inherit_from     => [ "linux-generic32", asm("mips32_asm") ],
        cflags           => add("-mabi=32"),
        cxxflags         => add("-mabi=32"),
        lib_cppflags     => add("-DBN_DIV3W"),
        perlasm_scheme   => "o32",
    },
    # mips32 and mips64 below refer to contemporary MIPS Architecture
@ -742,7 +741,6 @@ my %targets = (
        inherit_from     => [ "linux-generic32", asm("mips64_asm") ],
        cflags           => add("-mabi=n32"),
        cxxflags         => add("-mabi=n32"),
        lib_cppflags     => add("-DBN_DIV3W"),
        bn_ops           => "SIXTY_FOUR_BIT RC4_CHAR",
        perlasm_scheme   => "n32",
        multilib         => "32",
@ -751,7 +749,6 @@ my %targets = (
        inherit_from     => [ "linux-generic64", asm("mips64_asm") ],
        cflags           => add("-mabi=64"),
        cxxflags         => add("-mabi=64"),
        lib_cppflags     => add("-DBN_DIV3W"),
        perlasm_scheme   => "64",
        multilib         => "64",
    },
@ -1115,7 +1112,7 @@ my %targets = (
        dso_scheme       => "dlfcn",
        shared_target    => "self",
        module_ldflags   => "-Wl,-G,-bsymbolic,-bexpall",
-        shared_ldflag    => "-Wl,-G,-bsymbolic",
+        shared_ldflag    => "-Wl,-G,-bsymbolic,-bnoentry",
        shared_defflag   => "-Wl,-bE:",
        shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)",
        dso_extension    => ".so",
@ -1747,6 +1744,8 @@ my %targets = (
        asflags          => sub { vms_info()->{asflags} },
        perlasm_scheme   => sub { vms_info()->{perlasm_scheme} },
        disable          => add('pinshared'),
        apps_aux_src     => "vms_term_sock.c",
        apps_init_src    => "vms_decc_init.c",
    },
@ -1782,7 +1781,7 @@ my %targets = (
    },
    "vms-ia64" => {
        inherit_from     => [ "vms-generic",
-                              sub { vms_info()->{as}
+                              sub { vms_info()->{AS}
                                        ? asm("ia64_asm")->() : () } ],
        bn_ops           => "SIXTY_FOUR_BIT RC4_INT",
        pointer_size     => "",
--- a/Configurations/15-android.conf
+++ b/Configurations/15-android.conf
@ -22,9 +22,20 @@
                return $android_ndk = { bn_ops => "BN_AUTO" };
            }
-            my $ndk = $ENV{ANDROID_NDK};
+            my $ndk_var;
-            die "\$ANDROID_NDK is not defined"  if (!$ndk);
+            my $ndk;
-            die "\$ANDROID_NDK=$ndk is invalid" if (!-d "$ndk/platforms");
+            foreach (qw(ANDROID_NDK_HOME ANDROID_NDK)) {
                $ndk_var = $_;
                $ndk = $ENV{$ndk_var};
                last if defined $ndk;
            }
            die "\$ANDROID_NDK_HOME is not defined"  if (!$ndk);
            if (!-d "$ndk/platforms" && !-f "$ndk/AndroidVersion.txt") {
                # $ndk/platforms is traditional "all-inclusive" NDK, while
                # $ndk/AndroidVersion.txt is so-called standalone toolchain
                # tailored for specific target down to API level.
                die "\$ANDROID_NDK_HOME=$ndk is invalid";
            }
            $ndk = canonpath($ndk);
            my $ndkver = undef;
@ -40,10 +51,18 @@
                close $fh;
            }
-            my $sysroot;
+            my ($sysroot, $api, $arch);
-            if (!($sysroot = $ENV{CROSS_SYSROOT})) {
+            $config{target} =~ m|[^-]+-([^-]+)$|;	# split on dash
-                my $api = "*";
+            $arch = $1;
            if ($sysroot = $ENV{CROSS_SYSROOT}) {
                $sysroot =~ m|/android-([0-9]+)/arch-(\w+)/?$|;
                ($api, $arch) = ($1, $2);
            } elsif (-f "$ndk/AndroidVersion.txt") {
                $sysroot = "$ndk/sysroot";
            } else {
                $api = "*";
                # see if user passed -D__ANDROID_API__=N
                foreach (@{$useradd{CPPDEFINES}}, @{$user{CPPFLAGS}}) {
@ -59,19 +78,17 @@
                                     } glob("$ndk/platforms/android-$api");
                die "no $ndk/platforms/android-$api" if ($#platforms < 0);
-                $config{target} =~ m|[^-]+-([^-]+)$|;   # split on dash
+                $sysroot = "@platforms[$#platforms]/arch-$arch";
-                $sysroot = "@platforms[$#platforms]/arch-$1";
+                $sysroot =~ m|/android-([0-9]+)/arch-$arch|;
                $api = $1;
            }
            die "no sysroot=$sysroot"   if (!-d $sysroot);
            $sysroot =~ m|/android-([0-9]+)/arch-(\w+)/?$|;
            my ($api, $arch) = ($1, $2);
            my $triarch = $triplet{$arch};
            my $cflags;
            my $cppflags;
-            # see if there is NDK clang on $PATH
+            # see if there is NDK clang on $PATH, "universal" or "standalone"
            if (which("clang") =~ m|^$ndk/.*/prebuilt/([^/]+)/|) {
                my $host=$1;
                # harmonize with gcc default
@ -79,10 +96,27 @@
                (my $tridefault = $triarch) =~ s/^arm-/$arm-/;
                (my $tritools   = $triarch) =~ s/(?:x|i6)86(_64)?-.*/x86$1/;
                $cflags .= " -target $tridefault "
-                        .  "-gcc-toolchain \$(ANDROID_NDK)/toolchains"
+                        .  "-gcc-toolchain \$($ndk_var)/toolchains"
                        .  "/$tritools-4.9/prebuilt/$host";
                $user{CC} = "clang" if ($user{CC} !~ m|clang|);
                $user{CROSS_COMPILE} = undef;
                if (which("llvm-ar") =~ m|^$ndk/.*/prebuilt/([^/]+)/|) {
                    $user{AR} = "llvm-ar";
                    $user{ARFLAGS} = [ "rs" ];
                    $user{RANLIB} = ":";
                }
            } elsif (-f "$ndk/AndroidVersion.txt") {    #"standalone toolchain"
                my $cc = $user{CC} // "clang";
                # One can probably argue that both clang and gcc should be
                # probed, but support for "standalone toolchain" was added
                # *after* announcement that gcc is being phased out, so
                # favouring clang is considered adequate. Those who insist
                # have option to enforce test for gcc with CC=gcc.
                if (which("$triarch-$cc") !~ m|^$ndk|) {
                    die "no NDK $triarch-$cc on \$PATH";
                }
                $user{CC} = $cc;
                $user{CROSS_COMPILE} = "$triarch-";
            } elsif ($user{CC} eq "clang") {
                die "no NDK clang on \$PATH";
            } else {
@ -99,13 +133,13 @@
                die "no $incroot/$triarch" if (!-d "$incroot/$triarch");
                $incroot =~ s|^$ndk/||;
                $cppflags  = "-D__ANDROID_API__=$api";
-                $cppflags .= " -isystem \$(ANDROID_NDK)/$incroot/$triarch";
+                $cppflags .= " -isystem \$($ndk_var)/$incroot/$triarch";
-                $cppflags .= " -isystem \$(ANDROID_NDK)/$incroot";
+                $cppflags .= " -isystem \$($ndk_var)/$incroot";
            }
            $sysroot =~ s|^$ndk/||;
            $android_ndk = {
-                cflags   => "$cflags --sysroot=\$(ANDROID_NDK)/$sysroot",
+                cflags   => "$cflags --sysroot=\$($ndk_var)/$sysroot",
                cppflags => $cppflags,
                bn_ops   => $arch =~ m/64$/ ? "SIXTY_FOUR_BIT_LONG"
                                            : "BN_LLONG",
--- a/Configurations/15-ios.conf
+++ b/Configurations/15-ios.conf
@ -6,31 +6,31 @@
 # work...
 #
 my %targets = (
    "ios-common" => {
        template         => 1,
        inherit_from     => [ "darwin-common" ],
        sys_id           => "iOS",
        disable          => [ "engine", "async" ],
    },
    "ios-xcrun" => {
-        inherit_from     => [ "darwin-common", asm("armv4_asm") ],
+        inherit_from     => [ "ios-common", asm("armv4_asm") ],
        # It should be possible to go below iOS 6 and even add -arch armv6,
        # thus targeting iPhone pre-3GS, but it's assumed to be irrelevant
        # at this point.
        CC               => "xcrun -sdk iphoneos cc",
        cflags           => add("-arch armv7 -mios-version-min=6.0.0 -fno-common"),
        sys_id           => "iOS",
        perlasm_scheme   => "ios32",
        disable          => [ "engine" ],
    },
    "ios64-xcrun" => {
-        inherit_from     => [ "darwin-common", asm("aarch64_asm") ],
+        inherit_from     => [ "ios-common", asm("aarch64_asm") ],
        CC               => "xcrun -sdk iphoneos cc",
        cflags           => add("-arch arm64 -mios-version-min=7.0.0 -fno-common"),
        sys_id           => "iOS",
        bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
        perlasm_scheme   => "ios64",
        disable          => [ "engine" ],
    },
    "iossimulator-xcrun" => {
-        inherit_from     => [ "darwin-common" ],
+        inherit_from     => [ "ios-common" ],
        CC               => "xcrun -sdk iphonesimulator cc",
        sys_id           => "iOS",
        disable          => [ "engine" ],
    },
 # It takes three prior-set environment variables to make it work:
 #
@ -46,10 +46,8 @@ my %targets = (
 # CROSS_SDK=iPhoneOS.sdk
 #
    "iphoneos-cross" => {
-        inherit_from     => [ "darwin-common" ],
+        inherit_from     => [ "ios-common" ],
        cflags           => add("-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common"),
        sys_id           => "iOS",
        disable          => [ "engine" ],
    },
    "ios-cross" => {
        inherit_from     => [ "ios-xcrun" ],
--- a/Configurations/50-win-onecore.conf
+++ b/Configurations/50-win-onecore.conf
@ -4,7 +4,7 @@
 # Mobile[?] Windows editions. It's a set up "umbrella" libraries that
 # export subset of Win32 API that are common to all Windows 10 devices.
 #
-# OneCore Configuration temporarly dedicated for console applications 
+# OneCore Configuration temporarly dedicated for console applications
 # due to disabled event logging, which is incompatible with one core.
 # Error messages are provided via standard error only.
 # TODO: extend error handling to use ETW based eventing
--- a/Configurations/README
+++ b/Configurations/README
@ -118,7 +118,7 @@ In each table entry, the following keys are significant:
                           '<unistd.h>'.  This is very rarely needed.
        shared_extension => File name extension used for shared
-                            libraries. 
+                            libraries.
        obj_extension   => File name extension used for object files.
                           On unix, this defaults to ".o" (NOTE: this
                           is here for future use, it's not
@ -233,7 +233,7 @@ In each table entry, the following keys are significant:
                           apps, as needed by the target.  This code
                           cannot be placed in a library, as the rest
                           of the code isn't expected to link to it
-                           explicitely.
+                           explicitly.
        cpuid_asm_src   => assembler implementation of cpuid code as
                           well as OPENSSL_cleanse().
                           Default to mem_clr.c
@ -518,7 +518,7 @@ clash with those generated by Configure, it's possible to tell it
 not to generate them with the use of OVERRIDES, for example:
    SOURCE[libfoo]=foo.c bar.c
-    
+
    OVERRIDES=bar.o
    BEGINRAW[Makefile(unix)]
    bar.o: bar.c
--- a/Configurations/README.design
+++ b/Configurations/README.design
@ -86,7 +86,7 @@ depends on the library 'libssl' to function properly.
    LIBS=../libcrypto
    SOURCE[../libcrypto]=aes.c evp.c cversion.c
    DEPEND[cversion.o]=buildinf.h
-    
+
    GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)"
    DEPEND[buildinf.h]=../Makefile
    DEPEND[../util/mkbuildinf.pl]=../util/Foo.pm
@ -101,7 +101,7 @@ show that duplicate information isn't an issue.
 This build.info file informs us that 'libcrypto' is built from a few
 source files, 'crypto/aes.c', 'crypto/evp.c' and 'crypto/cversion.c'.
 It also shows us that building the object file inferred from
-'crypto/cversion.c' depends on 'crypto/buildinf.h'.  Finally, it 
+'crypto/cversion.c' depends on 'crypto/buildinf.h'.  Finally, it
 also shows the possibility to declare how some files are generated
 using some script, in this case a perl script, and how such scripts
 can be declared to depend on other files, in this case a perl module.
@ -152,7 +152,7 @@ information comes down to this:
    SOURCE[libssl]=ssl/tls.c
    INCLUDE[libssl]=include
    DEPEND[libssl]=libcrypto
-    
+
    PROGRAMS=apps/openssl
    SOURCE[apps/openssl]=apps/openssl.c
    INCLUDE[apps/openssl]=. include
@ -167,7 +167,7 @@ information comes down to this:
    SOURCE[engines/ossltest]=engines/e_ossltest.c
    DEPEND[engines/ossltest]=libcrypto.a
    INCLUDE[engines/ossltest]=include
-    
+
    GENERATE[crypto/buildinf.h]=util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)"
    DEPEND[crypto/buildinf.h]=Makefile
    DEPEND[util/mkbuildinf.pl]=util/Foo.pm
--- a/Configurations/common.tmpl
+++ b/Configurations/common.tmpl
@ -203,47 +203,6 @@
 # Start with populating the cache with all the overrides
 %cache = map { $_ => 1 } @{$unified_info{overrides}};
 # For convenience collect information regarding directories where
 # files are generated, those generated files and the end product
 # they end up in where applicable.  Then, add build rules for those
 # directories
 if (exists &generatedir) {
     my %loopinfo = ( "dso" => [ @{$unified_info{engines}} ],
                      "lib" => [ @{$unified_info{libraries}} ],
                      "bin" => [ @{$unified_info{programs}} ],
                      "script" => [ @{$unified_info{scripts}} ] );
     foreach my $type (keys %loopinfo) {
         foreach my $product (@{$loopinfo{$type}}) {
             my %dirs = ();
             my $pd = dirname($product);
             # We already have a "test" target, and the current directory
             # is just silly to make a target for
             $dirs{$pd} = 1 unless $pd eq "test" || $pd eq ".";
             foreach (@{$unified_info{sources}->{$product}}) {
                 my $d = dirname($_);
                 # We don't want to create targets for source directories
                 # when building out of source
                 next if ($config{sourcedir} ne $config{builddir}
                          && $d =~ m|^\Q$config{sourcedir}\E|);
                 # We already have a "test" target, and the current directory
                 # is just silly to make a target for
                 next if $d eq "test" || $d eq ".";
                 $dirs{$d} = 1;
                 push @{$unified_info{dirinfo}->{$d}->{deps}}, $_
                     if $d ne $pd;
             }
             foreach (keys %dirs) {
                 push @{$unified_info{dirinfo}->{$_}->{products}->{$type}},
                 $product;
             }
         }
     }
 }
 # Build mandatory generated headers
 foreach (@{$unified_info{depends}->{""}}) { dogenerate($_); }
--- a/Configurations/common0.tmpl
+++ b/Configurations/common0.tmpl
@ -16,7 +16,7 @@
             ? ()
             : ( map { @{$unified_info{shared_sources}->{$_}} }
                 keys %{$unified_info{shared_sources}} ),
-         # Things we explicitely depend on are usually generated
+         # Things we explicitly depend on are usually generated
         ( map { $_ eq "" ? () : @{$unified_info{depends}->{$_}} }
               keys %{$unified_info{depends}} ));
 our @generated =
--- a/Configurations/descrip.mms.tmpl
+++ b/Configurations/descrip.mms.tmpl
@ -513,12 +513,10 @@ descrip.mms : FORCE
 # Install helper targets #############################################
-install_sw : all install_shared _install_dev_ns -
+install_sw : install_dev install_engines install_runtime -
             install_engines _install_runtime_ns -
             install_startup install_ivp
-uninstall_sw : uninstall_shared _uninstall_dev_ns -
+uninstall_sw : uninstall_dev uninstall_engines uninstall_runtime -
               uninstall_engines _uninstall_runtime_ns -
               uninstall_startup uninstall_ivp
 install_docs : install_html_docs
@ -547,17 +545,7 @@ install_ssldirs : check_INSTALLTOP
                COPY/PROT=W:R {- sourcefile("apps", "ct_log_list.cnf") -} -
                        ossl_dataroot:[000000]ct_log_list.cnf
-install_shared : check_INSTALLTOP
+install_dev : check_INSTALLTOP install_runtime_libs
        @ {- output_off() if $disabled{shared}; "" -} !
        @ WRITE SYS$OUTPUT "*** Installing shareable images"
        @ ! Install shared (runtime) libraries
        - CREATE/DIR ossl_installroot:[LIB.'arch']
        {- join("\n        ",
                map { "COPY/PROT=W:R $_.EXE ossl_installroot:[LIB.'arch']" }
                @install_shlibs) -}
        @ {- output_on() if $disabled{shared}; "" -} !
 _install_dev_ns : check_INSTALLTOP
        @ WRITE SYS$OUTPUT "*** Installing development files"
        @ ! Install header files
        - CREATE/DIR ossl_installroot:[include.openssl]
@ -568,20 +556,7 @@ _install_dev_ns : check_INSTALLTOP
                map { "COPY/PROT=W:R $_.OLB ossl_installroot:[LIB.'arch']" }
                @install_libs) -}
-install_dev : install_shared _install_dev_ns
+install_engines : check_INSTALLTOP install_runtime_libs build_engines
 _install_runtime_ns : check_INSTALLTOP
        @ ! Install the main program
        - CREATE/DIR ossl_installroot:[EXE.'arch']
        COPY/PROT=W:RE [.APPS]openssl.EXE -
                ossl_installroot:[EXE.'arch']openssl{- $osslver -}.EXE
        @ ! Install scripts
        COPY/PROT=W:RE $(BIN_SCRIPTS) ossl_installroot:[EXE]
        @ ! {- output_on() if $disabled{apps}; "" -}
 install_runtime : install_shared _install_runtime_ns
 install_engines : check_INSTALLTOP
        @ {- output_off() unless scalar @{$unified_info{engines}}; "" -} !
        @ WRITE SYS$OUTPUT "*** Installing engines"
        - CREATE/DIR ossl_installroot:[ENGINES{- $sover_dirname.$target{pointer_size} -}.'arch']
@ -590,6 +565,28 @@ install_engines : check_INSTALLTOP
                @{$unified_info{install}->{engines}}) -}
        @ {- output_on() unless scalar @{$unified_info{engines}}; "" -} !
 install_runtime : install_programs
 install_runtime_libs : check_INSTALLTOP build_libs
        @ {- output_off() if $disabled{shared}; "" -} !
        @ WRITE SYS$OUTPUT "*** Installing shareable images"
        @ ! Install shared (runtime) libraries
        - CREATE/DIR ossl_installroot:[LIB.'arch']
        {- join("\n        ",
                map { "COPY/PROT=W:R $_.EXE ossl_installroot:[LIB.'arch']" }
                @install_shlibs) -}
        @ {- output_on() if $disabled{shared}; "" -} !
 install_programs : check_INSTALLTOP install_runtime_libs build_programs
        @ {- output_off() if $disabled{apps}; "" -} !
        @ ! Install the main program
        - CREATE/DIR ossl_installroot:[EXE.'arch']
        COPY/PROT=W:RE [.APPS]openssl.EXE -
                ossl_installroot:[EXE.'arch']openssl{- $osslver -}.EXE
        @ ! Install scripts
        COPY/PROT=W:RE $(BIN_SCRIPTS) ossl_installroot:[EXE]
        @ ! {- output_on() if $disabled{apps}; "" -}
 install_startup : [.VMS]openssl_startup.com [.VMS]openssl_shutdown.com -
                 [.VMS]openssl_utils.com, check_INSTALLTOP
        - CREATE/DIR ossl_installroot:[SYS$STARTUP]
@ -798,10 +795,10 @@ $target : $args{generator}->[0] $deps
 	$generator \$\@-S
        \@ $incs_on
 	PIPE \$(CPP) $cppflags \$\@-S | -
-        \$(PERL) -ne "/^#(\\s*line)?\\s*[0-9]+\\s+""/ or print" > \$\@-i
+             \$(PERL) -ne "/^#(\\s*line)?\\s*[0-9]+\\s+""/ or print" > \$\@-i
        \@ $incs_off
        RENAME \$\@-i \$\@
-        DELETE \$\@-S
+        DELETE \$\@-S;
 EOF
              }
              # Otherwise....
@ -843,19 +840,6 @@ EOF
      my $before = $unified_info{before}->{$obj.".OBJ"} || "\@ !";
      my $after = $unified_info{after}->{$obj.".OBJ"} || "\@ !";
      if ($srcs[0] =~ /\.asm$/) {
          my $asflags = { lib => ' $(LIB_ASFLAGS)',
 		          dso => ' $(DSO_ASFLAGS)',
 		          bin => ' $(BIN_ASFLAGS)' } -> {$args{intent}};
          return <<"EOF";
 $obj.OBJ : $deps
        ${before}
        SET DEFAULT $forward
        \$(AS) $asflags \$(ASOUTFLAG)${objd}${objn}.OBJ $srcs
        SET DEFAULT $backward
 EOF
      }
      my $cflags;
      if ($args{installed}) {
          $cflags = { lib => '$(LIB_CFLAGS)',
@ -869,6 +853,9 @@ EOF
      $cflags .= { lib => '$(LIB_CPPFLAGS)',
 		   dso => '$(DSO_CPPFLAGS)',
 		   bin => '$(BIN_CPPFLAGS)' } -> {$args{intent}};
      my $asflags = { lib => ' $(LIB_ASFLAGS)',
 		      dso => ' $(DSO_ASFLAGS)',
 		      bin => ' $(BIN_ASFLAGS)' } -> {$args{intent}};
      my @incs_cmds = includes({ lib => '$(LIB_INCLUDES)',
                                 dso => '$(DSO_INCLUDES)',
@ -880,6 +867,34 @@ EOF
                               } @{$args{incs}});
      my $incs_on = join("\n\t\@ ", @{$incs_cmds[0]}) || '!';
      my $incs_off = join("\n\t\@ ", @{$incs_cmds[1]}) || '!';
      if ($srcs[0] =~ /\.asm$/) {
          return <<"EOF";
 $obj.OBJ : $deps
        ${before}
        SET DEFAULT $forward
        \$(AS) $asflags \$(ASOUTFLAG)${objd}${objn}.OBJ $srcs
        SET DEFAULT $backward
        ${after}
        - PURGE $obj.OBJ
 EOF
      } elsif ($srcs[0] =~ /.S$/) {
         return <<"EOF";
 $obj.OBJ : $deps
        ${before}
        SET DEFAULT $forward
        \@ $incs_on
        PIPE \$(CPP) ${cflags} $srcs | -
             \$(PERL) -ne "/^#(\\s*line)?\\s*[0-9]+\\s+""/ or print" -
             > ${objd}${objn}.asm
        \@ $incs_off
        SET DEFAULT $backward
        ${after}
        \$(AS) $asflags \$(ASOUTFLAG)$obj.OBJ $obj.asm
        - PURGE $obj.OBJ
 EOF
      }
      my $depbuild = $disabled{makedepend} ? ""
          : " /MMS=(FILE=${objd}${objn}.D,TARGET=$obj.OBJ)";
@ -1031,7 +1046,7 @@ EOF
                                 push @lines, "\@ WRITE OPT_FILE \"$x/SHARE\"";
                             } elsif ($x =~ m|\.OLB$|) {
                                 (my $l = $x) =~ s/\W/_/g;
-                                 push @lines, 
+                                 push @lines,
                                     "\@ IF nomain THEN WRITE OPT_FILE \"$x/LIB\$(INCLUDE_MAIN_$l)\"",
                                     "\@ IF .NOT. nomain THEN WRITE OPT_FILE \"$x/LIB\""
                             }
--- a/Configurations/dist.conf
+++ b/Configurations/dist.conf
@ -1,12 +0,0 @@
 ## -*- mode: perl; -*-
 ## Build configuration targets for openssl-team members
 # This is to support 'make dist'
 my %targets = (
    "dist" => {
        inherit_from     => [ 'BASE_unix' ],
        CC               => "cc",
        CFLAGS           => "-O",
        thread_scheme    => "(unknown)",
    },
 );
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@ -227,6 +227,7 @@ TARFLAGS= {- $target{TARFLAGS} -}
 BASENAME=       openssl
 NAME=           $(BASENAME)-$(VERSION)
 # Relative to $(SRCDIR)
 TARFILE=        ../$(NAME).tar
 ##### Project flags ##################################################
@ -437,7 +438,7 @@ depend:
 # Install helper targets #############################################
-install_sw: all install_dev install_engines install_runtime
+install_sw: install_dev install_engines install_runtime
 uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev
@ -491,15 +492,15 @@ install_ssldirs:
 		chmod 644 $(DESTDIR)$(OPENSSLDIR)/ct_log_list.cnf; \
 	fi
-install_dev:
+install_dev: install_runtime_libs
 	@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
 	@$(ECHO) "*** Installing development files"
 	@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/include/openssl
-	@ : {- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -}
+	@ : {- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -}
 	@$(ECHO) "install $(SRCDIR)/ms/applink.c -> $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c"
 	@cp $(SRCDIR)/ms/applink.c $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c
 	@chmod 644 $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c
-	@ : {- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -}
+	@ : {- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -}
 	@set -e; for i in $(SRCDIR)/include/openssl/*.h \
 			  $(BLDDIR)/include/openssl/*.h; do \
 		fn=`basename $$i`; \
@ -524,11 +525,6 @@ install_dev:
 		fn1=`basename $$s1`; \
 		fn2=`basename $$s2`; \
 		: {- output_off(); output_on() unless windowsdll() or sharedaix(); "" -}; \
 		$(ECHO) "install $$s1 -> $(DESTDIR)$(libdir)/$$fn1"; \
 		cp $$s1 $(DESTDIR)$(libdir)/$$fn1.new; \
 		chmod 755 $(DESTDIR)$(libdir)/$$fn1.new; \
 		mv -f $(DESTDIR)$(libdir)/$$fn1.new \
 		      $(DESTDIR)$(libdir)/$$fn1; \
 		if [ "$$fn1" != "$$fn2" ]; then \
 			$(ECHO) "link $(DESTDIR)$(libdir)/$$fn2 -> $(DESTDIR)$(libdir)/$$fn1"; \
 			ln -sf $$fn1 $(DESTDIR)$(libdir)/$$fn2; \
@ -568,12 +564,12 @@ install_dev:
 	@cp openssl.pc $(DESTDIR)$(libdir)/pkgconfig
 	@chmod 644 $(DESTDIR)$(libdir)/pkgconfig/openssl.pc
-uninstall_dev:
+uninstall_dev: uninstall_runtime_libs
 	@$(ECHO) "*** Uninstalling development files"
-	@ : {- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -}
+	@ : {- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -}
 	@$(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c"
 	@$(RM) $(DESTDIR)$(INSTALLTOP)/include/openssl/applink.c
-	@ : {- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -}
+	@ : {- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -}
 	@set -e; for i in $(SRCDIR)/include/openssl/*.h \
 			  $(BLDDIR)/include/openssl/*.h; do \
 		fn=`basename $$i`; \
@ -612,7 +608,7 @@ uninstall_dev:
 	-$(RMDIR) $(DESTDIR)$(libdir)/pkgconfig
 	-$(RMDIR) $(DESTDIR)$(libdir)
-install_engines:
+install_engines: install_runtime_libs build_engines
 	@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
 	@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(ENGINESDIR)/
 	@$(ECHO) "*** Installing engines"
@ -639,20 +635,23 @@ uninstall_engines:
 	done
 	-$(RMDIR) $(DESTDIR)$(ENGINESDIR)
-install_runtime:
+install_runtime: install_programs
 install_runtime_libs: build_libs
 	@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
 	@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/bin
 	@ : {- output_off() if windowsdll(); "" -}
 	@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(libdir)
-	@ : {- output_on() if windowsdll(); "" -}
+	@ : {- output_on() if windowsdll(); output_off() unless windowsdll(); "" -}
-	@$(ECHO) "*** Installing runtime files"
+	@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/bin
 	@ : {- output_on() unless windowsdll(); "" -}
 	@$(ECHO) "*** Installing runtime libraries"
 	@set -e; for s in dummy $(INSTALL_SHLIBS); do \
 		if [ "$$s" = "dummy" ]; then continue; fi; \
 		fn=`basename $$s`; \
 		: {- output_off() unless windowsdll(); "" -}; \
 		$(ECHO) "install $$s -> $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
 		cp $$s $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \
-		chmod 644 $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \
+		chmod 755 $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \
 		mv -f $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new \
 		      $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
 		: {- output_on() unless windowsdll(); "" -}{- output_off() if windowsdll(); "" -}; \
@ -663,6 +662,11 @@ install_runtime:
 		      $(DESTDIR)$(libdir)/$$fn; \
 		: {- output_on() if windowsdll(); "" -}; \
 	done
 install_programs: install_runtime_libs build_programs
 	@[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
 	@$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(INSTALLTOP)/bin
 	@$(ECHO) "*** Installing runtime programs"
 	@set -e; for x in dummy $(INSTALL_PROGRAMS); do \
 		if [ "$$x" = "dummy" ]; then continue; fi; \
 		fn=`basename $$x`; \
@ -682,8 +686,10 @@ install_runtime:
 		      $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
 	done
-uninstall_runtime:
+uninstall_runtime: uninstall_programs uninstall_runtime_libs
-	@$(ECHO) "*** Uninstalling runtime files"
+
 uninstall_programs:
 	@$(ECHO) "*** Uninstalling runtime programs"
 	@set -e; for x in dummy $(INSTALL_PROGRAMS); \
 	do  \
 		if [ "$$x" = "dummy" ]; then continue; fi; \
@ -698,6 +704,10 @@ uninstall_runtime:
 		$(ECHO) "$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
 		$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
 	done
 	-$(RMDIR) $(DESTDIR)$(INSTALLTOP)/bin
 uninstall_runtime_libs:
 	@$(ECHO) "*** Uninstalling runtime libraries"
 	@ : {- output_off() unless windowsdll(); "" -}
 	@set -e; for s in dummy $(INSTALL_SHLIBS); do \
 		if [ "$$s" = "dummy" ]; then continue; fi; \
@ -706,7 +716,6 @@ uninstall_runtime:
 		$(RM) $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
 	done
 	@ : {- output_on() unless windowsdll(); "" -}
 	-$(RMDIR) $(DESTDIR)$(INSTALLTOP)/bin
 install_man_docs:
@ -822,37 +831,8 @@ tags TAGS: FORCE
 # Release targets (note: only available on Unix) #####################
 # If your tar command doesn't support --owner and --group, make sure to
 # use one that does, for example GNU tar
 TAR_COMMAND=$(TAR) $(TARFLAGS) --owner 0 --group 0 -cf -
 PREPARE_CMD=:
 tar:
-	set -e; \
+	(cd $(SRCDIR); ./util/mktar.sh --name='$(NAME)' --tarfile='$(TARFILE)')
 	TMPDIR=/var/tmp/openssl-copy.$$$$; \
 	DISTDIR=$(NAME); \
 	mkdir -p $$TMPDIR/$$DISTDIR; \
 	(cd $(SRCDIR); \
 	 excl_re=`git submodule status | sed -e 's/^.//' | cut -d' ' -f2`; \
 	 excl_re="^(fuzz/corpora|Configurations/.*\.norelease\.conf|`echo $$excl_re | sed -e 's/ /$$|/g'`\$$)"; \
 	 echo "$$excl_re"; \
 	 git ls-tree -r --name-only --full-tree HEAD \
 	 | egrep -v "$$excl_re" \
 	 | while read F; do \
 	       mkdir -p $$TMPDIR/$$DISTDIR/`dirname $$F`; \
 	       cp $$F $$TMPDIR/$$DISTDIR/$$F; \
 	   done); \
 	(cd $$TMPDIR/$$DISTDIR; \
 	 $(PREPARE_CMD); \
 	 find . -type d -print | xargs chmod 755; \
 	 find . -type f -print | xargs chmod a+r; \
 	 find . -type f -perm -0100 -print | xargs chmod a+x); \
 	(cd $$TMPDIR; $(TAR_COMMAND) $$DISTDIR) \
 	| (cd $(SRCDIR); gzip --best > $(TARFILE).gz); \
 	rm -rf $$TMPDIR
 	cd $(SRCDIR); ls -l $(TARFILE).gz
 dist:
 	@$(MAKE) PREPARE_CMD='$(PERL) ./Configure dist' TARFILE="$(TARFILE)" NAME="$(NAME)" tar
 # Helper targets #####################################################
@ -1079,9 +1059,7 @@ EOF
      }
      return $recipe;
  }
-  # On Unix, we build shlibs from static libs, so we're ignoring the
+  # We *know* this routine is only called when we've configure 'shared'.
  # object file array.  We *know* this routine is only called when we've
  # configure 'shared'.
  sub libobj2shlib {
      my %args = @_;
      my $lib = $args{lib};
@ -1106,26 +1084,20 @@ EOF
      die "More than one exported symbol map" if scalar @defs > 1;
      my $objs = join(" ", @objs);
      my $deps = join(" ", @objs, @defs, @deps);
-      my $target = shlib_simple($lib);
+      my $simple = shlib_simple($lib);
-      my $target_full = shlib($lib);
+      my $full = shlib($lib);
      my $target = "$simple $full";
      my $shared_soname = "";
-      $shared_soname .= ' '.$target{shared_sonameflag}.basename($target_full)
+      $shared_soname .= ' '.$target{shared_sonameflag}.basename($full)
          if defined $target{shared_sonameflag};
      my $shared_imp = "";
-      $shared_imp .= ' '.$target{shared_impflag}.basename($target)
+      $shared_imp .= ' '.$target{shared_impflag}.basename($simple)
          if defined $target{shared_impflag};
      my $shared_def = join("", map { ' '.$target{shared_defflag}.$_ } @defs);
      my $recipe = <<"EOF";
 # When building on a Windows POSIX layer (Cygwin or Mingw), we know for a fact
 # that two files get produced, {shlibname}.dll and {libname}.dll.a.
 # With all other Unix platforms, we often build a shared library with the
 # SO version built into the file name and a symlink without the SO version
 # It's not necessary to have both as targets.  The choice falls on the
 # simplest, {libname}\$(SHLIB_EXT_IMPORT) for Windows POSIX layers and
 # {libname}\$(SHLIB_EXT_SIMPLE) for the Unix platforms.
 $target: $deps
 	\$(CC) \$(LIB_CFLAGS) $linkflags\$(LIB_LDFLAGS)$shared_soname$shared_imp \\
-		-o $target_full$shared_def $objs \\
+		-o $full$shared_def $objs \\
                $linklibs \$(LIB_EX_LIBS)
 EOF
      if (windowsdll()) {
@ -1139,14 +1111,14 @@ EOF
 EOF
      } elsif (sharedaix()) {
          $recipe .= <<"EOF";
-	rm -f $target && \\
+	rm -f $simple && \\
-	\$(AR) r $target $target_full
+	\$(AR) r $simple $full
 EOF
      } else {
          $recipe .= <<"EOF";
-	if [ '$target' != '$target_full' ]; then \\
+	if [ '$simple' != '$full' ]; then \\
-		rm -f $target; \\
+		rm -f $simple; \\
-		ln -s $target_full $target; \\
+		ln -s $full $simple; \\
 	fi
 EOF
      }
@ -1250,6 +1222,10 @@ EOF
                      lib => $libext,
                      bin => $exeext );
      # We already have a 'test' target, and the top directory is just plain
      # silly
      return if $dir eq "test" || $dir eq ".";
      foreach my $type (("dso", "lib", "bin", "script")) {
          next unless defined($unified_info{dirinfo}->{$dir}->{products}->{$type});
          # For lib object files, we could update the library.  However, it
@ -1270,7 +1246,7 @@ EOF
      my $deps = join(" ", @deps);
      my $actions = join("\n", "", @actions);
      return <<"EOF";
-$args{dir} $args{dir}/: $deps$actions
+$dir $dir/: $deps$actions
 EOF
  }
  ""    # Important!  This becomes part of the template result.
--- a/Configurations/windows-makefile.tmpl
+++ b/Configurations/windows-makefile.tmpl
@ -40,6 +40,8 @@
 sub lib {
     (my $lib = shift) =~ s/\.a$//;
     $lib .= '_static'
         if (defined $unified_info{sharednames}->{$lib});
     return $lib . $libext;
 }
@ -74,7 +76,7 @@ MINOR={- $config{minor} -}
 SHLIB_VERSION_NUMBER={- $config{shlib_version_number} -}
-LIBS={- join(" ", map { lib($_) } @{$unified_info{libraries}}) -}
+LIBS={- join(" ", map { ( shlib_import($_), lib($_) ) } @{$unified_info{libraries}}) -}
 SHLIBS={- join(" ", map { shlib($_) } @{$unified_info{libraries}}) -}
 SHLIBPDBS={- join(" ", map { local $shlibext = ".pdb"; shlib($_) } @{$unified_info{libraries}}) -}
 ENGINES={- join(" ", map { dso($_) } @{$unified_info{engines}}) -}
@ -92,7 +94,7 @@ GENERATED={- # common0.tmpl provides @generated
             join(" ", map { (my $x = $_) =~ s|\.[sS]$|.asm|; $x }
                       @generated) -}
-INSTALL_LIBS={- join(" ", map { quotify1(lib($_)) } @{$unified_info{install}->{libraries}}) -}
+INSTALL_LIBS={- join(" ", map { quotify1(shlib_import($_) or lib($_)) } @{$unified_info{install}->{libraries}}) -}
 INSTALL_SHLIBS={- join(" ", map { quotify_l(shlib($_)) } @{$unified_info{install}->{libraries}}) -}
 INSTALL_SHLIBPDBS={- join(" ", map { local $shlibext = ".pdb"; quotify_l(shlib($_)) } @{$unified_info{install}->{libraries}}) -}
 INSTALL_ENGINES={- join(" ", map { quotify1(dso($_)) } @{$unified_info{install}->{engines}}) -}
@ -381,7 +383,7 @@ depend:
 # Install helper targets #############################################
-install_sw: all install_dev install_engines install_runtime
+install_sw: install_dev install_engines install_runtime
 uninstall_sw: uninstall_runtime uninstall_engines uninstall_dev
@ -406,14 +408,14 @@ install_ssldirs:
         "$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\apps\ct_log_list.cnf" \
                                        "$(OPENSSLDIR)\ct_log_list.cnf"
-install_dev:
+install_dev: install_runtime_libs
 	@if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 )
 	@$(ECHO) "*** Installing development files"
 	@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\include\openssl"
-	@{- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$config{defines}}; "" -}
+	@{- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -}
 	@"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\ms\applink.c" \
 				       "$(INSTALLTOP)\include\openssl"
-	@{- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$config{defines}}; "" -}
+	@{- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } (@{$target{defines}}, @{$config{defines}}); "" -}
 	@"$(PERL)" "$(SRCDIR)\util\copy.pl" "-exclude_re=/__DECC_" \
 				       "$(SRCDIR)\include\openssl\*.h" \
 				       "$(INSTALLTOP)\include\openssl"
@ -426,7 +428,7 @@ install_dev:
 uninstall_dev:
-install_engines:
+install_engines: install_runtime_libs build_engines
 	@if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 )
 	@$(ECHO) "*** Installing engines"
 	@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(ENGINESDIR)"
@ -437,15 +439,22 @@ install_engines:
 uninstall_engines:
-install_runtime:
+install_runtime: install_programs
 install_runtime_libs: build_libs
 	@if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 )
-	@$(ECHO) "*** Installing runtime files"
+	@$(ECHO) "*** Installing runtime libraries"
 	@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\bin"
 	@if not "$(SHLIBS)"=="" \
 	 "$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_SHLIBS) "$(INSTALLTOP)\bin"
 	@if not "$(SHLIBS)"=="" \
 	 "$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_SHLIBPDBS) \
                                        "$(INSTALLTOP)\bin"
 install_programs: install_runtime_libs build_programs
 	@if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 )
 	@$(ECHO) "*** Installing runtime programs"
 	@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\bin"
 	@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_PROGRAMS) \
                                        "$(INSTALLTOP)\bin"
 	@"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_PROGRAMPDBS) \
@ -486,11 +495,6 @@ reconfigure reconf:
     if ($disabled{shared}) {
 	 return map { lib($_) } @_;
     }
     foreach (@_) {
         (my $l = $_) =~ s/\.a$//;
         die "Linking with static variants of shared libraries is not supported in this configuration\n"
             if $l ne $_ && shlib($l);
     }
     return map { shlib_import($_) or lib($_) } @_;
 }
@ -597,25 +601,22 @@ $obj$objext: $deps
 	\$(CC) /EP /D__ASSEMBLER__ $cflags $srcs > \$@.asm && \$(AS) $asflags \$(ASOUTFLAG)\$\@ \$@.asm
 EOF
     }
-     return <<"EOF"	if (!$disabled{makedepend});
+     my $recipe = <<"EOF";
 $obj$depext: $deps
 	\$(CC) $cflags /Zs /showIncludes $srcs 2>&1 > $obj$depext
 $obj$objext: $obj$depext
 	\$(CC) $cflags -c \$(COUTFLAG)\$\@ $srcs
 EOF
    return <<"EOF"	if ($disabled{makedepend});
 $obj$objext: $deps
 	\$(CC) $cflags -c \$(COUTFLAG)\$\@ $srcs
 EOF
     $recipe .= <<"EOF"	unless $disabled{makedepend};
 	\$(CC) $cflags /Zs /showIncludes $srcs 2>&1 > $obj$depext
 EOF
     return $recipe;
 }
- # On Unix, we build shlibs from static libs, so we're ignoring the
+ # We *know* this routine is only called when we've configure 'shared'.
- # object file array.  We *know* this routine is only called when we've
+ # Also, note that even though the import library built here looks like
- # configure 'shared'.
+ # a static library, it really isn't.
 sub libobj2shlib {
     my %args = @_;
     my $lib = $args{lib};
     my $shlib = $args{shlib};
     my @objs = map { (my $x = $_) =~ s|\.o$|$objext|; $x }
                grep { $_ =~ m/\.(?:o|res)$/ }
                @{$args{objs}};
@ -625,25 +626,30 @@ EOF
     my $linklibs = join("", map { "$_\n" } @deps);
     my $objs = join("\n", @objs);
     my $deps = join(" ", @objs, @defs, @deps);
-     my $target = shlib_import($lib);
+     my $import = shlib_import($lib);
     my $dll =  shlib($lib);
     my $shared_def = join("", map { " /def:$_" } @defs);
     return <<"EOF"
-$target: $deps
+# The import library may look like a static library, but it is not.
-	IF EXIST $shlib$shlibext.manifest DEL /F /Q $shlib$shlibext.manifest
+# We MUST make the import library depend on the DLL, in case someone
 # mistakenly removes the latter.
 $import: $dll
 $dll: $deps
 	IF EXIST $full.manifest DEL /F /Q $full.manifest
 	IF EXIST \$@ DEL /F /Q \$@
 	\$(LD) \$(LDFLAGS) \$(LIB_LDFLAGS) \\
-		/implib:\$@ \$(LDOUTFLAG)$shlib$shlibext$shared_def @<< || (DEL /Q \$(\@B).* $shlib.* && EXIT 1)
+		/implib:$import \$(LDOUTFLAG)$dll$shared_def @<< || (DEL /Q \$(\@B).* $import && EXIT 1)
 $objs
 $linklibs\$(LIB_EX_LIBS)
 <<
-	IF EXIST $shlib$shlibext.manifest \\
+	IF EXIST $dll.manifest \\
-	   \$(MT) \$(MTFLAGS) \$(MTINFLAG)$shlib$shlibext.manifest \$(MTOUTFLAG)$shlib$shlibext
+	   \$(MT) \$(MTFLAGS) \$(MTINFLAG)$dll.manifest \$(MTOUTFLAG)$dll
-	IF EXIST apps\\$shlib$shlibext DEL /Q /F apps\\$shlib$shlibext
+	IF EXIST apps\\$dll DEL /Q /F apps\\$dll
-	IF EXIST test\\$shlib$shlibext DEL /Q /F test\\$shlib$shlibext
+	IF EXIST test\\$dll DEL /Q /F test\\$dll
-	IF EXIST fuzz\\$shlib$shlibext DEL /Q /F fuzz\\$shlib$shlibext
+	IF EXIST fuzz\\$dll DEL /Q /F fuzz\\$dll
-	COPY $shlib$shlibext apps
+	COPY $dll apps
-	COPY $shlib$shlibext test
+	COPY $dll test
-	COPY $shlib$shlibext fuzz
+	COPY $dll fuzz
 EOF
 }
 sub obj2dso {
@ -673,20 +679,13 @@ EOF
 }
 sub obj2lib {
     my %args = @_;
-     my $lib = $args{lib};
+     my $lib = lib($args{lib});
     # Because static libs and import libs are both named the same in native
     # Windows, we can't have both.  We skip the static lib in that case,
     # as the shared libs are what we use anyway.
     return "" unless $disabled{"shared"} || $lib =~ /\.a$/;
     $lib =~ s/\.a$//;
     my @objs = map { (my $x = $_) =~ s|\.o$|$objext|; $x } @{$args{objs}};
     my $objs = join("\n", @objs);
     my $deps = join(" ", @objs);
     return <<"EOF";
-$lib$libext: $deps
+$lib: $deps
-	\$(AR) \$(ARFLAGS) \$(AROUTFLAG)$lib$libext @<<
+	\$(AR) \$(ARFLAGS) \$(AROUTFLAG)$lib @<<
 $objs
 <<
 EOF
@ -733,6 +732,10 @@ EOF
                      lib => $libext,
                      bin => $exeext );
      # We already have a 'test' target, and the top directory is just plain
      # silly
      return if $dir eq "test" || $dir eq ".";
      foreach my $type (("dso", "lib", "bin", "script")) {
          next unless defined($unified_info{dirinfo}->{$dir}->{products}->{$type});
          # For lib object files, we could update the library.  However,
@ -750,7 +753,7 @@ EOF
      my $deps = join(" ", @deps);
      my $actions = join("\n", "", @actions);
      return <<"EOF";
-$args{dir} $args{dir}\\ : $deps$actions
+$dir $dir\\ : $deps$actions
 EOF
  }
  ""    # Important!  This becomes part of the template result.
--- a/90
+++ b/90
@ -1,6 +1,6 @@
 #! /usr/bin/env perl
 # -*- mode: perl; -*-
-# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@ -144,6 +144,8 @@ my $gcc_devteam_warn = "-DDEBUG_UNUSED"
 #       -Wlanguage-extension-token -- no, we use asm()
 #       -Wunused-macros -- no, too tricky for BN and _XOPEN_SOURCE etc
 #       -Wextended-offsetof -- no, needed in CMS ASN1 code
 #       -Wunused-function -- no, it forces header use of safestack et al
 #                            DEFINE macros
 my $clang_devteam_warn = ""
        . " -Wswitch-default"
        . " -Wno-parentheses-equality"
@ -153,6 +155,7 @@ my $clang_devteam_warn = ""
        . " -Wincompatible-pointer-types-discards-qualifiers"
        . " -Wmissing-variable-declarations"
        . " -Wno-unknown-warning-option"
        . " -Wno-unused-function"
        ;
 # This adds backtrace information to the memory leak info.  Is only used
@ -374,6 +377,7 @@ my @disablables = (
    "msan",
    "multiblock",
    "nextprotoneg",
    "pinshared",
    "ocb",
    "ocsp",
    "pic",
@ -1013,13 +1017,18 @@ if (scalar(@seed_sources) == 0) {
 if (scalar(grep { $_ eq 'none' } @seed_sources) > 0) {
    die "Cannot seed with none and anything else" if scalar(@seed_sources) > 1;
    warn <<_____ if scalar(@seed_sources) == 1;
 You have selected the --with-rand-seed=none option, which effectively disables
 automatic reseeding of the OpenSSL random generator. All operations depending
 on the random generator such as creating keys will not work unless the random
 generator is seeded manually by the application.
-Please read the 'Note on random number generation' section in the INSTALL
+============================== WARNING ===============================
-instructions and the RAND_DRBG(7) manual page for more details.
+You have selected the --with-rand-seed=none option, which effectively
 disables automatic reseeding of the OpenSSL random generator.
 All operations depending on the random generator such as creating keys
 will not work unless the random generator is seeded manually by the
 application.
 Please read the 'Note on random number generation' section in the
 INSTALL instructions and the RAND_DRBG(7) manual page for more details.
 ============================== WARNING ===============================
 _____
 }
 push @{$config{openssl_other_defines}},
@ -1105,13 +1114,13 @@ foreach my $feature (@{$target{disable}}) {
    $disabled{$feature} = 'config';
 }
 foreach my $feature (@{$target{enable}}) {
-    if ("default" eq ($disabled{$_} // "")) {
+    if ("default" eq ($disabled{$feature} // "")) {
        if (exists $deprecated_disablables{$feature}) {
            warn "***** config $target enables deprecated feature $feature\n";
        } elsif (!grep { $feature eq $_ } @disablables) {
            die "***** config $target enables unknown feature $feature\n";
        }
-        delete $disabled{$_};
+        delete $disabled{$feature};
    }
 }
@ -1365,6 +1374,7 @@ unless ($disabled{asm}) {
    push @{$config{lib_defines}}, "OPENSSL_BN_ASM_MONT" if ($target{bn_asm_src} =~ /-mont/);
    push @{$config{lib_defines}}, "OPENSSL_BN_ASM_MONT5" if ($target{bn_asm_src} =~ /-mont5/);
    push @{$config{lib_defines}}, "OPENSSL_BN_ASM_GF2m" if ($target{bn_asm_src} =~ /-gf2m/);
    push @{$config{lib_defines}}, "BN_DIV3W" if ($target{bn_asm_src} =~ /-div3w/);
    if ($target{sha1_asm_src}) {
 	push @{$config{lib_defines}}, "SHA1_ASM"   if ($target{sha1_asm_src} =~ /sx86/ || $target{sha1_asm_src} =~ /sha1/);
@ -2174,6 +2184,16 @@ EOF
    # Massage the result
    # If the user configured no-shared, we allow no shared sources
    if ($disabled{shared}) {
        foreach (keys %{$unified_info{shared_sources}}) {
            foreach (keys %{$unified_info{shared_sources}->{$_}}) {
                delete $unified_info{sources}->{$_};
            }
        }
        $unified_info{shared_sources} = {};
    }
    # If we depend on a header file or a perl module, add an inclusion of
    # its directory to allow smoothe inclusion
    foreach my $dest (keys %{$unified_info{depends}}) {
@ -2198,8 +2218,8 @@ EOF
            next unless defined($unified_info{includes}->{$dest}->{$k});
            my @incs = reverse @{$unified_info{includes}->{$dest}->{$k}};
            foreach my $obj (grep /\.o$/,
-                             (keys %{$unified_info{sources}->{$dest}},
+                             (keys %{$unified_info{sources}->{$dest} // {}},
-                              keys %{$unified_info{shared_sources}->{$dest}})) {
+                              keys %{$unified_info{shared_sources}->{$dest} // {}})) {
                foreach my $inc (@incs) {
                    unshift @{$unified_info{includes}->{$obj}->{$k}}, $inc
                        unless grep { $_ eq $inc } @{$unified_info{includes}->{$obj}->{$k}};
@ -2238,6 +2258,42 @@ EOF
                [ @{$unified_info{includes}->{$dest}->{source}} ];
        }
    }
    # For convenience collect information regarding directories where
    # files are generated, those generated files and the end product
    # they end up in where applicable.  Then, add build rules for those
    # directories
    my %loopinfo = ( "lib" => [ @{$unified_info{libraries}} ],
                     "dso" => [ @{$unified_info{engines}} ],
                     "bin" => [ @{$unified_info{programs}} ],
                     "script" => [ @{$unified_info{scripts}} ] );
    foreach my $type (keys %loopinfo) {
        foreach my $product (@{$loopinfo{$type}}) {
            my %dirs = ();
            my $pd = dirname($product);
            foreach (@{$unified_info{sources}->{$product} // []},
                     @{$unified_info{shared_sources}->{$product} // []}) {
                my $d = dirname($_);
                # We don't want to create targets for source directories
                # when building out of source
                next if ($config{sourcedir} ne $config{builddir}
                             && $d =~ m|^\Q$config{sourcedir}\E|);
                # We already have a "test" target, and the current directory
                # is just silly to make a target for
                next if $d eq "test" || $d eq ".";
                $dirs{$d} = 1;
                push @{$unified_info{dirinfo}->{$d}->{deps}}, $_
                    if $d ne $pd;
            }
            foreach (keys %dirs) {
                push @{$unified_info{dirinfo}->{$_}->{products}->{$type}},
                    $product;
            }
        }
    }
 }
 # For the schemes that need it, we provide the old *_obj configs
@ -2712,10 +2768,16 @@ print <<"EOF";
 **********************************************************************
 ***                                                                ***
-***   If you want to report a building issue, please include the   ***
+***   OpenSSL has been successfully configured                     ***
 ***   output from this command:                                    ***
 ***                                                                ***
-***     perl configdata.pm --dump                                  ***
+***   If you encounter a problem while building, please open an    ***
 ***   issue on GitHub <https://github.com/openssl/openssl/issues>  ***
 ***   and include the output from the following command:           ***
 ***                                                                ***
 ***       perl configdata.pm --dump                                ***
 ***                                                                ***
 ***   (If you are new to OpenSSL, you might want to consult the    ***
 ***   'Troubleshooting' section in the INSTALL file first)         ***
 ***                                                                ***
 **********************************************************************
 EOF
--- a/43
+++ b/43
@ -326,6 +326,11 @@
                   Don't build support for datagram based BIOs. Selecting this
                   option will also force the disabling of DTLS.
  enable-devcryptoeng
                   Build the /dev/crypto engine.  It is automatically selected
                   on BSD implementations, in which case it can be disabled with
                   no-devcryptoeng.
  no-dso
                   Don't build support for loading Dynamic Shared Objects.
@ -402,6 +407,24 @@
  no-pic
                   Don't build with support for Position Independent Code.
  no-pinshared     By default OpenSSL will attempt to stay in memory until the
                   process exits. This is so that libcrypto and libssl can be
                   properly cleaned up automatically via an "atexit()" handler.
                   The handler is registered by libcrypto and cleans up both
                   libraries. On some platforms the atexit() handler will run on
                   unload of libcrypto (if it has been dynamically loaded)
                   rather than at process exit. This option can be used to stop
                   OpenSSL from attempting to stay in memory until the process
                   exits. This could lead to crashes if either libcrypto or
                   libssl have already been unloaded at the point
                   that the atexit handler is invoked, e.g. on a platform which
                   calls atexit() on unload of the library, and libssl is
                   unloaded before libcrypto then a crash is likely to happen.
                   Applications can suppress running of the atexit() handler at
                   run time by using the OPENSSL_INIT_NO_ATEXIT option to
                   OPENSSL_init_crypto(). See the man page for it for further
                   details.
  no-posix-io
                   Don't use POSIX IO capabilities.
@ -614,8 +637,8 @@
                                   Windows, and as a comma separated list of
                                   libraries on VMS.
                   RANLIB          The library archive indexer.
-                   RC              The Windows resources manipulator.
+                   RC              The Windows resource compiler.
-                   RCFLAGS         Flags for the Windows reources manipulator.
+                   RCFLAGS         Flags for the Windows resource compiler.
                   RM              The command to remove files and directories.
                   These cannot be mixed with compiling / linking flags given
@ -941,10 +964,10 @@
  *  COMPILING existing applications
-     OpenSSL 1.1.0 hides a number of structures that were previously
+     Starting with version 1.1.0, OpenSSL hides a number of structures
-     open.  This includes all internal libssl structures and a number
+     that were previously open.  This includes all internal libssl
-     of EVP types.  Accessor functions have been added to allow
+     structures and a number of EVP types.  Accessor functions have
-     controlled access to the structures' data.
+     been added to allow controlled access to the structures' data.
     This means that some software needs to be rewritten to adapt to
     the new ways of doing things.  This often amounts to allocating
@ -969,7 +992,7 @@
 BUILDFILE
                Use a different build file name than the platform default
-                ("Makefile" on Unixly platforms, "makefile" on native Windows,
+                ("Makefile" on Unix-like platforms, "makefile" on native Windows,
                "descrip.mms" on OpenVMS).  This requires that there is a
                corresponding build file template.  See Configurations/README
                for further information.
@ -1047,7 +1070,7 @@
 depend
                Rebuild the dependencies in the Makefiles. This is a legacy
-                option that no longer needs to be used in OpenSSL 1.1.0.
+                option that no longer needs to be used since OpenSSL 1.1.0.
 install
                Install all OpenSSL components.
@ -1171,7 +1194,7 @@
 part of the file name, i.e. for OpenSSL 1.1.x, 1.1 is somehow part of
 the name.
- On most POSIXly platforms, shared libraries are named libcrypto.so.1.1
+ On most POSIX platforms, shared libraries are named libcrypto.so.1.1
 and libssl.so.1.1.
 on Cygwin, shared libraries are named cygcrypto-1.1.dll and cygssl-1.1.dll
@ -1202,7 +1225,7 @@
 The seeding method can be configured using the --with-rand-seed option,
 which can be used to specify a comma separated list of seed methods.
 However in most cases OpenSSL will choose a suitable default method,
- so it is not necessary to explicitely provide this option. Note also
+ so it is not necessary to explicitly provide this option. Note also
 that not all methods are available on all platforms.
 I) On operating systems which provide a suitable randomness source (in
--- a/16
+++ b/16
@ -10,14 +10,14 @@
  ---------------
 /* ====================================================================
- * Copyright (c) 1998-2018 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2019 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
@ -72,21 +72,21 @@
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@ -101,10 +101,10 @@
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@ -116,7 +116,7 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
--- a/12
+++ b/12
@ -5,6 +5,18 @@
  This file gives a brief overview of the major changes between each OpenSSL
  release. For more details please read the CHANGES file.
  Major changes between OpenSSL 1.1.1a and OpenSSL 1.1.1b [26 Feb 2019]
      o Change the info callback signals for the start and end of a post-handshake
        message exchange in TLSv1.3.
      o Fix a bug in DTLS over SCTP. This breaks interoperability with older versions
        of OpenSSL like OpenSSL 1.1.0 and OpenSSL 1.0.2.
  Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018]
      o Timing vulnerability in DSA signature generation (CVE-2018-0734)
      o Timing vulnerability in ECDSA signature generation (CVE-2018-0735)
  Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [11 Sep 2018]
      o Support for TLSv1.3 added (see https://wiki.openssl.org/index.php/TLS1.3
--- a/NOTES.ANDROID
+++ b/NOTES.ANDROID
@ -23,32 +23,40 @@
 platform. Though you still need to know the prefix to extend your PATH,
 in order to invoke $(CROSS_COMPILE)gcc and company. (Configure will fail
 and give you a hint if you get it wrong.) Apart from PATH adjustment
- you need to set ANDROID_NDK environment to point at NDK directory
+ you need to set ANDROID_NDK_HOME environment to point at NDK directory
- as /some/where/android-ndk-<ver>. NDK customarily supports multiple
+ as /some/where/android-ndk-<ver>. Both variables are significant at both
- Android API levels, e.g. android-14, android-21, etc. By default latest 
+ configuration and compilation times. NDK customarily supports multiple
 Android API levels, e.g. android-14, android-21, etc. By default latest
 one available is chosen. If you need to target older platform, pass
 additional -D__ANDROID_API__=N to Configure. N is numeric value of the
 target platform version. For example, to compile for ICS on ARM with
 NDK 10d:
-    ANDROID_NDK=/some/where/android-ndk-10d
+    export ANDROID_NDK_HOME=/some/where/android-ndk-10d
-    PATH=$ANDROID_NDK/toolchains/arm-linux-androideabi-4.8/prebuilt/linux-x86_64/bin:$PATH
+    PATH=$ANDROID_NDK_HOME/toolchains/arm-linux-androideabi-4.8/prebuilt/linux-x86_64/bin:$PATH
    ./Configure android-arm -D__ANDROID_API__=14
    make
 Caveat lector! Earlier OpenSSL versions relied on additional CROSS_SYSROOT
- variable set to $ANDROID_NDK/platforms/android-<api>/arch-<arch> to
+ variable set to $ANDROID_NDK_HOME/platforms/android-<api>/arch-<arch> to
 appoint headers-n-libraries' location. It's still recognized in order
 to facilitate migration from older projects. However, since API level
 appears in CROSS_SYSROOT value, passing -D__ANDROID_API__=N can be in
 conflict, and mixing the two is therefore not supported. Migration to
 CROSS_SYSROOT-less setup is recommended.
- One can engage clang by adjusting PATH to cover NDK's clang. Just keep
+ One can engage clang by adjusting PATH to cover same NDK's clang. Just
- in mind that if you miss it, Configure will try to use gcc... Also,
+ keep in mind that if you miss it, Configure will try to use gcc...
- PATH would need even further adjustment to cover unprefixed, yet
+ Also, PATH would need even further adjustment to cover unprefixed, yet
 target-specific, ar and ranlib. It's possible that you don't need to
 bother, if binutils-multiarch is installed on your Linux system.
 Another option is to create so called "standalone toolchain" tailored
 for single specific platform including Android API level, and assign its
 location to ANDROID_NDK_HOME. In such case you have to pass matching
 target name to Configure and shouldn't use -D__ANDROID_API__=N. PATH
 adjustment becomes simpler, $ANDROID_NDK_HOME/bin:$PATH suffices.
 Running tests (on Linux)
 ------------------------
--- a/NOTES.DJGPP
+++ b/NOTES.DJGPP
@ -1,5 +1,5 @@
- 
+
 INSTALLATION ON THE DOS PLATFORM WITH DJGPP
 -------------------------------------------
@ -29,7 +29,7 @@
 running "./Configure" with appropriate arguments:
 	./Configure no-threads --prefix=/dev/env/DJDIR DJGPP
- 
+
 And finally fire up "make". You may run out of DPMI selectors when
 running in a DOS box under Windows. If so, just close the BASH
 shell, go back to Windows, and restart BASH. Then run "make" again.
--- a/NOTES.VMS
+++ b/NOTES.VMS
@ -42,7 +42,7 @@
 for now is to rename the OpenSSL source directory, as follows (please
 adjust for the actual source directory name you have):
-    $ rename openssl-1^.1^.0.DIR openssl-1_1_0.DIR 
+    $ rename openssl-1^.1^.0.DIR openssl-1_1_0.DIR
 About MMS and DCL
--- a/2
+++ b/2
@ -1,5 +1,5 @@
- OpenSSL 1.1.1 11 Sep 2018
+ OpenSSL 1.1.1b 26 Feb 2019
 Copyright (c) 1998-2018 The OpenSSL Project
 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
--- a/apps/app_rand.c
+++ b/apps/app_rand.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -26,7 +26,6 @@ void app_RAND_load_conf(CONF *c, const char *section)
    if (RAND_load_file(randfile, -1) < 0) {
        BIO_printf(bio_err, "Can't load %s into RNG\n", randfile);
        ERR_print_errors(bio_err);
        return;
    }
    if (save_rand_file == NULL)
        save_rand_file = OPENSSL_strdup(randfile);
--- a/apps/apps.c
+++ b/apps/apps.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -1561,7 +1561,7 @@ CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr)
 #else
    BIO_snprintf(buf, sizeof(buf), "%s-attr", dbfile);
 #endif
-    dbattr_conf = app_load_config(buf);
+    dbattr_conf = app_load_config_quiet(buf);
    retdb = app_malloc(sizeof(*retdb), "new DB");
    retdb->db = tmpdb;
@ -1831,6 +1831,12 @@ X509_NAME *parse_name(const char *cp, long chtype, int canmulti)
                      opt_getprog(), typestr);
            continue;
        }
        if (*valstr == '\0') {
            BIO_printf(bio_err,
                       "%s: No value provided for Subject Attribute %s, skipped\n",
                       opt_getprog(), typestr);
            continue;
        }
        if (!X509_NAME_add_entry_by_NID(n, nid, chtype,
                                        valstr, strlen((char *)valstr),
                                        -1, ismulti ? -1 : 0))
@ -2190,7 +2196,7 @@ double app_tminterval(int stop, int usertime)
    return ret;
 }
-#elif defined(OPENSSL_SYSTEM_VXWORKS)
+#elif defined(OPENSSL_SYS_VXWORKS)
 # include <time.h>
 double app_tminterval(int stop, int usertime)
--- a/apps/apps.h
+++ b/apps/apps.h
@ -369,7 +369,7 @@ typedef struct string_int_pair_st {
 # define OPT_FMT_SMIME           (1L <<  3)
 # define OPT_FMT_ENGINE          (1L <<  4)
 # define OPT_FMT_MSBLOB          (1L <<  5)
-# define OPT_FMT_NETSCAPE        (1L <<  6)
+/* (1L <<  6) was OPT_FMT_NETSCAPE, but wasn't used */
 # define OPT_FMT_NSS             (1L <<  7)
 # define OPT_FMT_TEXT            (1L <<  8)
 # define OPT_FMT_HTTP            (1L <<  9)
@ -378,8 +378,8 @@ typedef struct string_int_pair_st {
 # define OPT_FMT_PDS     (OPT_FMT_PEMDER | OPT_FMT_SMIME)
 # define OPT_FMT_ANY     ( \
        OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_SMIME | \
-        OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NETSCAPE | \
+        OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NSS   | \
-        OPT_FMT_NSS | OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK)
+        OPT_FMT_TEXT   | OPT_FMT_HTTP   | OPT_FMT_PVK)
 char *opt_progname(const char *argv0);
 char *opt_getprog(void);
--- a/apps/ca.c
+++ b/apps/ca.c
@ -605,7 +605,7 @@ end_of_options:
        /*
         * outdir is a directory spec, but access() for VMS demands a
         * filename.  We could use the DEC C routine to convert the
-         * directory syntax to Unixly, and give that to app_isdir,
+         * directory syntax to Unix, and give that to app_isdir,
         * but for now the fopen will catch the error if it's not a
         * directory
         */
@ -976,7 +976,7 @@ end_of_options:
            BIO_printf(bio_err, "Write out database with %d new entries\n",
                       sk_X509_num(cert_sk));
-            if (!rand_ser
+            if (serialfile != NULL
                    && !save_serial(serialfile, "new", serial, NULL))
                goto end;
@ -1044,7 +1044,8 @@ end_of_options:
        if (sk_X509_num(cert_sk)) {
            /* Rename the database and the serial file */
-            if (!rotate_serial(serialfile, "new", "old"))
+            if (serialfile != NULL
                    && !rotate_serial(serialfile, "new", "old"))
                goto end;
            if (!rotate_index(dbfile, "new", "old"))
@ -1177,10 +1178,9 @@ end_of_options:
        }
        /* we have a CRL number that need updating */
-        if (crlnumberfile != NULL)
+        if (crlnumberfile != NULL
-            if (!rand_ser
+                && !save_serial(crlnumberfile, "new", crlnumber, NULL))
-                    && !save_serial(crlnumberfile, "new", crlnumber, NULL))
+            goto end;
                goto end;
        BN_free(crlnumber);
        crlnumber = NULL;
@ -1195,9 +1195,10 @@ end_of_options:
        PEM_write_bio_X509_CRL(Sout, crl);
-        if (crlnumberfile != NULL) /* Rename the crlnumber file */
+        /* Rename the crlnumber file */
-            if (!rotate_serial(crlnumberfile, "new", "old"))
+        if (crlnumberfile != NULL
-                goto end;
+                && !rotate_serial(crlnumberfile, "new", "old"))
            goto end;
    }
    /*****************************************************************/
--- a/apps/ct_log_list.cnf
+++ b/apps/ct_log_list.cnf
@ -2,8 +2,8 @@
 # that are to be trusted.
 # Google's list of logs can be found here:
-#       www.certificate-transparency.org/known-logs 
+#       www.certificate-transparency.org/known-logs
 # A Python program to convert the log list to OpenSSL's format can be
 # found here:
-#       https://github.com/google/certificate-transparency/blob/master/python/utilities/log_list/print_log_list.py 
+#       https://github.com/google/certificate-transparency/blob/master/python/utilities/log_list/print_log_list.py
 # Use the "--openssl_output" flag.
--- a/apps/demoSRP/srp_verifier.txt
+++ b/apps/demoSRP/srp_verifier.txt
@ -3,4 +3,4 @@
 # records starting with a I followed by the g and N values and the id.
 # The exact values ... you have to dig this out from the source of srp.c
 # or srp_vfy.c
-# The last value of an I is used as the default group for new users.  
+# The last value of an I is used as the default group for new users.
--- a/apps/dh1024.pem
+++ b/apps/dh1024.pem
@ -4,7 +4,7 @@ Sgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVtbVHCReSFtXZiXn7G9ExC6aY37WsL
 /1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR7OZTgf//////////AgEC
 -----END DH PARAMETERS-----
-These are the 1024-bit DH parameters from "Internet Key Exchange 
+These are the 1024-bit DH parameters from "Internet Key Exchange
 Protocol Version 2 (IKEv2)": https://tools.ietf.org/html/rfc5996
 See https://tools.ietf.org/html/rfc2412 for how they were generated.
--- a/apps/dh2048.pem
+++ b/apps/dh2048.pem
@ -7,8 +7,8 @@ fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq
 5RXSJhiY+gUQFXKOWoqsqmj//////////wIBAg==
 -----END DH PARAMETERS-----
-These are the 2048-bit DH parameters from "More Modular Exponential 
+These are the 2048-bit DH parameters from "More Modular Exponential
-(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)": 
+(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)":
 https://tools.ietf.org/html/rfc3526
 See https://tools.ietf.org/html/rfc2412 for how they were generated.
--- a/apps/dh4096.pem
+++ b/apps/dh4096.pem
@ -12,8 +12,8 @@ ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O
 HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0BjGZ//////////8CAQI=
 -----END DH PARAMETERS-----
-These are the 4096-bit DH parameters from "More Modular Exponential 
+These are the 4096-bit DH parameters from "More Modular Exponential
-(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)": 
+(MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)":
 https://tools.ietf.org/html/rfc3526
 See https://tools.ietf.org/html/rfc2412 for how they were generated.
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -36,7 +36,21 @@ NON_EMPTY_TRANSLATION_UNIT
 # include <openssl/x509v3.h>
 # include <openssl/rand.h>
-# if defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_NO_SOCK) \
+#ifndef HAVE_FORK
 # if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS)
 #  define HAVE_FORK 0
 # else
 #  define HAVE_FORK 1
 # endif
 #endif
 #if HAVE_FORK
 # undef NO_FORK
 #else
 # define NO_FORK
 #endif
 # if !defined(NO_FORK) && !defined(OPENSSL_NO_SOCK) \
     && !defined(OPENSSL_NO_POSIX_IO)
 #  define OCSP_DAEMON
 #  include <sys/types.h>
@ -53,6 +67,20 @@ NON_EMPTY_TRANSLATION_UNIT
 #  define LOG_ERR       2
 # endif
 # if defined(OPENSSL_SYS_VXWORKS)
 /* not supported */
 int setpgid(pid_t pid, pid_t pgid)
 {
    errno = ENOSYS;
    return 0;
 }
 /* not supported */
 pid_t fork(void)
 {
    errno = ENOSYS;
    return (pid_t) -1;
 }
 # endif
 /* Maximum leeway in validity period: default 5 minutes */
 # define MAX_VALIDITY_PERIOD    (5 * 60)
@ -863,6 +891,7 @@ static void killall(int ret, pid_t *kidpids)
    for (i = 0; i < multi; ++i)
        if (kidpids[i] != 0)
            (void)kill(kidpids[i], SIGTERM);
    OPENSSL_free(kidpids);
    sleep(1);
    exit(ret);
 }
@ -950,6 +979,7 @@ static void spawn_loop(void)
            sleep(30);
            break;
        case 0:             /* child */
            OPENSSL_free(kidpids);
            signal(SIGINT, SIG_DFL);
            signal(SIGTERM, SIG_DFL);
            if (termsig)
--- a/apps/openssl-vms.cnf
+++ b/apps/openssl-vms.cnf
@ -10,7 +10,6 @@
 # This definition stops the following lines choking if HOME isn't
 # defined.
 HOME			= .
 RANDFILE		= $ENV::HOME/.rnd
 # Extra OBJECT IDENTIFIER info:
 #oid_file		= $ENV::HOME/.oid
@ -19,7 +18,7 @@ oid_section		= new_oids
 # To use this configuration file with the "-extfile" option of the
 # "openssl x509" utility, name here the section containing the
 # X.509v3 extensions to use:
-# extensions		= 
+# extensions		=
 # (Alternatively, use a configuration file that has only
 # X.509v3 extensions in its main [= default] section.)
@ -57,7 +56,6 @@ crlnumber	= $dir]crlnumber.	# the current crl number
 					# must be commented out to leave a V1 CRL
 crl		= $dir]crl.pem 		# The current CRL
 private_key	= $dir.private]cakey.pem# The private key
 RANDFILE	= $dir.private].rand	# private random number file
 x509_extensions	= usr_cert		# The extensions to add to the cert
@ -117,7 +115,7 @@ x509_extensions	= v3_ca	# The extensions to add to the self signed cert
 # input_password = secret
 # output_password = secret
-# This sets a mask for permitted string types. There are several options. 
+# This sets a mask for permitted string types. There are several options.
 # default: PrintableString, T61String, BMPString.
 # pkix	 : PrintableString, BMPString (PKIX recommendation before 2004)
 # utf8only: only UTF8Strings (PKIX recommendation after 2004).
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@ -10,7 +10,6 @@
 # This definition stops the following lines choking if HOME isn't
 # defined.
 HOME			= .
 RANDFILE		= $ENV::HOME/.rnd
 # Extra OBJECT IDENTIFIER info:
 #oid_file		= $ENV::HOME/.oid
@ -19,7 +18,7 @@ oid_section		= new_oids
 # To use this configuration file with the "-extfile" option of the
 # "openssl x509" utility, name here the section containing the
 # X.509v3 extensions to use:
-# extensions		= 
+# extensions		=
 # (Alternatively, use a configuration file that has only
 # X.509v3 extensions in its main [= default] section.)
@ -57,7 +56,6 @@ crlnumber	= $dir/crlnumber	# the current crl number
 					# must be commented out to leave a V1 CRL
 crl		= $dir/crl.pem 		# The current CRL
 private_key	= $dir/private/cakey.pem# The private key
 RANDFILE	= $dir/private/.rand	# private random number file
 x509_extensions	= usr_cert		# The extensions to add to the cert
@ -117,7 +115,7 @@ x509_extensions	= v3_ca	# The extensions to add to the self signed cert
 # input_password = secret
 # output_password = secret
-# This sets a mask for permitted string types. There are several options. 
+# This sets a mask for permitted string types. There are several options.
 # default: PrintableString, T61String, BMPString.
 # pkix	 : PrintableString, BMPString (PKIX recommendation before 2004)
 # utf8only: only UTF8Strings (PKIX recommendation after 2004).
--- a/apps/opt.c
+++ b/apps/opt.c
@ -168,7 +168,6 @@ static OPT_PAIR formats[] = {
    {"smime", OPT_FMT_SMIME},
    {"engine", OPT_FMT_ENGINE},
    {"msblob", OPT_FMT_MSBLOB},
    {"netscape", OPT_FMT_NETSCAPE},
    {"nss", OPT_FMT_NSS},
    {"text", OPT_FMT_TEXT},
    {"http", OPT_FMT_HTTP},
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -311,6 +311,13 @@ int pkcs12_main(int argc, char **argv)
    if (cpass != NULL) {
        mpass = cpass;
        noprompt = 1;
        if (twopass) {
            if (export_cert)
                BIO_printf(bio_err, "Option -twopass cannot be used with -passout or -password\n");
            else
                BIO_printf(bio_err, "Option -twopass cannot be used with -passin or -password\n");
            goto end;
        }
    } else {
        cpass = pass;
        mpass = macpass;
--- a/apps/rehash.c
+++ b/apps/rehash.c
@ -1,6 +1,6 @@
 /*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
- * Copyright (c) 2013-2014 Timo Teräs <timo.teras@gmail.com>
+ * Copyright (c) 2013-2014 Timo Teräs <timo.teras@gmail.com>
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -51,6 +51,26 @@
 # endif
 # define MAX_COLLISIONS  256
 # if defined(OPENSSL_SYS_VXWORKS)
 /*
 * VxWorks has no symbolic links
 */
 #  define lstat(path, buf) stat(path, buf)
 int symlink(const char *target, const char *linkpath)
 {
    errno = ENOSYS;
    return -1;
 }
 ssize_t readlink(const char *pathname, char *buf, size_t bufsiz)
 {
    errno = ENOSYS;
    return -1;
 }
 # endif
 typedef struct hentry_st {
    struct hentry_st *next;
    char *filename;
--- a/apps/rsa.c
+++ b/apps/rsa.c
@ -38,8 +38,8 @@ typedef enum OPTION_choice {
 const OPTIONS rsa_options[] = {
    {"help", OPT_HELP, '-', "Display this summary"},
-    {"inform", OPT_INFORM, 'f', "Input format, one of DER NET PEM"},
+    {"inform", OPT_INFORM, 'f', "Input format, one of DER PEM"},
-    {"outform", OPT_OUTFORM, 'f', "Output format, one of DER NET PEM PVK"},
+    {"outform", OPT_OUTFORM, 'f', "Output format, one of DER PEM PVK"},
    {"in", OPT_IN, 's', "Input file"},
    {"out", OPT_OUT, '>', "Output file"},
    {"pubin", OPT_PUBIN, '-', "Expect a public key in input file"},
@ -269,6 +269,9 @@ int rsa_main(int argc, char **argv)
    } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
        EVP_PKEY *pk;
        pk = EVP_PKEY_new();
        if (pk == NULL)
            goto end;
        EVP_PKEY_set1_RSA(pk, rsa);
        if (outformat == FORMAT_PVK) {
            if (pubin) {
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -24,7 +24,7 @@
 #define COOKIE_SECRET_LENGTH    16
-VERIFY_CB_ARGS verify_args = { 0, 0, X509_V_OK, 0 };
+VERIFY_CB_ARGS verify_args = { -1, 0, X509_V_OK, 0 };
 #ifndef OPENSSL_NO_SOCK
 static unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
@ -63,7 +63,7 @@ int verify_callback(int ok, X509_STORE_CTX *ctx)
    if (!ok) {
        BIO_printf(bio_err, "verify error:num=%d:%s\n", err,
                   X509_verify_cert_error_string(err));
-        if (verify_args.depth >= depth) {
+        if (verify_args.depth < 0 || verify_args.depth >= depth) {
            if (!verify_args.return_error)
                ok = 1;
            verify_args.error = err;
@ -394,7 +394,8 @@ int ssl_print_groups(BIO *out, SSL *s, int noshared)
 int ssl_print_tmp_key(BIO *out, SSL *s)
 {
    EVP_PKEY *key;
-    if (!SSL_get_server_tmp_key(s, &key))
+
    if (!SSL_get_peer_tmp_key(s, &key))
        return 1;
    BIO_puts(out, "Server Temp Key: ");
    switch (EVP_PKEY_id(key)) {
--- a/apps/s_client.c
+++ b/apps/s_client.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
 * Copyright 2005 Nokia. All rights reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
@ -74,6 +74,7 @@ static void print_stuff(BIO *berr, SSL *con, int full);
 static int ocsp_resp_cb(SSL *s, void *arg);
 #endif
 static int ldap_ExtendedResponse_parse(const char *buf, long rem);
 static int is_dNS_name(const char *host);
 static int saved_errno;
@ -596,6 +597,7 @@ typedef enum OPTION_choice {
 #endif
    OPT_DANE_TLSA_RRDATA, OPT_DANE_EE_NO_NAME,
    OPT_ENABLE_PHA,
    OPT_SCTP_LABEL_BUG,
    OPT_R_ENUM
 } OPTION_CHOICE;
@ -750,6 +752,7 @@ const OPTIONS s_client_options[] = {
 #endif
 #ifndef OPENSSL_NO_SCTP
    {"sctp", OPT_SCTP, '-', "Use SCTP"},
    {"sctp_label_bug", OPT_SCTP_LABEL_BUG, '-', "Enable SCTP label length bug"},
 #endif
 #ifndef OPENSSL_NO_SSL_TRACE
    {"trace", OPT_TRACE, '-', "Show trace output of protocol messages"},
@ -976,6 +979,9 @@ int s_client_main(int argc, char **argv)
 #endif
    char *psksessf = NULL;
    int enable_pha = 0;
 #ifndef OPENSSL_NO_SCTP
    int sctp_label_bug = 0;
 #endif
    FD_ZERO(&readfds);
    FD_ZERO(&writefds);
@ -1121,6 +1127,7 @@ int s_client_main(int argc, char **argv)
                goto opthelp;
            break;
        case OPT_VERIFY_RET_ERROR:
            verify = SSL_VERIFY_PEER;
            verify_args.return_error = 1;
            break;
        case OPT_VERIFY_QUIET:
@ -1321,6 +1328,11 @@ int s_client_main(int argc, char **argv)
        case OPT_SCTP:
 #ifndef OPENSSL_NO_SCTP
            protocol = IPPROTO_SCTP;
 #endif
            break;
        case OPT_SCTP_LABEL_BUG:
 #ifndef OPENSSL_NO_SCTP
            sctp_label_bug = 1;
 #endif
            break;
        case OPT_TIMEOUT:
@ -1707,6 +1719,11 @@ int s_client_main(int argc, char **argv)
        }
    }
 #ifndef OPENSSL_NO_SCTP
    if (protocol == IPPROTO_SCTP && sctp_label_bug == 1)
        SSL_CTX_set_mode(ctx, SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG);
 #endif
    if (min_version != 0
        && SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
        goto end;
@ -1975,9 +1992,11 @@ int s_client_main(int argc, char **argv)
        SSL_set_mode(con, SSL_MODE_SEND_FALLBACK_SCSV);
    if (!noservername && (servername != NULL || dane_tlsa_domain == NULL)) {
-        if (servername == NULL)
+        if (servername == NULL) {
-            servername = (host == NULL) ? "localhost" : host;
+            if(host == NULL || is_dNS_name(host)) 
-        if (!SSL_set_tlsext_host_name(con, servername)) {
+                servername = (host == NULL) ? "localhost" : host;
        }
        if (servername != NULL && !SSL_set_tlsext_host_name(con, servername)) {
            BIO_printf(bio_err, "Unable to set TLS servername extension.\n");
            ERR_print_errors(bio_err);
            goto end;
@ -3031,9 +3050,7 @@ int s_client_main(int argc, char **argv)
                BIO_printf(bio_err, "RENEGOTIATING\n");
                SSL_renegotiate(con);
                cbuf_len = 0;
-            }
+	    } else if (!c_ign_eof && (cbuf[0] == 'K' || cbuf[0] == 'k' )
            if (!c_ign_eof && (cbuf[0] == 'K' || cbuf[0] == 'k' )
                    && cmdletters) {
                BIO_printf(bio_err, "KEYUPDATE\n");
                SSL_key_update(con,
@ -3459,4 +3476,69 @@ static int ldap_ExtendedResponse_parse(const char *buf, long rem)
    return ret;
 }
 /*
 * Host dNS Name verifier: used for checking that the hostname is in dNS format 
 * before setting it as SNI
 */
 static int is_dNS_name(const char *host)
 {
    const size_t MAX_LABEL_LENGTH = 63;
    size_t i;
    int isdnsname = 0;
    size_t length = strlen(host);
    size_t label_length = 0;
    int all_numeric = 1;
    /*
     * Deviation from strict DNS name syntax, also check names with '_'
     * Check DNS name syntax, any '-' or '.' must be internal,
     * and on either side of each '.' we can't have a '-' or '.'.
     *
     * If the name has just one label, we don't consider it a DNS name.
     */
    for (i = 0; i < length && label_length < MAX_LABEL_LENGTH; ++i) {
        char c = host[i];
        if ((c >= 'a' && c <= 'z')
            || (c >= 'A' && c <= 'Z')
            || c == '_') {
            label_length += 1;
            all_numeric = 0;
            continue;
        }
        if (c >= '0' && c <= '9') {
            label_length += 1;
            continue;
        }
        /* Dot and hyphen cannot be first or last. */
        if (i > 0 && i < length - 1) {
            if (c == '-') {
                label_length += 1;
                continue;
            }
            /*
             * Next to a dot the preceding and following characters must not be
             * another dot or a hyphen.  Otherwise, record that the name is
             * plausible, since it has two or more labels.
             */
            if (c == '.'
                && host[i + 1] != '.'
                && host[i - 1] != '-'
                && host[i + 1] != '-') {
                label_length = 0;
                isdnsname = 1;
                continue;
            }
        }
        isdnsname = 0;
        break;
    }
    /* dNS name must not be all numeric and labels must be shorter than 64 characters. */
    isdnsname &= !all_numeric && !(label_length == MAX_LABEL_LENGTH);
    return isdnsname;
 }
 #endif                          /* OPENSSL_NO_SOCK */
--- a/apps/s_server.c
+++ b/apps/s_server.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
 * Copyright 2005 Nokia. All rights reserved.
 *
@ -193,9 +193,8 @@ static int psk_find_session_cb(SSL *ssl, const unsigned char *identity,
    if (strlen(psk_identity) != identity_len
            || memcmp(psk_identity, identity, identity_len) != 0) {
-        BIO_printf(bio_s_out,
+        *sess = NULL;
-                   "PSK warning: client identity not what we expected"
+        return 1;
                   " (got '%s' expected '%s')\n", identity, psk_identity);
    }
    if (psksess != NULL) {
@ -752,7 +751,7 @@ typedef enum OPTION_choice {
    OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN,
    OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN,
    OPT_KEYLOG_FILE, OPT_MAX_EARLY, OPT_RECV_MAX_EARLY, OPT_EARLY_DATA,
-    OPT_S_NUM_TICKETS, OPT_ANTI_REPLAY, OPT_NO_ANTI_REPLAY,
+    OPT_S_NUM_TICKETS, OPT_ANTI_REPLAY, OPT_NO_ANTI_REPLAY, OPT_SCTP_LABEL_BUG,
    OPT_R_ENUM,
    OPT_S_ENUM,
    OPT_V_ENUM,
@ -939,6 +938,7 @@ const OPTIONS s_server_options[] = {
 #endif
 #ifndef OPENSSL_NO_SCTP
    {"sctp", OPT_SCTP, '-', "Use SCTP"},
    {"sctp_label_bug", OPT_SCTP_LABEL_BUG, '-', "Enable SCTP label length bug"},
 #endif
 #ifndef OPENSSL_NO_DH
    {"no_dhe", OPT_NO_DHE, '-', "Disable ephemeral DH"},
@ -1048,6 +1048,9 @@ int s_server_main(int argc, char *argv[])
    const char *keylog_file = NULL;
    int max_early_data = -1, recv_max_early_data = -1;
    char *psksessf = NULL;
 #ifndef OPENSSL_NO_SCTP
    int sctp_label_bug = 0;
 #endif
    /* Init of few remaining global variables */
    local_argc = argc;
@ -1408,7 +1411,7 @@ int s_server_main(int argc, char *argv[])
            for (p = psk_key = opt_arg(); *p; p++) {
                if (isxdigit(_UC(*p)))
                    continue;
-                BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
+                BIO_printf(bio_err, "Not a hex number '%s'\n", psk_key);
                goto end;
            }
            break;
@ -1489,6 +1492,11 @@ int s_server_main(int argc, char *argv[])
        case OPT_SCTP:
 #ifndef OPENSSL_NO_SCTP
            protocol = IPPROTO_SCTP;
 #endif
            break;
        case OPT_SCTP_LABEL_BUG:
 #ifndef OPENSSL_NO_SCTP
            sctp_label_bug = 1;
 #endif
            break;
        case OPT_TIMEOUT:
@ -1622,6 +1630,11 @@ int s_server_main(int argc, char *argv[])
        goto end;
    }
 #endif
    if (early_data && (www > 0 || rev)) {
        BIO_printf(bio_err,
                   "Can't use -early_data in combination with -www, -WWW, -HTTP, or -rev\n");
        goto end;
    }
 #ifndef OPENSSL_NO_SCTP
    if (protocol == IPPROTO_SCTP) {
@ -1788,6 +1801,12 @@ int s_server_main(int argc, char *argv[])
            goto end;
        }
    }
 #ifndef OPENSSL_NO_SCTP
    if (protocol == IPPROTO_SCTP && sctp_label_bug == 1)
        SSL_CTX_set_mode(ctx, SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG);
 #endif
    if (min_version != 0
        && SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
        goto end;
@ -2750,6 +2769,8 @@ static int init_ssl_connection(SSL *con)
                    BIO_ADDR_free(client);
                    return 0;
                }
                (void)BIO_ctrl_set_connected(wbio, client);
                BIO_ADDR_free(client);
                dtlslisten = 0;
            } else {
--- a/apps/speed.c
+++ b/apps/speed.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
@ -100,7 +100,7 @@
 #include <openssl/modes.h>
 #ifndef HAVE_FORK
-# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS)
+# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_VXWORKS)
 #  define HAVE_FORK 0
 # else
 #  define HAVE_FORK 1
@ -1499,11 +1499,11 @@ int speed_main(int argc, char **argv)
        {"nistp192", NID_X9_62_prime192v1, 192},
        {"nistp224", NID_secp224r1, 224},
        {"nistp256", NID_X9_62_prime256v1, 256},
-        {"nistp384", NID_secp384r1, 384}, 
+        {"nistp384", NID_secp384r1, 384},
        {"nistp521", NID_secp521r1, 521},
        /* Binary Curves */
        {"nistk163", NID_sect163k1, 163},
-        {"nistk233", NID_sect233k1, 233}, 
+        {"nistk233", NID_sect233k1, 233},
        {"nistk283", NID_sect283k1, 283},
        {"nistk409", NID_sect409k1, 409},
        {"nistk571", NID_sect571k1, 571},
@ -2896,7 +2896,7 @@ int speed_main(int argc, char **argv)
            if (rsa_count <= 1) {
                /* if longer than 10s, don't do any more */
-                for (testnum++; testnum < EC_NUM; testnum++)
+                for (testnum++; testnum < ECDSA_NUM; testnum++)
                    ecdsa_doit[testnum] = 0;
            }
        }
--- a/apps/verify.c
+++ b/apps/verify.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -286,16 +286,19 @@ static int cb(int ok, X509_STORE_CTX *ctx)
               cert_error,
               X509_STORE_CTX_get_error_depth(ctx),
               X509_verify_cert_error_string(cert_error));
        /*
         * Pretend that some errors are ok, so they don't stop further
         * processing of the certificate chain.  Setting ok = 1 does this.
         * After X509_verify_cert() is done, we verify that there were
         * no actual errors, even if the returned value was positive.
         */
        switch (cert_error) {
        case X509_V_ERR_NO_EXPLICIT_POLICY:
            policies_print(ctx);
            /* fall thru */
        case X509_V_ERR_CERT_HAS_EXPIRED:
-
+            /* Continue even if the leaf is a self signed cert */
            /*
             * since we are just checking the certificates, it is ok if they
             * are self signed. But we should still warn the user.
             */
        case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
            /* Continue after extension errors too */
        case X509_V_ERR_INVALID_CA:
--- a/apps/x509.c
+++ b/apps/x509.c
@ -67,10 +67,10 @@ typedef enum OPTION_choice {
 const OPTIONS x509_options[] = {
    {"help", OPT_HELP, '-', "Display this summary"},
    {"inform", OPT_INFORM, 'f',
-     "Input format - default PEM (one of DER, NET or PEM)"},
+     "Input format - default PEM (one of DER or PEM)"},
    {"in", OPT_IN, '<', "Input file - default stdin"},
    {"outform", OPT_OUTFORM, 'f',
-     "Output format - default PEM (one of DER, NET or PEM)"},
+     "Output format - default PEM (one of DER or PEM)"},
    {"out", OPT_OUT, '>', "Output file - default stdout"},
    {"keyform", OPT_KEYFORM, 'F', "Private key format - default PEM"},
    {"passin", OPT_PASSIN, 's', "Private key password/pass-phrase source"},
--- a/18
+++ b/18
@ -1,5 +1,5 @@
 #!/bin/sh
-# Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@ -19,7 +19,7 @@ THERE=`dirname $0`
 # pick up any command line args to config
 for i
 do
-case "$i" in 
+case "$i" in
 -d*) options=$options" --debug";;
 -t*) DRYRUN="true" VERBOSE="true";;
 -v*) VERBOSE="true";;
@ -59,7 +59,7 @@ __CNF_LDLIBS=
 # Now test for ISC and SCO, since it is has a braindamaged uname.
 #
-# We need to work around FreeBSD 1.1.5.1 
+# We need to work around FreeBSD 1.1.5.1
 (
 XREL=`uname -X 2>/dev/null | grep "^Release" | awk '{print $3}'`
 if [ "x$XREL" != "x" ]; then
@ -363,7 +363,7 @@ esac
 # At this point we gone through all the one's
 # we know of: Punt
-echo "${MACHINE}-whatever-${SYSTEM}" 
+echo "${MACHINE}-whatever-${SYSTEM}"
 exit 0
 ) 2>/dev/null | (
@ -433,7 +433,7 @@ fi
 CCVER=${CCVER:-0}
-# read the output of the embedded GuessOS 
+# read the output of the embedded GuessOS
 read GUESSOS
 echo Operating system: $GUESSOS
@ -732,7 +732,7 @@ case "$GUESSOS" in
  *-*-[Uu]nix[Ww]are7)
 	if [ "$CC" = "gcc" ]; then
 	  OUT="unixware-7-gcc" ; options="$options no-sse2"
-	else    
+	else
 	  OUT="unixware-7" ; options="$options no-sse2"
 	  __CNF_CPPFLAGS="$__CNF_CPPFLAGS -D__i386__"
 	fi
@ -793,7 +793,7 @@ case "$GUESSOS" in
            OUT="aix64-gcc"
          fi
 	elif [ $OBJECT_MODE -eq 64 ]; then
-	    echo 'Your $OBJECT_MODE was found to be set to 64' 
+	    echo 'Your $OBJECT_MODE was found to be set to 64'
 	    OUT="aix64-cc"
 	else
 	    OUT="aix-cc"
@ -897,7 +897,7 @@ if [ ".$PERL" = . ] ; then
 	exit 1
 fi
-# run Configure to check to see if we need to specify the 
+# run Configure to check to see if we need to specify the
 # compiler for the platform ... in which case we add it on
 # the end ... otherwise we leave it off
@ -920,7 +920,7 @@ if [ $? = "0" ]; then
 	 __CNF_LDFLAGS="'$__CNF_LDFLAGS'" \
 	 __CNF_LDLIBS="'$__CNF_LDLIBS'" \
 	 $PERL $THERE/Configure $OUT $options
-  fi  
+  fi
  if [ "$DRYRUN" = "false" ]; then
    # eval to make sure quoted options, possibly with spaces inside,
    # are treated right
--- a/crypto/LPdir_unix.c
+++ b/crypto/LPdir_unix.c
@ -51,7 +51,7 @@
 #endif
 /*
- * The POSIXly macro for the maximum number of characters in a file path is
+ * The POSIX macro for the maximum number of characters in a file path is
 * NAME_MAX.  However, some operating systems use PATH_MAX instead.
 * Therefore, it seems natural to first check for PATH_MAX and use that, and
 * if it doesn't exist, use NAME_MAX.
--- a/crypto/aes/asm/aes-x86_64.pl
+++ b/crypto/aes/asm/aes-x86_64.pl
@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@ -554,6 +554,7 @@ $code.=<<___;
 .type	_x86_64_AES_encrypt_compact,\@abi-omnipotent
 .align	16
 _x86_64_AES_encrypt_compact:
 .cfi_startproc
 	lea	128($sbox),$inp			# size optimization
 	mov	0-128($inp),$acc1		# prefetch Te4
 	mov	32-128($inp),$acc2
@ -587,6 +588,7 @@ $code.=<<___;
 	xor	8($key),$s2
 	xor	12($key),$s3
 	.byte	0xf3,0xc3			# rep ret
 .cfi_endproc
 .size	_x86_64_AES_encrypt_compact,.-_x86_64_AES_encrypt_compact
 ___
@ -1161,6 +1163,7 @@ $code.=<<___;
 .type	_x86_64_AES_decrypt_compact,\@abi-omnipotent
 .align	16
 _x86_64_AES_decrypt_compact:
 .cfi_startproc
 	lea	128($sbox),$inp			# size optimization
 	mov	0-128($inp),$acc1		# prefetch Td4
 	mov	32-128($inp),$acc2
@ -1203,6 +1206,7 @@ $code.=<<___;
 	xor	8($key),$s2
 	xor	12($key),$s3
 	.byte	0xf3,0xc3			# rep ret
 .cfi_endproc
 .size	_x86_64_AES_decrypt_compact,.-_x86_64_AES_decrypt_compact
 ___
@ -1365,6 +1369,7 @@ AES_set_encrypt_key:
 .type	_x86_64_AES_set_encrypt_key,\@abi-omnipotent
 .align	16
 _x86_64_AES_set_encrypt_key:
 .cfi_startproc
 	mov	%esi,%ecx			# %ecx=bits
 	mov	%rdi,%rsi			# %rsi=userKey
 	mov	%rdx,%rdi			# %rdi=key
@ -1546,6 +1551,7 @@ $code.=<<___;
 	mov	\$-1,%rax
 .Lexit:
 	.byte	0xf3,0xc3			# rep ret
 .cfi_endproc
 .size	_x86_64_AES_set_encrypt_key,.-_x86_64_AES_set_encrypt_key
 ___
@ -1728,7 +1734,9 @@ AES_cbc_encrypt:
 	cmp	\$0,%rdx	# check length
 	je	.Lcbc_epilogue
 	pushfq
-.cfi_push	49		# %rflags
+# This could be .cfi_push 49, but libunwind fails on registers it does not
 # recognize. See https://bugzilla.redhat.com/show_bug.cgi?id=217087.
 .cfi_adjust_cfa_offset	8
 	push	%rbx
 .cfi_push	%rbx
 	push	%rbp
@ -1751,6 +1759,7 @@ AES_cbc_encrypt:
 	cmp	\$0,%r9
 	cmoveq	%r10,$sbox
 .cfi_remember_state
 	mov	OPENSSL_ia32cap_P(%rip),%r10d
 	cmp	\$$speed_limit,%rdx
 	jb	.Lcbc_slow_prologue
@ -1986,6 +1995,7 @@ AES_cbc_encrypt:
 #--------------------------- SLOW ROUTINE ---------------------------#
 .align	16
 .Lcbc_slow_prologue:
 .cfi_restore_state
 	# allocate aligned stack frame...
 	lea	-88(%rsp),%rbp
 	and	\$-64,%rbp
@ -1997,8 +2007,10 @@ AES_cbc_encrypt:
 	sub	%r10,%rbp
 	xchg	%rsp,%rbp
 .cfi_def_cfa_register	%rbp
 	#add	\$8,%rsp	# reserve for return address!
 	mov	%rbp,$_rsp	# save %rsp
 .cfi_cfa_expression	$_rsp,deref,+64
 .Lcbc_slow_body:
 	#mov	%rdi,$_inp	# save copy of inp
 	#mov	%rsi,$_out	# save copy of out
@ -2187,7 +2199,9 @@ AES_cbc_encrypt:
 .cfi_def_cfa	%rsp,16
 .Lcbc_popfq:
 	popfq
-.cfi_pop	49		# %rflags
+# This could be .cfi_pop 49, but libunwind fails on registers it does not
 # recognize. See https://bugzilla.redhat.com/show_bug.cgi?id=217087.
 .cfi_adjust_cfa_offset	-8
 .Lcbc_epilogue:
 	ret
 .cfi_endproc
--- a/crypto/aes/asm/aesni-x86_64.pl
+++ b/crypto/aes/asm/aesni-x86_64.pl
@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2009-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@ -274,6 +274,7 @@ $code.=<<___;
 .type	${PREFIX}_encrypt,\@abi-omnipotent
 .align	16
 ${PREFIX}_encrypt:
 .cfi_startproc
 	movups	($inp),$inout0		# load input
 	mov	240($key),$rounds	# key->rounds
 ___
@ -284,12 +285,14 @@ $code.=<<___;
 	movups	$inout0,($out)		# output
 	 pxor	$inout0,$inout0
 	ret
 .cfi_endproc
 .size	${PREFIX}_encrypt,.-${PREFIX}_encrypt
 .globl	${PREFIX}_decrypt
 .type	${PREFIX}_decrypt,\@abi-omnipotent
 .align	16
 ${PREFIX}_decrypt:
 .cfi_startproc
 	movups	($inp),$inout0		# load input
 	mov	240($key),$rounds	# key->rounds
 ___
@ -300,6 +303,7 @@ $code.=<<___;
 	movups	$inout0,($out)		# output
 	 pxor	$inout0,$inout0
 	ret
 .cfi_endproc
 .size	${PREFIX}_decrypt, .-${PREFIX}_decrypt
 ___
 }
@ -325,6 +329,7 @@ $code.=<<___;
 .type	_aesni_${dir}rypt2,\@abi-omnipotent
 .align	16
 _aesni_${dir}rypt2:
 .cfi_startproc
 	$movkey	($key),$rndkey0
 	shl	\$4,$rounds
 	$movkey	16($key),$rndkey1
@ -350,6 +355,7 @@ _aesni_${dir}rypt2:
 	aes${dir}last	$rndkey0,$inout0
 	aes${dir}last	$rndkey0,$inout1
 	ret
 .cfi_endproc
 .size	_aesni_${dir}rypt2,.-_aesni_${dir}rypt2
 ___
 }
@ -361,6 +367,7 @@ $code.=<<___;
 .type	_aesni_${dir}rypt3,\@abi-omnipotent
 .align	16
 _aesni_${dir}rypt3:
 .cfi_startproc
 	$movkey	($key),$rndkey0
 	shl	\$4,$rounds
 	$movkey	16($key),$rndkey1
@ -391,6 +398,7 @@ _aesni_${dir}rypt3:
 	aes${dir}last	$rndkey0,$inout1
 	aes${dir}last	$rndkey0,$inout2
 	ret
 .cfi_endproc
 .size	_aesni_${dir}rypt3,.-_aesni_${dir}rypt3
 ___
 }
@ -406,6 +414,7 @@ $code.=<<___;
 .type	_aesni_${dir}rypt4,\@abi-omnipotent
 .align	16
 _aesni_${dir}rypt4:
 .cfi_startproc
 	$movkey	($key),$rndkey0
 	shl	\$4,$rounds
 	$movkey	16($key),$rndkey1
@ -442,6 +451,7 @@ _aesni_${dir}rypt4:
 	aes${dir}last	$rndkey0,$inout2
 	aes${dir}last	$rndkey0,$inout3
 	ret
 .cfi_endproc
 .size	_aesni_${dir}rypt4,.-_aesni_${dir}rypt4
 ___
 }
@ -453,6 +463,7 @@ $code.=<<___;
 .type	_aesni_${dir}rypt6,\@abi-omnipotent
 .align	16
 _aesni_${dir}rypt6:
 .cfi_startproc
 	$movkey		($key),$rndkey0
 	shl		\$4,$rounds
 	$movkey		16($key),$rndkey1
@ -503,6 +514,7 @@ _aesni_${dir}rypt6:
 	aes${dir}last	$rndkey0,$inout4
 	aes${dir}last	$rndkey0,$inout5
 	ret
 .cfi_endproc
 .size	_aesni_${dir}rypt6,.-_aesni_${dir}rypt6
 ___
 }
@ -514,6 +526,7 @@ $code.=<<___;
 .type	_aesni_${dir}rypt8,\@abi-omnipotent
 .align	16
 _aesni_${dir}rypt8:
 .cfi_startproc
 	$movkey		($key),$rndkey0
 	shl		\$4,$rounds
 	$movkey		16($key),$rndkey1
@ -574,6 +587,7 @@ _aesni_${dir}rypt8:
 	aes${dir}last	$rndkey0,$inout6
 	aes${dir}last	$rndkey0,$inout7
 	ret
 .cfi_endproc
 .size	_aesni_${dir}rypt8,.-_aesni_${dir}rypt8
 ___
 }
@ -598,6 +612,7 @@ $code.=<<___;
 .type	aesni_ecb_encrypt,\@function,5
 .align	16
 aesni_ecb_encrypt:
 .cfi_startproc
 ___
 $code.=<<___ if ($win64);
 	lea	-0x58(%rsp),%rsp
@ -943,6 +958,7 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
 	ret
 .cfi_endproc
 .size	aesni_ecb_encrypt,.-aesni_ecb_encrypt
 ___
--- a/crypto/aes/asm/aesv8-armx.pl
+++ b/crypto/aes/asm/aesv8-armx.pl
@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@ -262,6 +262,7 @@ $code.=<<___;
 ${prefix}_set_decrypt_key:
 ___
 $code.=<<___	if ($flavour =~ /64/);
 	.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-16]!
 	add	x29,sp,#0
 ___
@ -305,6 +306,7 @@ $code.=<<___	if ($flavour !~ /64/);
 ___
 $code.=<<___	if ($flavour =~ /64/);
 	ldp	x29,x30,[sp],#16
 	.inst	0xd50323bf		// autiasp
 	ret
 ___
 $code.=<<___;
--- a/crypto/aes/asm/bsaes-x86_64.pl
+++ b/crypto/aes/asm/bsaes-x86_64.pl
@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@ -816,6 +816,7 @@ $code.=<<___;
 .type	_bsaes_encrypt8,\@abi-omnipotent
 .align	64
 _bsaes_encrypt8:
 .cfi_startproc
 	lea	.LBS0(%rip), $const	# constants table
 	movdqa	($key), @XMM[9]		# round 0 key
@ -875,11 +876,13 @@ $code.=<<___;
 	pxor	@XMM[8], @XMM[0]
 	pxor	@XMM[8], @XMM[1]
 	ret
 .cfi_endproc
 .size	_bsaes_encrypt8,.-_bsaes_encrypt8
 .type	_bsaes_decrypt8,\@abi-omnipotent
 .align	64
 _bsaes_decrypt8:
 .cfi_startproc
 	lea	.LBS0(%rip), $const	# constants table
 	movdqa	($key), @XMM[9]		# round 0 key
@ -937,6 +940,7 @@ $code.=<<___;
 	pxor	@XMM[8], @XMM[0]
 	pxor	@XMM[8], @XMM[1]
 	ret
 .cfi_endproc
 .size	_bsaes_decrypt8,.-_bsaes_decrypt8
 ___
 }
@ -971,6 +975,7 @@ $code.=<<___;
 .type	_bsaes_key_convert,\@abi-omnipotent
 .align	16
 _bsaes_key_convert:
 .cfi_startproc
 	lea	.Lmasks(%rip), $const
 	movdqu	($inp), %xmm7		# load round 0 key
 	lea	0x10($inp), $inp
@ -1049,6 +1054,7 @@ _bsaes_key_convert:
 	movdqa	0x50($const), %xmm7	# .L63
 	#movdqa	%xmm6, ($out)		# don't save last round key
 	ret
 .cfi_endproc
 .size	_bsaes_key_convert,.-_bsaes_key_convert
 ___
 }
--- a/crypto/aes/asm/vpaes-armv8.pl
+++ b/crypto/aes/asm/vpaes-armv8.pl
@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@ -255,6 +255,7 @@ _vpaes_encrypt_core:
 .type	vpaes_encrypt,%function
 .align	4
 vpaes_encrypt:
 	.inst	0xd503233f			// paciasp
 	stp	x29,x30,[sp,#-16]!
 	add	x29,sp,#0
@ -264,6 +265,7 @@ vpaes_encrypt:
 	st1	{v0.16b}, [$out]
 	ldp	x29,x30,[sp],#16
 	.inst	0xd50323bf			// autiasp
 	ret
 .size	vpaes_encrypt,.-vpaes_encrypt
@ -486,6 +488,7 @@ _vpaes_decrypt_core:
 .type	vpaes_decrypt,%function
 .align	4
 vpaes_decrypt:
 	.inst	0xd503233f			// paciasp
 	stp	x29,x30,[sp,#-16]!
 	add	x29,sp,#0
@ -495,6 +498,7 @@ vpaes_decrypt:
 	st1	{v0.16b}, [$out]
 	ldp	x29,x30,[sp],#16
 	.inst	0xd50323bf			// autiasp
 	ret
 .size	vpaes_decrypt,.-vpaes_decrypt
@ -665,6 +669,7 @@ _vpaes_key_preheat:
 .type	_vpaes_schedule_core,%function
 .align	4
 _vpaes_schedule_core:
 	.inst	0xd503233f			// paciasp
 	stp	x29, x30, [sp,#-16]!
 	add	x29,sp,#0
@ -829,6 +834,7 @@ _vpaes_schedule_core:
 	eor	v6.16b, v6.16b, v6.16b		// vpxor	%xmm6,	%xmm6,	%xmm6
 	eor	v7.16b, v7.16b, v7.16b		// vpxor	%xmm7,	%xmm7,	%xmm7
 	ldp	x29, x30, [sp],#16
 	.inst	0xd50323bf			// autiasp
 	ret
 .size	_vpaes_schedule_core,.-_vpaes_schedule_core
@ -1041,6 +1047,7 @@ _vpaes_schedule_mangle:
 .type	vpaes_set_encrypt_key,%function
 .align	4
 vpaes_set_encrypt_key:
 	.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-16]!
 	add	x29,sp,#0
 	stp	d8,d9,[sp,#-16]!	// ABI spec says so
@ -1056,6 +1063,7 @@ vpaes_set_encrypt_key:
 	ldp	d8,d9,[sp],#16
 	ldp	x29,x30,[sp],#16
 	.inst	0xd50323bf		// autiasp
 	ret
 .size	vpaes_set_encrypt_key,.-vpaes_set_encrypt_key
@ -1063,6 +1071,7 @@ vpaes_set_encrypt_key:
 .type	vpaes_set_decrypt_key,%function
 .align	4
 vpaes_set_decrypt_key:
 	.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-16]!
 	add	x29,sp,#0
 	stp	d8,d9,[sp,#-16]!	// ABI spec says so
@ -1082,6 +1091,7 @@ vpaes_set_decrypt_key:
 	ldp	d8,d9,[sp],#16
 	ldp	x29,x30,[sp],#16
 	.inst	0xd50323bf		// autiasp
 	ret
 .size	vpaes_set_decrypt_key,.-vpaes_set_decrypt_key
 ___
@ -1098,6 +1108,7 @@ vpaes_cbc_encrypt:
 	cmp	w5, #0			// check direction
 	b.eq	vpaes_cbc_decrypt
 	.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-16]!
 	add	x29,sp,#0
@ -1120,6 +1131,7 @@ vpaes_cbc_encrypt:
 	st1	{v0.16b}, [$ivec]	// write ivec
 	ldp	x29,x30,[sp],#16
 	.inst	0xd50323bf		// autiasp
 .Lcbc_abort:
 	ret
 .size	vpaes_cbc_encrypt,.-vpaes_cbc_encrypt
@ -1127,6 +1139,7 @@ vpaes_cbc_encrypt:
 .type	vpaes_cbc_decrypt,%function
 .align	4
 vpaes_cbc_decrypt:
 	.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-16]!
 	add	x29,sp,#0
 	stp	d8,d9,[sp,#-16]!	// ABI spec says so
@ -1168,6 +1181,7 @@ vpaes_cbc_decrypt:
 	ldp	d10,d11,[sp],#16
 	ldp	d8,d9,[sp],#16
 	ldp	x29,x30,[sp],#16
 	.inst	0xd50323bf		// autiasp
 	ret
 .size	vpaes_cbc_decrypt,.-vpaes_cbc_decrypt
 ___
@ -1177,6 +1191,7 @@ $code.=<<___;
 .type	vpaes_ecb_encrypt,%function
 .align	4
 vpaes_ecb_encrypt:
 	.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-16]!
 	add	x29,sp,#0
 	stp	d8,d9,[sp,#-16]!	// ABI spec says so
@ -1210,6 +1225,7 @@ vpaes_ecb_encrypt:
 	ldp	d10,d11,[sp],#16
 	ldp	d8,d9,[sp],#16
 	ldp	x29,x30,[sp],#16
 	.inst	0xd50323bf		// autiasp
 	ret
 .size	vpaes_ecb_encrypt,.-vpaes_ecb_encrypt
@ -1217,6 +1233,7 @@ vpaes_ecb_encrypt:
 .type	vpaes_ecb_decrypt,%function
 .align	4
 vpaes_ecb_decrypt:
 	.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-16]!
 	add	x29,sp,#0
 	stp	d8,d9,[sp,#-16]!	// ABI spec says so
@ -1250,6 +1267,7 @@ vpaes_ecb_decrypt:
 	ldp	d10,d11,[sp],#16
 	ldp	d8,d9,[sp],#16
 	ldp	x29,x30,[sp],#16
 	.inst	0xd50323bf		// autiasp
 	ret
 .size	vpaes_ecb_decrypt,.-vpaes_ecb_decrypt
 ___
--- a/crypto/aes/asm/vpaes-x86_64.pl
+++ b/crypto/aes/asm/vpaes-x86_64.pl
@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@ -91,6 +91,7 @@ $code.=<<___;
 .type	_vpaes_encrypt_core,\@abi-omnipotent
 .align 16
 _vpaes_encrypt_core:
 .cfi_startproc
 	mov	%rdx,	%r9
 	mov	\$16,	%r11
 	mov	240(%rdx),%eax
@ -171,6 +172,7 @@ _vpaes_encrypt_core:
 	pxor	%xmm4,	%xmm0	# 0 = A
 	pshufb	%xmm1,	%xmm0
 	ret
 .cfi_endproc
 .size	_vpaes_encrypt_core,.-_vpaes_encrypt_core
 ##
@ -181,6 +183,7 @@ _vpaes_encrypt_core:
 .type	_vpaes_decrypt_core,\@abi-omnipotent
 .align	16
 _vpaes_decrypt_core:
 .cfi_startproc
 	mov	%rdx,	%r9		# load key
 	mov	240(%rdx),%eax
 	movdqa	%xmm9,	%xmm1
@ -277,6 +280,7 @@ _vpaes_decrypt_core:
 	pxor	%xmm4,	%xmm0	# 0 = A
 	pshufb	%xmm2,	%xmm0
 	ret
 .cfi_endproc
 .size	_vpaes_decrypt_core,.-_vpaes_decrypt_core
 ########################################################
@ -287,6 +291,7 @@ _vpaes_decrypt_core:
 .type	_vpaes_schedule_core,\@abi-omnipotent
 .align	16
 _vpaes_schedule_core:
 .cfi_startproc
 	# rdi = key
 	# rsi = size in bits
 	# rdx = buffer
@ -453,6 +458,7 @@ _vpaes_schedule_core:
 	pxor	%xmm6,  %xmm6
 	pxor	%xmm7,  %xmm7
 	ret
 .cfi_endproc
 .size	_vpaes_schedule_core,.-_vpaes_schedule_core
 ##
@ -472,6 +478,7 @@ _vpaes_schedule_core:
 .type	_vpaes_schedule_192_smear,\@abi-omnipotent
 .align	16
 _vpaes_schedule_192_smear:
 .cfi_startproc
 	pshufd	\$0x80,	%xmm6,	%xmm1	# d c 0 0 -> c 0 0 0
 	pshufd	\$0xFE,	%xmm7,	%xmm0	# b a _ _ -> b b b a
 	pxor	%xmm1,	%xmm6		# -> c+d c 0 0
@ -480,6 +487,7 @@ _vpaes_schedule_192_smear:
 	movdqa	%xmm6,	%xmm0
 	movhlps	%xmm1,	%xmm6		# clobber low side with zeros
 	ret
 .cfi_endproc
 .size	_vpaes_schedule_192_smear,.-_vpaes_schedule_192_smear
 ##
@ -503,6 +511,7 @@ _vpaes_schedule_192_smear:
 .type	_vpaes_schedule_round,\@abi-omnipotent
 .align	16
 _vpaes_schedule_round:
 .cfi_startproc
 	# extract rcon from xmm8
 	pxor	%xmm1,	%xmm1
 	palignr	\$15,	%xmm8,	%xmm1
@ -556,6 +565,7 @@ _vpaes_schedule_low_round:
 	pxor	%xmm7,	%xmm0
 	movdqa	%xmm0,	%xmm7
 	ret
 .cfi_endproc
 .size	_vpaes_schedule_round,.-_vpaes_schedule_round
 ##
@ -570,6 +580,7 @@ _vpaes_schedule_low_round:
 .type	_vpaes_schedule_transform,\@abi-omnipotent
 .align	16
 _vpaes_schedule_transform:
 .cfi_startproc
 	movdqa	%xmm9,	%xmm1
 	pandn	%xmm0,	%xmm1
 	psrld	\$4,	%xmm1
@ -580,6 +591,7 @@ _vpaes_schedule_transform:
 	pshufb	%xmm1,	%xmm0
 	pxor	%xmm2,	%xmm0
 	ret
 .cfi_endproc
 .size	_vpaes_schedule_transform,.-_vpaes_schedule_transform
 ##
@ -608,6 +620,7 @@ _vpaes_schedule_transform:
 .type	_vpaes_schedule_mangle,\@abi-omnipotent
 .align	16
 _vpaes_schedule_mangle:
 .cfi_startproc
 	movdqa	%xmm0,	%xmm4	# save xmm0 for later
 	movdqa	.Lk_mc_forward(%rip),%xmm5
 	test	%rcx, 	%rcx
@ -672,6 +685,7 @@ _vpaes_schedule_mangle:
 	and	\$0x30,	%r8
 	movdqu	%xmm3,	(%rdx)
 	ret
 .cfi_endproc
 .size	_vpaes_schedule_mangle,.-_vpaes_schedule_mangle
 #
@ -681,6 +695,7 @@ _vpaes_schedule_mangle:
 .type	${PREFIX}_set_encrypt_key,\@function,3
 .align	16
 ${PREFIX}_set_encrypt_key:
 .cfi_startproc
 ___
 $code.=<<___ if ($win64);
 	lea	-0xb8(%rsp),%rsp
@ -723,12 +738,14 @@ ___
 $code.=<<___;
 	xor	%eax,%eax
 	ret
 .cfi_endproc
 .size	${PREFIX}_set_encrypt_key,.-${PREFIX}_set_encrypt_key
 .globl	${PREFIX}_set_decrypt_key
 .type	${PREFIX}_set_decrypt_key,\@function,3
 .align	16
 ${PREFIX}_set_decrypt_key:
 .cfi_startproc
 ___
 $code.=<<___ if ($win64);
 	lea	-0xb8(%rsp),%rsp
@ -776,12 +793,14 @@ ___
 $code.=<<___;
 	xor	%eax,%eax
 	ret
 .cfi_endproc
 .size	${PREFIX}_set_decrypt_key,.-${PREFIX}_set_decrypt_key
 .globl	${PREFIX}_encrypt
 .type	${PREFIX}_encrypt,\@function,3
 .align	16
 ${PREFIX}_encrypt:
 .cfi_startproc
 ___
 $code.=<<___ if ($win64);
 	lea	-0xb8(%rsp),%rsp
@ -819,12 +838,14 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
 	ret
 .cfi_endproc
 .size	${PREFIX}_encrypt,.-${PREFIX}_encrypt
 .globl	${PREFIX}_decrypt
 .type	${PREFIX}_decrypt,\@function,3
 .align	16
 ${PREFIX}_decrypt:
 .cfi_startproc
 ___
 $code.=<<___ if ($win64);
 	lea	-0xb8(%rsp),%rsp
@ -862,6 +883,7 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
 	ret
 .cfi_endproc
 .size	${PREFIX}_decrypt,.-${PREFIX}_decrypt
 ___
 {
@ -874,6 +896,7 @@ $code.=<<___;
 .type	${PREFIX}_cbc_encrypt,\@function,6
 .align	16
 ${PREFIX}_cbc_encrypt:
 .cfi_startproc
 	xchg	$key,$len
 ___
 ($len,$key)=($key,$len);
@ -944,6 +967,7 @@ ___
 $code.=<<___;
 .Lcbc_abort:
 	ret
 .cfi_endproc
 .size	${PREFIX}_cbc_encrypt,.-${PREFIX}_cbc_encrypt
 ___
 }
@ -957,6 +981,7 @@ $code.=<<___;
 .type	_vpaes_preheat,\@abi-omnipotent
 .align	16
 _vpaes_preheat:
 .cfi_startproc
 	lea	.Lk_s0F(%rip), %r10
 	movdqa	-0x20(%r10), %xmm10	# .Lk_inv
 	movdqa	-0x10(%r10), %xmm11	# .Lk_inv+16
@ -966,6 +991,7 @@ _vpaes_preheat:
 	movdqa	0x50(%r10), %xmm15	# .Lk_sb2
 	movdqa	0x60(%r10), %xmm14	# .Lk_sb2+16
 	ret
 .cfi_endproc
 .size	_vpaes_preheat,.-_vpaes_preheat
 ########################################################
 ##                                                    ##
--- a/crypto/armcap.c
+++ b/crypto/armcap.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -62,14 +62,12 @@ uint32_t OPENSSL_rdtsc(void)
 # if defined(__GNUC__) && __GNUC__>=2
 void OPENSSL_cpuid_setup(void) __attribute__ ((constructor));
 # endif
-/*
+
- * Use a weak reference to getauxval() so we can use it if it is available but
+# if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
- * don't break the build if it is not.
+#  if __GLIBC_PREREQ(2, 16)
- */
+#   include <sys/auxv.h>
-# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__)
+#   define OSSL_IMPLEMENT_GETAUXVAL
-extern unsigned long getauxval(unsigned long type) __attribute__ ((weak));
+#  endif
 # else
 static unsigned long (*getauxval) (unsigned long) = NULL;
 # endif
 /*
@ -134,6 +132,33 @@ void OPENSSL_cpuid_setup(void)
     */
 # endif
    OPENSSL_armcap_P = 0;
 # ifdef OSSL_IMPLEMENT_GETAUXVAL
    if (getauxval(HWCAP) & HWCAP_NEON) {
        unsigned long hwcap = getauxval(HWCAP_CE);
        OPENSSL_armcap_P |= ARMV7_NEON;
        if (hwcap & HWCAP_CE_AES)
            OPENSSL_armcap_P |= ARMV8_AES;
        if (hwcap & HWCAP_CE_PMULL)
            OPENSSL_armcap_P |= ARMV8_PMULL;
        if (hwcap & HWCAP_CE_SHA1)
            OPENSSL_armcap_P |= ARMV8_SHA1;
        if (hwcap & HWCAP_CE_SHA256)
            OPENSSL_armcap_P |= ARMV8_SHA256;
 #  ifdef __aarch64__
        if (hwcap & HWCAP_CE_SHA512)
            OPENSSL_armcap_P |= ARMV8_SHA512;
 #  endif
    }
 # endif
    sigfillset(&all_masked);
    sigdelset(&all_masked, SIGILL);
    sigdelset(&all_masked, SIGTRAP);
@ -141,8 +166,6 @@ void OPENSSL_cpuid_setup(void)
    sigdelset(&all_masked, SIGBUS);
    sigdelset(&all_masked, SIGSEGV);
    OPENSSL_armcap_P = 0;
    memset(&ill_act, 0, sizeof(ill_act));
    ill_act.sa_handler = ill_handler;
    ill_act.sa_mask = all_masked;
@ -150,30 +173,9 @@ void OPENSSL_cpuid_setup(void)
    sigprocmask(SIG_SETMASK, &ill_act.sa_mask, &oset);
    sigaction(SIGILL, &ill_act, &ill_oact);
-    if (getauxval != NULL) {
+    /* If we used getauxval, we already have all the values */
-        if (getauxval(HWCAP) & HWCAP_NEON) {
+# ifndef OSSL_IMPLEMENT_GETAUXVAL
-            unsigned long hwcap = getauxval(HWCAP_CE);
+    if (sigsetjmp(ill_jmp, 1) == 0) {
            OPENSSL_armcap_P |= ARMV7_NEON;
            if (hwcap & HWCAP_CE_AES)
                OPENSSL_armcap_P |= ARMV8_AES;
            if (hwcap & HWCAP_CE_PMULL)
                OPENSSL_armcap_P |= ARMV8_PMULL;
            if (hwcap & HWCAP_CE_SHA1)
                OPENSSL_armcap_P |= ARMV8_SHA1;
            if (hwcap & HWCAP_CE_SHA256)
                OPENSSL_armcap_P |= ARMV8_SHA256;
 # ifdef __aarch64__
            if (hwcap & HWCAP_CE_SHA512)
                OPENSSL_armcap_P |= ARMV8_SHA512;
 # endif
        }
    } else if (sigsetjmp(ill_jmp, 1) == 0) {
        _armv7_neon_probe();
        OPENSSL_armcap_P |= ARMV7_NEON;
        if (sigsetjmp(ill_jmp, 1) == 0) {
@ -191,13 +193,16 @@ void OPENSSL_cpuid_setup(void)
            _armv8_sha256_probe();
            OPENSSL_armcap_P |= ARMV8_SHA256;
        }
-# if defined(__aarch64__) && !defined(__APPLE__)
+#  if defined(__aarch64__) && !defined(__APPLE__)
        if (sigsetjmp(ill_jmp, 1) == 0) {
            _armv8_sha512_probe();
            OPENSSL_armcap_P |= ARMV8_SHA512;
        }
-# endif
+#  endif
    }
 # endif
    /* Things that getauxval didn't tell us */
    if (sigsetjmp(ill_jmp, 1) == 0) {
        _armv7_tick();
        OPENSSL_armcap_P |= ARMV7_TICK;
--- a/crypto/asn1/a_digest.c
+++ b/crypto/asn1/a_digest.c
@ -23,18 +23,22 @@
 int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
                unsigned char *md, unsigned int *len)
 {
-    int i;
+    int inl;
    unsigned char *str, *p;
-    i = i2d(data, NULL);
+    inl = i2d(data, NULL);
-    if ((str = OPENSSL_malloc(i)) == NULL) {
+    if (inl <= 0) {
        ASN1err(ASN1_F_ASN1_DIGEST, ERR_R_INTERNAL_ERROR);
        return 0;
    }
    if ((str = OPENSSL_malloc(inl)) == NULL) {
        ASN1err(ASN1_F_ASN1_DIGEST, ERR_R_MALLOC_FAILURE);
        return 0;
    }
    p = str;
    i2d(data, &p);
-    if (!EVP_Digest(str, i, md, len, type, NULL)) {
+    if (!EVP_Digest(str, inl, md, len, type, NULL)) {
        OPENSSL_free(str);
        return 0;
    }
--- a/crypto/asn1/a_sign.c
+++ b/crypto/asn1/a_sign.c
@ -29,7 +29,8 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2,
 {
    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
    unsigned char *p, *buf_in = NULL, *buf_out = NULL;
-    int i, inl = 0, outl = 0, outll = 0;
+    int i, inl = 0, outl = 0;
    size_t inll = 0, outll = 0;
    X509_ALGOR *a;
    if (ctx == NULL) {
@ -70,10 +71,15 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2,
        }
    }
    inl = i2d(data, NULL);
-    buf_in = OPENSSL_malloc((unsigned int)inl);
+    if (inl <= 0) {
        ASN1err(ASN1_F_ASN1_SIGN, ERR_R_INTERNAL_ERROR);
        goto err;
    }
    inll = (size_t)inl;
    buf_in = OPENSSL_malloc(inll);
    outll = outl = EVP_PKEY_size(pkey);
-    buf_out = OPENSSL_malloc((unsigned int)outl);
+    buf_out = OPENSSL_malloc(outll);
-    if ((buf_in == NULL) || (buf_out == NULL)) {
+    if (buf_in == NULL || buf_out == NULL) {
        outl = 0;
        ASN1err(ASN1_F_ASN1_SIGN, ERR_R_MALLOC_FAILURE);
        goto err;
@ -101,7 +107,7 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2,
    signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
 err:
    EVP_MD_CTX_free(ctx);
-    OPENSSL_clear_free((char *)buf_in, (unsigned int)inl);
+    OPENSSL_clear_free((char *)buf_in, inll);
    OPENSSL_clear_free((char *)buf_out, outll);
    return outl;
 }
@ -138,7 +144,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it,
    EVP_PKEY *pkey;
    unsigned char *buf_in = NULL, *buf_out = NULL;
    size_t inl = 0, outl = 0, outll = 0;
-    int signid, paramtype;
+    int signid, paramtype, buf_len = 0;
    int rv;
    type = EVP_MD_CTX_md(ctx);
@ -198,10 +204,16 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it,
    }
-    inl = ASN1_item_i2d(asn, &buf_in, it);
+    buf_len = ASN1_item_i2d(asn, &buf_in, it);
    if (buf_len <= 0) {
        outl = 0;
        ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_INTERNAL_ERROR);
        goto err;
    }
    inl = buf_len;
    outll = outl = EVP_PKEY_size(pkey);
-    buf_out = OPENSSL_malloc((unsigned int)outl);
+    buf_out = OPENSSL_malloc(outll);
-    if ((buf_in == NULL) || (buf_out == NULL)) {
+    if (buf_in == NULL || buf_out == NULL) {
        outl = 0;
        ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_MALLOC_FAILURE);
        goto err;
@ -223,7 +235,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it,
    signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
    signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
 err:
-    OPENSSL_clear_free((char *)buf_in, (unsigned int)inl);
+    OPENSSL_clear_free((char *)buf_in, inl);
    OPENSSL_clear_free((char *)buf_out, outll);
    return outl;
 }
--- a/crypto/asn1/a_verify.c
+++ b/crypto/asn1/a_verify.c
@ -48,6 +48,10 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
    }
    inl = i2d(data, NULL);
    if (inl <= 0) {
        ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_INTERNAL_ERROR);
        goto err;
    }
    buf_in = OPENSSL_malloc((unsigned int)inl);
    if (buf_in == NULL) {
        ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE);
@ -87,8 +91,8 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
    EVP_MD_CTX *ctx = NULL;
    unsigned char *buf_in = NULL;
    int ret = -1, inl = 0;
    int mdnid, pknid;
    size_t inll = 0;
    if (!pkey) {
        ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
@ -127,8 +131,8 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
            goto err;
        ret = -1;
    } else {
-        const EVP_MD *type;
+        const EVP_MD *type = EVP_get_digestbynid(mdnid);
-        type = EVP_get_digestbynid(mdnid);
+
        if (type == NULL) {
            ASN1err(ASN1_F_ASN1_ITEM_VERIFY,
                    ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
@ -150,11 +154,15 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
    }
    inl = ASN1_item_i2d(asn, &buf_in, it);
-
+    if (inl <= 0) {
        ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_INTERNAL_ERROR);
        goto err;
    }
    if (buf_in == NULL) {
        ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_MALLOC_FAILURE);
        goto err;
    }
    inll = inl;
    ret = EVP_DigestVerify(ctx, signature->data, (size_t)signature->length,
                           buf_in, inl);
@ -164,7 +172,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
    }
    ret = 1;
 err:
-    OPENSSL_clear_free(buf_in, (unsigned int)inl);
+    OPENSSL_clear_free(buf_in, inll);
    EVP_MD_CTX_free(ctx);
    return ret;
 }
--- a/crypto/asn1/ameth_lib.c
+++ b/crypto/asn1/ameth_lib.c
@ -140,6 +140,22 @@ int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth)
 {
    EVP_PKEY_ASN1_METHOD tmp = { 0, };
    /*
     * One of the following must be true:
     *
     * pem_str == NULL AND ASN1_PKEY_ALIAS is set
     * pem_str != NULL AND ASN1_PKEY_ALIAS is clear
     *
     * Anything else is an error and may lead to a corrupt ASN1 method table
     */
    if (!((ameth->pem_str == NULL
           && (ameth->pkey_flags & ASN1_PKEY_ALIAS) != 0)
          || (ameth->pem_str != NULL
              && (ameth->pkey_flags & ASN1_PKEY_ALIAS) == 0))) {
        EVPerr(EVP_F_EVP_PKEY_ASN1_ADD0, ERR_R_PASSED_INVALID_ARGUMENT);
        return 0;
    }
    if (app_methods == NULL) {
        app_methods = sk_EVP_PKEY_ASN1_METHOD_new(ameth_cmp);
        if (app_methods == NULL)
@ -216,18 +232,6 @@ EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags,
            goto err;
    }
    /*
     * One of the following must be true:
     *
     * pem_str == NULL AND ASN1_PKEY_ALIAS is set
     * pem_str != NULL AND ASN1_PKEY_ALIAS is clear
     *
     * Anything else is an error and may lead to a corrupt ASN1 method table
     */
    if (!((pem_str == NULL && (flags & ASN1_PKEY_ALIAS) != 0)
          || (pem_str != NULL && (flags & ASN1_PKEY_ALIAS) == 0)))
        goto err;
    if (pem_str) {
        ameth->pem_str = OPENSSL_strdup(pem_str);
        if (!ameth->pem_str)
--- a/crypto/asn1/charmap.h
+++ b/crypto/asn1/charmap.h
@ -2,7 +2,7 @@
 * WARNING: do not edit!
 * Generated by crypto/asn1/charmap.pl
 *
- * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
--- a/crypto/asn1/charmap.pl
+++ b/crypto/asn1/charmap.pl
@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
--- a/crypto/asn1/d2i_pu.c
+++ b/crypto/asn1/d2i_pu.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -32,7 +32,7 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
    } else
        ret = *a;
-    if (!EVP_PKEY_set_type(ret, type)) {
+    if (type != EVP_PKEY_id(ret) && !EVP_PKEY_set_type(ret, type)) {
        ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_EVP_LIB);
        goto err;
    }
--- a/crypto/async/arch/async_posix.h
+++ b/crypto/async/arch/async_posix.h
@ -17,7 +17,8 @@
 # include <unistd.h>
-# if _POSIX_VERSION >= 200112L
+# if _POSIX_VERSION >= 200112L \
     && (_POSIX_VERSION < 200809L || defined(__GLIBC__))
 # include <pthread.h>
--- a/crypto/bio/b_addr.c
+++ b/crypto/bio/b_addr.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -782,7 +782,12 @@ int BIO_lookup_ex(const char *host, const char *service, int lookup_type,
                 * anyway [above getaddrinfo/gai_strerror is]. We just let
                 * system administrator figure this out...
                 */
 # if defined(OPENSSL_SYS_VXWORKS)
                /* h_errno doesn't exist on VxWorks */
                SYSerr(SYS_F_GETHOSTBYNAME, 1000 );
 # else
                SYSerr(SYS_F_GETHOSTBYNAME, 1000 + h_errno);
 # endif
 #else
                SYSerr(SYS_F_GETHOSTBYNAME, WSAGetLastError());
 #endif
--- a/crypto/bio/b_sock2.c
+++ b/crypto/bio/b_sock2.c
@ -133,7 +133,9 @@ int BIO_connect(int sock, const BIO_ADDR *addr, int options)
 */
 int BIO_bind(int sock, const BIO_ADDR *addr, int options)
 {
 # ifndef OPENSSL_SYS_WINDOWS
    int on = 1;
 # endif
    if (sock == -1) {
        BIOerr(BIO_F_BIO_BIND, BIO_R_INVALID_SOCKET);
--- a/crypto/bio/bio_lib.c
+++ b/crypto/bio/bio_lib.c
@ -52,7 +52,7 @@ static long bio_call_callback(BIO *b, int oper, const char *argp, size_t len,
        argi = (int)len;
    }
-    if (inret && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) {
+    if (inret > 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) {
        if (*processed > INT_MAX)
            return -1;
        inret = *processed;
@ -60,7 +60,7 @@ static long bio_call_callback(BIO *b, int oper, const char *argp, size_t len,
    ret = b->callback(b, oper, argp, argi, argl, inret);
-    if (ret >= 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) {
+    if (ret > 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) {
        *processed = (size_t)ret;
        ret = 1;
    }
--- a/crypto/bio/bss_file.c
+++ b/crypto/bio/bss_file.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -253,9 +253,7 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr)
            }
 #  elif defined(OPENSSL_SYS_WIN32_CYGWIN)
            int fd = fileno((FILE *)ptr);
-            if (num & BIO_FP_TEXT)
+            if (!(num & BIO_FP_TEXT))
                setmode(fd, O_TEXT);
            else
                setmode(fd, O_BINARY);
 #  endif
        }
@ -279,11 +277,14 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr)
            ret = 0;
            break;
        }
-#  if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32_CYGWIN)
+#  if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS)
        if (!(num & BIO_FP_TEXT))
            OPENSSL_strlcat(p, "b", sizeof(p));
        else
            OPENSSL_strlcat(p, "t", sizeof(p));
 #  elif defined(OPENSSL_SYS_WIN32_CYGWIN)
        if (!(num & BIO_FP_TEXT))
            OPENSSL_strlcat(p, "b", sizeof(p));
 #  endif
        fp = openssl_fopen(ptr, p);
        if (fp == NULL) {
--- a/crypto/bio/bss_log.c
+++ b/crypto/bio/bss_log.c
@ -408,4 +408,9 @@ static void xcloselog(BIO *bp)
 # endif                         /* Unix */
 #else                           /* NO_SYSLOG */
 const BIO_METHOD *BIO_s_log(void)
 {
    return NULL;
 }
 #endif                          /* NO_SYSLOG */
--- a/crypto/bio/bss_mem.c
+++ b/crypto/bio/bss_mem.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -20,7 +20,7 @@ static long mem_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int mem_new(BIO *h);
 static int secmem_new(BIO *h);
 static int mem_free(BIO *data);
-static int mem_buf_free(BIO *data, int free_all);
+static int mem_buf_free(BIO *data);
 static int mem_buf_sync(BIO *h);
 static const BIO_METHOD mem_method = {
@ -140,10 +140,20 @@ static int secmem_new(BIO *bi)
 static int mem_free(BIO *a)
 {
-    return mem_buf_free(a, 1);
+    BIO_BUF_MEM *bb;
    if (a == NULL)
        return 0;
    bb = (BIO_BUF_MEM *)a->ptr;
    if (!mem_buf_free(a))
        return 0;
    OPENSSL_free(bb->readp);
    OPENSSL_free(bb);
    return 1;
 }
-static int mem_buf_free(BIO *a, int free_all)
+static int mem_buf_free(BIO *a)
 {
    if (a == NULL)
        return 0;
@ -155,11 +165,6 @@ static int mem_buf_free(BIO *a, int free_all)
        if (a->flags & BIO_FLAGS_MEM_RDONLY)
            b->data = NULL;
        BUF_MEM_free(b);
        if (free_all) {
            OPENSSL_free(bb->readp);
            OPENSSL_free(bb);
        }
        a->ptr = NULL;
    }
    return 1;
 }
@ -266,11 +271,10 @@ static long mem_ctrl(BIO *b, int cmd, long num, void *ptr)
        }
        break;
    case BIO_C_SET_BUF_MEM:
-        mem_buf_free(b, 0);
+        mem_buf_free(b);
        b->shutdown = (int)num;
        bbm->buf = ptr;
        *bbm->readp = *bbm->buf;
        b->ptr = bbm;
        break;
    case BIO_C_GET_BUF_MEM_PTR:
        if (ptr != NULL) {
--- a/crypto/bn/asm/armv8-mont.pl
+++ b/crypto/bn/asm/armv8-mont.pl
@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@ -287,6 +287,7 @@ __bn_sqr8x_mont:
 	cmp	$ap,$bp
 	b.ne	__bn_mul4x_mont
 .Lsqr8x_mont:
 	.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-128]!
 	add	x29,sp,#0
 	stp	x19,x20,[sp,#16]
@ -1040,6 +1041,7 @@ $code.=<<___;
 	ldp	x25,x26,[x29,#64]
 	ldp	x27,x28,[x29,#80]
 	ldr	x29,[sp],#128
 	.inst	0xd50323bf		// autiasp
 	ret
 .size	__bn_sqr8x_mont,.-__bn_sqr8x_mont
 ___
@ -1063,6 +1065,7 @@ $code.=<<___;
 .type	__bn_mul4x_mont,%function
 .align	5
 __bn_mul4x_mont:
 	.inst	0xd503233f		// paciasp
 	stp	x29,x30,[sp,#-128]!
 	add	x29,sp,#0
 	stp	x19,x20,[sp,#16]
@ -1496,6 +1499,7 @@ __bn_mul4x_mont:
 	ldp	x25,x26,[x29,#64]
 	ldp	x27,x28,[x29,#80]
 	ldr	x29,[sp],#128
 	.inst	0xd50323bf		// autiasp
 	ret
 .size	__bn_mul4x_mont,.-__bn_mul4x_mont
 ___
--- a/crypto/bn/asm/ia64.S
+++ b/crypto/bn/asm/ia64.S
@ -3,7 +3,7 @@
 .ident	"ia64.S, Version 2.1"
 .ident	"IA-64 ISA artwork by Andy Polyakov <appro@openssl.org>"
-// Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+// Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
 //
 // Licensed under the OpenSSL license (the "License").  You may not use
 // this file except in compliance with the License.  You can obtain a copy
@ -48,7 +48,7 @@
 // on Itanium2! What to do? Reschedule loops for Itanium2? But then
 // Itanium would exhibit anti-scalability. So I've chosen to reschedule
 // for worst latency for every instruction aiming for best *all-round*
-// performance.  
+// performance.
 // Q.	How much faster does it get?
 // A.	Here is the output from 'openssl speed rsa dsa' for vanilla
@ -472,7 +472,7 @@ bn_mul_add_words:
 .global	bn_sqr_words#
 .proc	bn_sqr_words#
 .align	64
-.skip	32	// makes the loop body aligned at 64-byte boundary 
+.skip	32	// makes the loop body aligned at 64-byte boundary
 bn_sqr_words:
 	.prologue
 	.save	ar.pfs,r2
--- a/crypto/bn/asm/mips.pl
+++ b/crypto/bn/asm/mips.pl
@ -798,6 +798,11 @@ $code.=<<___;
 	move	$a0,$v0
 .end	bn_sub_words_internal
 #if 0
 /*
 * The bn_div_3_words entry point is re-used for constant-time interface.
 * Implementation is retained as hystorical reference.
 */
 .align 5
 .globl	bn_div_3_words
 .ent	bn_div_3_words
@ -877,6 +882,7 @@ $code.=<<___;
 	jr	$ra
 	move	$a0,$v0
 .end	bn_div_3_words_internal
 #endif
 .align	5
 .globl	bn_div_words
--- a/crypto/bn/asm/rsaz-avx2.pl
+++ b/crypto/bn/asm/rsaz-avx2.pl
@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2013-2019 The OpenSSL Project Authors. All Rights Reserved.
 # Copyright (c) 2012, Intel Corporation. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
@ -1492,6 +1492,7 @@ $code.=<<___;
 .type	rsaz_1024_red2norm_avx2,\@abi-omnipotent
 .align	32
 rsaz_1024_red2norm_avx2:
 .cfi_startproc
 	sub	\$-128,$inp	# size optimization
 	xor	%rax,%rax
 ___
@ -1525,12 +1526,14 @@ ___
 }
 $code.=<<___;
 	ret
 .cfi_endproc
 .size	rsaz_1024_red2norm_avx2,.-rsaz_1024_red2norm_avx2
 .globl	rsaz_1024_norm2red_avx2
 .type	rsaz_1024_norm2red_avx2,\@abi-omnipotent
 .align	32
 rsaz_1024_norm2red_avx2:
 .cfi_startproc
 	sub	\$-128,$out	# size optimization
 	mov	($inp),@T[0]
 	mov	\$0x1fffffff,%eax
@ -1562,6 +1565,7 @@ $code.=<<___;
 	mov	@T[0],`8*($j+2)-128`($out)
 	mov	@T[0],`8*($j+3)-128`($out)
 	ret
 .cfi_endproc
 .size	rsaz_1024_norm2red_avx2,.-rsaz_1024_norm2red_avx2
 ___
 }
@ -1573,6 +1577,7 @@ $code.=<<___;
 .type	rsaz_1024_scatter5_avx2,\@abi-omnipotent
 .align	32
 rsaz_1024_scatter5_avx2:
 .cfi_startproc
 	vzeroupper
 	vmovdqu	.Lscatter_permd(%rip),%ymm5
 	shl	\$4,$power
@ -1592,6 +1597,7 @@ rsaz_1024_scatter5_avx2:
 	vzeroupper
 	ret
 .cfi_endproc
 .size	rsaz_1024_scatter5_avx2,.-rsaz_1024_scatter5_avx2
 .globl	rsaz_1024_gather5_avx2
--- a/crypto/bn/asm/sparcv8plus.S
+++ b/crypto/bn/asm/sparcv8plus.S
@ -3,7 +3,7 @@
 /*
 * ====================================================================
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -154,9 +154,9 @@
  .register	%g2,#scratch
  .register	%g3,#scratch
 # define	FRAME_SIZE	-192
-#else 
+#else
 # define	FRAME_SIZE	-96
-#endif 
+#endif
 /*
 * GNU assembler can't stand stuw:-(
 */
--- a/crypto/bn/asm/x86_64-gcc.c
+++ b/crypto/bn/asm/x86_64-gcc.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -64,12 +64,6 @@
 *    machine.
 */
 # if defined(_WIN64) || !defined(__LP64__)
 #  define BN_ULONG unsigned long long
 # else
 #  define BN_ULONG unsigned long
 # endif
 # undef mul
 # undef mul_add
--- a/crypto/bn/asm/x86_64-mont5.pl
+++ b/crypto/bn/asm/x86_64-mont5.pl
@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@ -2910,6 +2910,7 @@ bn_powerx5:
 .align	32
 bn_sqrx8x_internal:
 __bn_sqrx8x_internal:
 .cfi_startproc
 	##################################################################
 	# Squaring part:
 	#
@ -3542,6 +3543,7 @@ __bn_sqrx8x_reduction:
 	cmp	8+8(%rsp),%r8		# end of t[]?
 	jb	.Lsqrx8x_reduction_loop
 	ret
 .cfi_endproc
 .size	bn_sqrx8x_internal,.-bn_sqrx8x_internal
 ___
 }
--- a/crypto/bn/bn_ctx.c
+++ b/crypto/bn/bn_ctx.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -227,6 +227,8 @@ BIGNUM *BN_CTX_get(BN_CTX *ctx)
    }
    /* OK, make sure the returned bignum is "zero" */
    BN_zero(ret);
    /* clear BN_FLG_CONSTTIME if leaked from previous frames */
    ret->flags &= (~BN_FLG_CONSTTIME);
    ctx->used++;
    CTXDBG_RET(ctx, ret);
    return ret;
@ -256,7 +258,7 @@ static int BN_STACK_push(BN_STACK *st, unsigned int idx)
        unsigned int newsize =
            st->size ? (st->size * 3 / 2) : BN_CTX_START_FRAMES;
        unsigned int *newitems;
-        
+
        if ((newitems = OPENSSL_malloc(sizeof(*newitems) * newsize)) == NULL) {
            BNerr(BN_F_BN_STACK_PUSH, ERR_R_MALLOC_FAILURE);
            return 0;
@ -310,7 +312,7 @@ static BIGNUM *BN_POOL_get(BN_POOL *p, int flag)
    /* Full; allocate a new pool item and link it in. */
    if (p->used == p->size) {
        BN_POOL_ITEM *item;
-        
+
        if ((item = OPENSSL_malloc(sizeof(*item))) == NULL) {
            BNerr(BN_F_BN_POOL_GET, ERR_R_MALLOC_FAILURE);
            return NULL;
--- a/crypto/bn/bn_depr.c
+++ b/crypto/bn/bn_depr.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -40,7 +40,7 @@ BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
        goto err;
    /* we have a prime :-) */
-    return ret;
+    return rnd;
 err:
    BN_free(rnd);
    return NULL;
--- a/crypto/bn/bn_div.c
+++ b/crypto/bn/bn_div.c
@ -7,6 +7,7 @@
 * https://www.openssl.org/source/license.html
 */
 #include <assert.h>
 #include <openssl/bn.h>
 #include "internal/cryptlib.h"
 #include "bn_lcl.h"
@ -86,6 +87,77 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
 #else
 # if defined(BN_DIV3W)
 BN_ULONG bn_div_3_words(const BN_ULONG *m, BN_ULONG d1, BN_ULONG d0);
 # elif 0
 /*
 * This is #if-ed away, because it's a reference for assembly implementations,
 * where it can and should be made constant-time. But if you want to test it,
 * just replace 0 with 1.
 */
 #  if BN_BITS2 == 64 && defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16
 #   undef BN_ULLONG
 #   define BN_ULLONG __uint128_t
 #   define BN_LLONG
 #  endif
 #  ifdef BN_LLONG
 #   define BN_DIV3W
 /*
 * Interface is somewhat quirky, |m| is pointer to most significant limb,
 * and less significant limb is referred at |m[-1]|. This means that caller
 * is responsible for ensuring that |m[-1]| is valid. Second condition that
 * has to be met is that |d0|'s most significant bit has to be set. Or in
 * other words divisor has to be "bit-aligned to the left." bn_div_fixed_top
 * does all this. The subroutine considers four limbs, two of which are
 * "overlapping," hence the name...
 */
 static BN_ULONG bn_div_3_words(const BN_ULONG *m, BN_ULONG d1, BN_ULONG d0)
 {
    BN_ULLONG R = ((BN_ULLONG)m[0] << BN_BITS2) | m[-1];
    BN_ULLONG D = ((BN_ULLONG)d0 << BN_BITS2) | d1;
    BN_ULONG Q = 0, mask;
    int i;
    for (i = 0; i < BN_BITS2; i++) {
        Q <<= 1;
        if (R >= D) {
            Q |= 1;
            R -= D;
        }
        D >>= 1;
    }
    mask = 0 - (Q >> (BN_BITS2 - 1));   /* does it overflow? */
    Q <<= 1;
    Q |= (R >= D);
    return (Q | mask) & BN_MASK2;
 }
 #  endif
 # endif
 static int bn_left_align(BIGNUM *num)
 {
    BN_ULONG *d = num->d, n, m, rmask;
    int top = num->top;
    int rshift = BN_num_bits_word(d[top - 1]), lshift, i;
    lshift = BN_BITS2 - rshift;
    rshift %= BN_BITS2;            /* say no to undefined behaviour */
    rmask = (BN_ULONG)0 - rshift;  /* rmask = 0 - (rshift != 0) */
    rmask |= rmask >> 8;
    for (i = 0, m = 0; i < top; i++) {
        n = d[i];
        d[i] = ((n << lshift) | m) & BN_MASK2;
        m = (n >> rshift) & rmask;
    }
    return lshift;
 }
 # if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) \
    && !defined(PEDANTIC) && !defined(BN_DIV3W)
 #  if defined(__GNUC__) && __GNUC__>=2
@ -137,56 +209,74 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
 int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
           BN_CTX *ctx)
 {
-    int norm_shift, i, loop;
+    int ret;
    BIGNUM *tmp, wnum, *snum, *sdiv, *res;
    BN_ULONG *resp, *wnump;
    BN_ULONG d0, d1;
    int num_n, div_n;
    int no_branch = 0;
    /*
     * Invalid zero-padding would have particularly bad consequences so don't
     * just rely on bn_check_top() here (bn_check_top() works only for
     * BN_DEBUG builds)
     */
    if ((num->top > 0 && num->d[num->top - 1] == 0) ||
        (divisor->top > 0 && divisor->d[divisor->top - 1] == 0)) {
        BNerr(BN_F_BN_DIV, BN_R_NOT_INITIALIZED);
        return 0;
    }
    bn_check_top(num);
    bn_check_top(divisor);
    if ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0)
        || (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0)) {
        no_branch = 1;
    }
    bn_check_top(dv);
    bn_check_top(rm);
    /*- bn_check_top(num); *//*
     * 'num' has been checked already
     */
    /*- bn_check_top(divisor); *//*
     * 'divisor' has been checked already
     */
    if (BN_is_zero(divisor)) {
        BNerr(BN_F_BN_DIV, BN_R_DIV_BY_ZERO);
        return 0;
    }
-    if (!no_branch && BN_ucmp(num, divisor) < 0) {
+    /*
-        if (rm != NULL) {
+     * Invalid zero-padding would have particularly bad consequences so don't
-            if (BN_copy(rm, num) == NULL)
+     * just rely on bn_check_top() here (bn_check_top() works only for
-                return 0;
+     * BN_DEBUG builds)
-        }
+     */
-        if (dv != NULL)
+    if (divisor->d[divisor->top - 1] == 0) {
-            BN_zero(dv);
+        BNerr(BN_F_BN_DIV, BN_R_NOT_INITIALIZED);
-        return 1;
+        return 0;
    }
    ret = bn_div_fixed_top(dv, rm, num, divisor, ctx);
    if (ret) {
        if (dv != NULL)
            bn_correct_top(dv);
        if (rm != NULL)
            bn_correct_top(rm);
    }
    return ret;
 }
 /*
 * It's argued that *length* of *significant* part of divisor is public.
 * Even if it's private modulus that is. Again, *length* is assumed
 * public, but not *value*. Former is likely to be pre-defined by
 * algorithm with bit granularity, though below subroutine is invariant
 * of limb length. Thanks to this assumption we can require that |divisor|
 * may not be zero-padded, yet claim this subroutine "constant-time"(*).
 * This is because zero-padded dividend, |num|, is tolerated, so that
 * caller can pass dividend of public length(*), but with smaller amount
 * of significant limbs. This naturally means that quotient, |dv|, would
 * contain correspongly less significant limbs as well, and will be zero-
 * padded accordingly. Returned remainder, |rm|, will have same bit length
 * as divisor, also zero-padded if needed. These actually leave sign bits
 * in ambiguous state. In sense that we try to avoid negative zeros, while
 * zero-padded zeros would retain sign.
 *
 * (*) "Constant-time-ness" has two pre-conditions:
 *
 *     - availability of constant-time bn_div_3_words;
 *     - dividend is at least as "wide" as divisor, limb-wise, zero-padded
 *       if so requied, which shouldn't be a privacy problem, because
 *       divisor's length is considered public;
 */
 int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
                     const BIGNUM *divisor, BN_CTX *ctx)
 {
    int norm_shift, i, j, loop;
    BIGNUM *tmp, *snum, *sdiv, *res;
    BN_ULONG *resp, *wnum, *wnumtop;
    BN_ULONG d0, d1;
    int num_n, div_n;
    assert(divisor->top > 0 && divisor->d[divisor->top - 1] != 0);
    bn_check_top(num);
    bn_check_top(divisor);
    bn_check_top(dv);
    bn_check_top(rm);
    BN_CTX_start(ctx);
    res = (dv == NULL) ? BN_CTX_get(ctx) : dv;
    tmp = BN_CTX_get(ctx);
@ -196,113 +286,72 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
        goto err;
    /* First we normalise the numbers */
-    norm_shift = BN_BITS2 - ((BN_num_bits(divisor)) % BN_BITS2);
+    if (!BN_copy(sdiv, divisor))
    if (!(BN_lshift(sdiv, divisor, norm_shift)))
        goto err;
    norm_shift = bn_left_align(sdiv);
    sdiv->neg = 0;
-    norm_shift += BN_BITS2;
+    /*
-    if (!(BN_lshift(snum, num, norm_shift)))
+     * Note that bn_lshift_fixed_top's output is always one limb longer
     * than input, even when norm_shift is zero. This means that amount of
     * inner loop iterations is invariant of dividend value, and that one
     * doesn't need to compare dividend and divisor if they were originally
     * of the same bit length.
     */
    if (!(bn_lshift_fixed_top(snum, num, norm_shift)))
        goto err;
    snum->neg = 0;
    if (no_branch) {
        /*
         * Since we don't know whether snum is larger than sdiv, we pad snum
         * with enough zeroes without changing its value.
         */
        if (snum->top <= sdiv->top + 1) {
            if (bn_wexpand(snum, sdiv->top + 2) == NULL)
                goto err;
            for (i = snum->top; i < sdiv->top + 2; i++)
                snum->d[i] = 0;
            snum->top = sdiv->top + 2;
        } else {
            if (bn_wexpand(snum, snum->top + 1) == NULL)
                goto err;
            snum->d[snum->top] = 0;
            snum->top++;
        }
    }
    div_n = sdiv->top;
    num_n = snum->top;
    if (num_n <= div_n) {
        /* caller didn't pad dividend -> no constant-time guarantee... */
        if (bn_wexpand(snum, div_n + 1) == NULL)
            goto err;
        memset(&(snum->d[num_n]), 0, (div_n - num_n + 1) * sizeof(BN_ULONG));
        snum->top = num_n = div_n + 1;
    }
    loop = num_n - div_n;
    /*
     * Lets setup a 'window' into snum This is the part that corresponds to
     * the current 'area' being divided
     */
-    wnum.neg = 0;
+    wnum = &(snum->d[loop]);
-    wnum.d = &(snum->d[loop]);
+    wnumtop = &(snum->d[num_n - 1]);
    wnum.top = div_n;
    wnum.flags = BN_FLG_STATIC_DATA;
    /*
     * only needed when BN_ucmp messes up the values between top and max
     */
    wnum.dmax = snum->dmax - loop; /* so we don't step out of bounds */
    /* Get the top 2 words of sdiv */
    /* div_n=sdiv->top; */
    d0 = sdiv->d[div_n - 1];
    d1 = (div_n == 1) ? 0 : sdiv->d[div_n - 2];
-    /* pointer to the 'top' of snum */
+    /* Setup quotient */
-    wnump = &(snum->d[num_n - 1]);
+    if (!bn_wexpand(res, loop))
    /* Setup to 'res' */
    if (!bn_wexpand(res, (loop + 1)))
        goto err;
    res->neg = (num->neg ^ divisor->neg);
-    res->top = loop - no_branch;
+    res->top = loop;
-    resp = &(res->d[loop - 1]);
+    res->flags |= BN_FLG_FIXED_TOP;
    resp = &(res->d[loop]);
    /* space for temp */
    if (!bn_wexpand(tmp, (div_n + 1)))
        goto err;
-    if (!no_branch) {
+    for (i = 0; i < loop; i++, wnumtop--) {
        if (BN_ucmp(&wnum, sdiv) >= 0) {
            /*
             * If BN_DEBUG_RAND is defined BN_ucmp changes (via bn_pollute)
             * the const bignum arguments => clean the values between top and
             * max again
             */
            bn_clear_top2max(&wnum);
            bn_sub_words(wnum.d, wnum.d, sdiv->d, div_n);
            *resp = 1;
        } else
            res->top--;
    }
    /* Increase the resp pointer so that we never create an invalid pointer. */
    resp++;
    /*
     * if res->top == 0 then clear the neg value otherwise decrease the resp
     * pointer
     */
    if (res->top == 0)
        res->neg = 0;
    else
        resp--;
    for (i = 0; i < loop - 1; i++, wnump--) {
        BN_ULONG q, l0;
        /*
         * the first part of the loop uses the top two words of snum and sdiv
         * to calculate a BN_ULONG q such that | wnum - sdiv * q | < sdiv
         */
-# if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM)
+# if defined(BN_DIV3W)
-        BN_ULONG bn_div_3_words(BN_ULONG *, BN_ULONG, BN_ULONG);
+        q = bn_div_3_words(wnumtop, d1, d0);
        q = bn_div_3_words(wnump, d1, d0);
 # else
        BN_ULONG n0, n1, rem = 0;
-        n0 = wnump[0];
+        n0 = wnumtop[0];
-        n1 = wnump[-1];
+        n1 = wnumtop[-1];
        if (n0 == d0)
            q = BN_MASK2;
        else {                  /* n0 < d0 */
-
+            BN_ULONG n2 = (wnumtop == wnum) ? 0 : wnumtop[-2];
 #  ifdef BN_LLONG
            BN_ULLONG t2;
@ -322,7 +371,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
            t2 = (BN_ULLONG) d1 *q;
            for (;;) {
-                if (t2 <= ((((BN_ULLONG) rem) << BN_BITS2) | wnump[-2]))
+                if (t2 <= ((((BN_ULLONG) rem) << BN_BITS2) | n2))
                    break;
                q--;
                rem += d0;
@ -355,7 +404,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
 #   endif
            for (;;) {
-                if ((t2h < rem) || ((t2h == rem) && (t2l <= wnump[-2])))
+                if ((t2h < rem) || ((t2h == rem) && (t2l <= n2)))
                    break;
                q--;
                rem += d0;
@ -371,43 +420,33 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
        l0 = bn_mul_words(tmp->d, sdiv->d, div_n, q);
        tmp->d[div_n] = l0;
-        wnum.d--;
+        wnum--;
        /*
-         * ingore top values of the bignums just sub the two BN_ULONG arrays
+         * ignore top values of the bignums just sub the two BN_ULONG arrays
         * with bn_sub_words
         */
-        if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n + 1)) {
+        l0 = bn_sub_words(wnum, wnum, tmp->d, div_n + 1);
-            /*
+        q -= l0;
             * Note: As we have considered only the leading two BN_ULONGs in
             * the calculation of q, sdiv * q might be greater than wnum (but
             * then (q-1) * sdiv is less or equal than wnum)
             */
            q--;
            if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n))
                /*
                 * we can't have an overflow here (assuming that q != 0, but
                 * if q == 0 then tmp is zero anyway)
                 */
                (*wnump)++;
        }
        /* store part of the result */
        resp--;
        *resp = q;
    }
    bn_correct_top(snum);
    if (rm != NULL) {
        /*
-         * Keep a copy of the neg flag in num because if rm==num BN_rshift()
+         * Note: As we have considered only the leading two BN_ULONGs in
-         * will overwrite it.
+         * the calculation of q, sdiv * q might be greater than wnum (but
         * then (q-1) * sdiv is less or equal than wnum)
         */
-        int neg = num->neg;
+        for (l0 = 0 - l0, j = 0; j < div_n; j++)
-        BN_rshift(rm, snum, norm_shift);
+            tmp->d[j] = sdiv->d[j] & l0;
-        if (!BN_is_zero(rm))
+        l0 = bn_add_words(wnum, wnum, tmp->d, div_n);
-            rm->neg = neg;
+        (*wnumtop) += l0;
-        bn_check_top(rm);
+        assert((*wnumtop) == 0);
        /* store part of the result */
        *--resp = q;
    }
-    if (no_branch)
+    /* snum holds remainder, it's as wide as divisor */
-        bn_correct_top(res);
+    snum->neg = num->neg;
    snum->top = div_n;
    snum->flags |= BN_FLG_FIXED_TOP;
    if (rm != NULL)
        bn_rshift_fixed_top(rm, snum, norm_shift);
    BN_CTX_end(ctx);
    return 1;
 err:
--- a/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -648,34 +648,41 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
            goto err;
    }
-#ifdef RSAZ_ENABLED
+    if (a->neg || BN_ucmp(a, m) >= 0) {
-    if (!a->neg) {
+        BIGNUM *reduced = BN_CTX_get(ctx);
-        /*
+        if (reduced == NULL
-         * If the size of the operands allow it, perform the optimized
+            || !BN_nnmod(reduced, a, m, ctx)) {
         * RSAZ exponentiation. For further information see
         * crypto/bn/rsaz_exp.c and accompanying assembly modules.
         */
        if ((16 == a->top) && (16 == p->top) && (BN_num_bits(m) == 1024)
            && rsaz_avx2_eligible()) {
            if (NULL == bn_wexpand(rr, 16))
                goto err;
            RSAZ_1024_mod_exp_avx2(rr->d, a->d, p->d, m->d, mont->RR.d,
                                   mont->n0[0]);
            rr->top = 16;
            rr->neg = 0;
            bn_correct_top(rr);
            ret = 1;
            goto err;
        } else if ((8 == a->top) && (8 == p->top) && (BN_num_bits(m) == 512)) {
            if (NULL == bn_wexpand(rr, 8))
                goto err;
            RSAZ_512_mod_exp(rr->d, a->d, p->d, m->d, mont->n0[0], mont->RR.d);
            rr->top = 8;
            rr->neg = 0;
            bn_correct_top(rr);
            ret = 1;
            goto err;
        }
        a = reduced;
    }
 #ifdef RSAZ_ENABLED
    /*
     * If the size of the operands allow it, perform the optimized
     * RSAZ exponentiation. For further information see
     * crypto/bn/rsaz_exp.c and accompanying assembly modules.
     */
    if ((16 == a->top) && (16 == p->top) && (BN_num_bits(m) == 1024)
        && rsaz_avx2_eligible()) {
        if (NULL == bn_wexpand(rr, 16))
            goto err;
        RSAZ_1024_mod_exp_avx2(rr->d, a->d, p->d, m->d, mont->RR.d,
                               mont->n0[0]);
        rr->top = 16;
        rr->neg = 0;
        bn_correct_top(rr);
        ret = 1;
        goto err;
    } else if ((8 == a->top) && (8 == p->top) && (BN_num_bits(m) == 512)) {
        if (NULL == bn_wexpand(rr, 8))
            goto err;
        RSAZ_512_mod_exp(rr->d, a->d, p->d, m->d, mont->n0[0], mont->RR.d);
        rr->top = 8;
        rr->neg = 0;
        bn_correct_top(rr);
        ret = 1;
        goto err;
    }
 #endif
@ -747,12 +754,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
        goto err;
    /* prepare a^1 in Montgomery domain */
-    if (a->neg || BN_ucmp(a, m) >= 0) {
+    if (!bn_to_mont_fixed_top(&am, a, mont, ctx))
        if (!BN_nnmod(&am, a, m, ctx))
            goto err;
        if (!bn_to_mont_fixed_top(&am, &am, mont, ctx))
            goto err;
    } else if (!bn_to_mont_fixed_top(&am, a, mont, ctx))
        goto err;
 #if defined(SPARC_T4_MONT)
@ -1077,7 +1079,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
             * is not only slower but also makes each bit vulnerable to
             * EM (and likely other) side-channel attacks like One&Done
             * (for details see "One&Done: A Single-Decryption EM-Based
-             *  Attack on OpenSSL’s Constant-Time Blinded RSA" by M. Alam,
+             *  Attack on OpenSSL's Constant-Time Blinded RSA" by M. Alam,
             *  H. Khan, M. Dey, N. Sinha, R. Callan, A. Zajic, and
             *  M. Prvulovic, in USENIX Security'18)
             */
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -695,6 +695,9 @@ int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n)
    int i;
    BN_ULONG aa, bb;
    if (n == 0)
        return 0;
    aa = a[n - 1];
    bb = b[n - 1];
    if (aa != bb)
@ -737,26 +740,25 @@ int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, int cl, int dl)
    return bn_cmp_words(a, b, cl);
 }
-/*
+/*-
 * Constant-time conditional swap of a and b.
- * a and b are swapped if condition is not 0.  The code assumes that at most one bit of condition is set.
+ * a and b are swapped if condition is not 0.
- * nwords is the number of words to swap.  The code assumes that at least nwords are allocated in both a and b,
+ * nwords is the number of words to swap.
- * and that no more than nwords are used by either a or b.
+ * Assumes that at least nwords are allocated in both a and b.
- * a and b cannot be the same number
+ * Assumes that no more than nwords are used by either a or b.
 */
 void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
 {
    BN_ULONG t;
    int i;
    if (a == b)
        return;
    bn_wcheck_size(a, nwords);
    bn_wcheck_size(b, nwords);
-    assert(a != b);
+    condition = ((~condition & ((condition - 1))) >> (BN_BITS2 - 1)) - 1;
    assert((condition & (condition - 1)) == 0);
    assert(sizeof(BN_ULONG) >= sizeof(int));
    condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1;
    t = (a->top ^ b->top) & condition;
    a->top ^= t;
@ -767,65 +769,43 @@ void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
    b->neg ^= t;
    /*-
-     * Idea behind BN_FLG_STATIC_DATA is actually to
+     * BN_FLG_STATIC_DATA: indicates that data may not be written to. Intention
-     * indicate that data may not be written to.
+     * is actually to treat it as it's read-only data, and some (if not most)
-     * Intention is actually to treat it as it's
+     * of it does reside in read-only segment. In other words observation of
-     * read-only data, and some (if not most) of it does
+     * BN_FLG_STATIC_DATA in BN_consttime_swap should be treated as fatal
-     * reside in read-only segment. In other words
+     * condition. It would either cause SEGV or effectively cause data
-     * observation of BN_FLG_STATIC_DATA in
+     * corruption.
-     * BN_consttime_swap should be treated as fatal
+     *
-     * condition. It would either cause SEGV or
+     * BN_FLG_MALLOCED: refers to BN structure itself, and hence must be
-     * effectively cause data corruption.
+     * preserved.
-     * BN_FLG_MALLOCED refers to BN structure itself,
+     *
-     * and hence must be preserved. Remaining flags are
+     * BN_FLG_SECURE: must be preserved, because it determines how x->d was
-     * BN_FLG_CONSTIME and BN_FLG_SECURE. Latter must be
+     * allocated and hence how to free it.
-     * preserved, because it determines how x->d was
+     *
-     * allocated and hence how to free it. This leaves
+     * BN_FLG_CONSTTIME: sufficient to mask and swap
-     * BN_FLG_CONSTTIME that one can do something about.
+     *
-     * To summarize it's sufficient to mask and swap
+     * BN_FLG_FIXED_TOP: indicates that we haven't called bn_correct_top() on
-     * BN_FLG_CONSTTIME alone. BN_FLG_STATIC_DATA should
+     * the data, so the d array may be padded with additional 0 values (i.e.
-     * be treated as fatal.
+     * top could be greater than the minimal value that it could be). We should
     * be swapping it
     */
-    t = ((a->flags ^ b->flags) & BN_FLG_CONSTTIME) & condition;
+
 #define BN_CONSTTIME_SWAP_FLAGS (BN_FLG_CONSTTIME | BN_FLG_FIXED_TOP)
    t = ((a->flags ^ b->flags) & BN_CONSTTIME_SWAP_FLAGS) & condition;
    a->flags ^= t;
    b->flags ^= t;
-#define BN_CONSTTIME_SWAP(ind) \
+    /* conditionally swap the data */
-        do { \
+    for (i = 0; i < nwords; i++) {
-                t = (a->d[ind] ^ b->d[ind]) & condition; \
+        t = (a->d[i] ^ b->d[i]) & condition;
-                a->d[ind] ^= t; \
+        a->d[i] ^= t;
-                b->d[ind] ^= t; \
+        b->d[i] ^= t;
        } while (0)
    switch (nwords) {
    default:
        for (i = 10; i < nwords; i++)
            BN_CONSTTIME_SWAP(i);
        /* Fallthrough */
    case 10:
        BN_CONSTTIME_SWAP(9);   /* Fallthrough */
    case 9:
        BN_CONSTTIME_SWAP(8);   /* Fallthrough */
    case 8:
        BN_CONSTTIME_SWAP(7);   /* Fallthrough */
    case 7:
        BN_CONSTTIME_SWAP(6);   /* Fallthrough */
    case 6:
        BN_CONSTTIME_SWAP(5);   /* Fallthrough */
    case 5:
        BN_CONSTTIME_SWAP(4);   /* Fallthrough */
    case 4:
        BN_CONSTTIME_SWAP(3);   /* Fallthrough */
    case 3:
        BN_CONSTTIME_SWAP(2);   /* Fallthrough */
    case 2:
        BN_CONSTTIME_SWAP(1);   /* Fallthrough */
    case 1:
        BN_CONSTTIME_SWAP(0);
    }
 #undef BN_CONSTTIME_SWAP
 }
 #undef BN_CONSTTIME_SWAP_FLAGS
 /* Bits of security, see SP800-57 */
 int BN_security_bits(int L, int N)
--- a/crypto/bn/bn_prime.h
+++ b/crypto/bn/bn_prime.h
@ -2,7 +2,7 @@
 * WARNING: do not edit!
 * Generated by crypto/bn/bn_prime.pl
 *
- * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
--- a/crypto/bn/bn_prime.pl
+++ b/crypto/bn/bn_prime.pl
@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
--- a/crypto/bn/bn_shift.c
+++ b/crypto/bn/bn_shift.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -7,6 +7,7 @@
 * https://www.openssl.org/source/license.html
 */
 #include <assert.h>
 #include "internal/cryptlib.h"
 #include "bn_lcl.h"
@ -82,40 +83,70 @@ int BN_rshift1(BIGNUM *r, const BIGNUM *a)
 int BN_lshift(BIGNUM *r, const BIGNUM *a, int n)
 {
-    int i, nw, lb, rb;
+    int ret;
    BN_ULONG *t, *f;
    BN_ULONG l;
    bn_check_top(r);
    bn_check_top(a);
    if (n < 0) {
        BNerr(BN_F_BN_LSHIFT, BN_R_INVALID_SHIFT);
        return 0;
    }
    ret = bn_lshift_fixed_top(r, a, n);
    bn_correct_top(r);
    bn_check_top(r);
    return ret;
 }
 /*
 * In respect to shift factor the execution time is invariant of
 * |n % BN_BITS2|, but not |n / BN_BITS2|. Or in other words pre-condition
 * for constant-time-ness is |n < BN_BITS2| or |n / BN_BITS2| being
 * non-secret.
 */
 int bn_lshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n)
 {
    int i, nw;
    unsigned int lb, rb;
    BN_ULONG *t, *f;
    BN_ULONG l, m, rmask = 0;
    assert(n >= 0);
    bn_check_top(r);
    bn_check_top(a);
    nw = n / BN_BITS2;
    if (bn_wexpand(r, a->top + nw + 1) == NULL)
        return 0;
-    r->neg = a->neg;
+
-    lb = n % BN_BITS2;
+    if (a->top != 0) {
-    rb = BN_BITS2 - lb;
+        lb = (unsigned int)n % BN_BITS2;
-    f = a->d;
+        rb = BN_BITS2 - lb;
-    t = r->d;
+        rb %= BN_BITS2;            /* say no to undefined behaviour */
-    t[a->top + nw] = 0;
+        rmask = (BN_ULONG)0 - rb;  /* rmask = 0 - (rb != 0) */
-    if (lb == 0)
+        rmask |= rmask >> 8;
-        for (i = a->top - 1; i >= 0; i--)
+        f = &(a->d[0]);
-            t[nw + i] = f[i];
+        t = &(r->d[nw]);
-    else
+        l = f[a->top - 1];
-        for (i = a->top - 1; i >= 0; i--) {
+        t[a->top] = (l >> rb) & rmask;
-            l = f[i];
+        for (i = a->top - 1; i > 0; i--) {
-            t[nw + i + 1] |= (l >> rb) & BN_MASK2;
+            m = l << lb;
-            t[nw + i] = (l << lb) & BN_MASK2;
+            l = f[i - 1];
            t[i] = (m | ((l >> rb) & rmask)) & BN_MASK2;
        }
-    memset(t, 0, sizeof(*t) * nw);
+        t[0] = (l << lb) & BN_MASK2;
    } else {
        /* shouldn't happen, but formally required */
        r->d[nw] = 0;
    }
    if (nw != 0)
        memset(r->d, 0, sizeof(*t) * nw);
    r->neg = a->neg;
    r->top = a->top + nw + 1;
-    bn_correct_top(r);
+    r->flags |= BN_FLG_FIXED_TOP;
-    bn_check_top(r);
+
    return 1;
 }
@ -173,3 +204,54 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
    bn_check_top(r);
    return 1;
 }
 /*
 * In respect to shift factor the execution time is invariant of
 * |n % BN_BITS2|, but not |n / BN_BITS2|. Or in other words pre-condition
 * for constant-time-ness for sufficiently[!] zero-padded inputs is
 * |n < BN_BITS2| or |n / BN_BITS2| being non-secret.
 */
 int bn_rshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n)
 {
    int i, top, nw;
    unsigned int lb, rb;
    BN_ULONG *t, *f;
    BN_ULONG l, m, mask;
    bn_check_top(r);
    bn_check_top(a);
    assert(n >= 0);
    nw = n / BN_BITS2;
    if (nw >= a->top) {
        /* shouldn't happen, but formally required */
        BN_zero(r);
        return 1;
    }
    rb = (unsigned int)n % BN_BITS2;
    lb = BN_BITS2 - rb;
    lb %= BN_BITS2;            /* say no to undefined behaviour */
    mask = (BN_ULONG)0 - lb;   /* mask = 0 - (lb != 0) */
    mask |= mask >> 8;
    top = a->top - nw;
    if (r != a && bn_wexpand(r, top) == NULL)
        return 0;
    t = &(r->d[0]);
    f = &(a->d[nw]);
    l = f[0];
    for (i = 0; i < top - 1; i++) {
        m = f[i + 1];
        t[i] = (l >> rb) | ((m << lb) & mask);
        l = m;
    }
    t[i] = l >> rb;
    r->neg = a->neg;
    r->top = top;
    r->flags |= BN_FLG_FIXED_TOP;
    return 1;
 }
--- a/crypto/build.info
+++ b/crypto/build.info
@ -2,7 +2,7 @@ LIBS=../libcrypto
 SOURCE[../libcrypto]=\
        cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c cpt_err.c \
        ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fopen.c ctype.c \
-        threads_pthread.c threads_win.c threads_none.c \
+        threads_pthread.c threads_win.c threads_none.c getenv.c \
        o_init.c o_fips.c mem_sec.c init.c {- $target{cpuid_asm_src} -} \
        {- $target{uplink_aux_src} -}
 EXTRA=  ../ms/uplink-x86.pl ../ms/uplink.c ../ms/applink.c \
--- a/crypto/chacha/asm/chacha-armv8.pl
+++ b/crypto/chacha/asm/chacha-armv8.pl
@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@ -157,6 +157,7 @@ ChaCha20_ctr32:
 	b.ne	ChaCha20_neon
 .Lshort:
 	.inst	0xd503233f			// paciasp
 	stp	x29,x30,[sp,#-96]!
 	add	x29,sp,#0
@ -276,6 +277,7 @@ $code.=<<___;
 	ldp	x25,x26,[x29,#64]
 	ldp	x27,x28,[x29,#80]
 	ldp	x29,x30,[sp],#96
 	.inst	0xd50323bf			// autiasp
 .Labort:
 	ret
@ -332,6 +334,7 @@ $code.=<<___;
 	ldp	x25,x26,[x29,#64]
 	ldp	x27,x28,[x29,#80]
 	ldp	x29,x30,[sp],#96
 	.inst	0xd50323bf			// autiasp
 	ret
 .size	ChaCha20_ctr32,.-ChaCha20_ctr32
 ___
@ -377,6 +380,7 @@ $code.=<<___;
 .type	ChaCha20_neon,%function
 .align	5
 ChaCha20_neon:
 	.inst	0xd503233f			// paciasp
 	stp	x29,x30,[sp,#-96]!
 	add	x29,sp,#0
@ -575,6 +579,7 @@ $code.=<<___;
 	ldp	x25,x26,[x29,#64]
 	ldp	x27,x28,[x29,#80]
 	ldp	x29,x30,[sp],#96
 	.inst	0xd50323bf			// autiasp
 	ret
 .Ltail_neon:
@ -684,6 +689,7 @@ $code.=<<___;
 	ldp	x25,x26,[x29,#64]
 	ldp	x27,x28,[x29,#80]
 	ldp	x29,x30,[sp],#96
 	.inst	0xd50323bf			// autiasp
 	ret
 .size	ChaCha20_neon,.-ChaCha20_neon
 ___
@ -696,6 +702,7 @@ $code.=<<___;
 .type	ChaCha20_512_neon,%function
 .align	5
 ChaCha20_512_neon:
 	.inst	0xd503233f			// paciasp
 	stp	x29,x30,[sp,#-96]!
 	add	x29,sp,#0
@ -1114,6 +1121,7 @@ $code.=<<___;
 	ldp	x25,x26,[x29,#64]
 	ldp	x27,x28,[x29,#80]
 	ldp	x29,x30,[sp],#96
 	.inst	0xd50323bf			// autiasp
 	ret
 .size	ChaCha20_512_neon,.-ChaCha20_512_neon
 ___
--- a/crypto/cms/cms_kari.c
+++ b/crypto/cms/cms_kari.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2013-2019 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -282,7 +282,7 @@ static int cms_kari_create_ephemeral_key(CMS_KeyAgreeRecipientInfo *kari,
    return rv;
 }
-/* Initialise a ktri based on passed certificate and key */
+/* Initialise a kari based on passed certificate and key */
 int cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip,
                                EVP_PKEY *pk, unsigned int flags)
@ -299,6 +299,9 @@ int cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip,
    kari->version = 3;
    rek = M_ASN1_new_of(CMS_RecipientEncryptedKey);
    if (rek == NULL)
        return 0;
    if (!sk_CMS_RecipientEncryptedKey_push(kari->recipientEncryptedKeys, rek)) {
        M_ASN1_free_of(rek, CMS_RecipientEncryptedKey);
        return 0;
--- a/crypto/cms/cms_pwri.c
+++ b/crypto/cms/cms_pwri.c
@ -373,6 +373,7 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
            goto err;
        }
        OPENSSL_clear_free(ec->key, ec->keylen);
        ec->key = key;
        ec->keylen = keylen;
--- a/crypto/conf/conf_api.c
+++ b/crypto/conf/conf_api.c
@ -10,6 +10,7 @@
 /* Part of the code in here was originally in conf.c, which is now removed */
 #include "e_os.h"
 #include "internal/cryptlib.h"
 #include <stdlib.h>
 #include <string.h>
 #include <openssl/conf.h>
@ -82,7 +83,7 @@ char *_CONF_get_string(const CONF *conf, const char *section,
            if (v != NULL)
                return v->value;
            if (strcmp(section, "ENV") == 0) {
-                p = getenv(name);
+                p = ossl_safe_getenv(name);
                if (p != NULL)
                    return p;
            }
@ -95,7 +96,7 @@ char *_CONF_get_string(const CONF *conf, const char *section,
        else
            return NULL;
    } else
-        return getenv(name);
+        return ossl_safe_getenv(name);
 }
 static unsigned long conf_value_hash(const CONF_VALUE *v)
--- a/crypto/conf/conf_def.c
+++ b/crypto/conf/conf_def.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -348,10 +348,15 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
                psection = section;
            }
            p = eat_ws(conf, end);
-            if (strncmp(pname, ".include", 8) == 0 && p != pname + 8) {
+            if (strncmp(pname, ".include", 8) == 0
                && (p != pname + 8 || *p == '=')) {
                char *include = NULL;
                BIO *next;
                if (*p == '=') {
                    p++;
                    p = eat_ws(conf, p);
                }
                trim_ws(conf, p);
                if (!str_copy(conf, psection, &include, p))
                    goto err;
--- a/crypto/conf/conf_def.h
+++ b/crypto/conf/conf_def.h
@ -2,7 +2,7 @@
 * WARNING: do not edit!
 * Generated by crypto/conf/keysets.pl
 *
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
--- a/crypto/conf/conf_lib.c
+++ b/crypto/conf/conf_lib.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -358,11 +358,36 @@ OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void)
    if (ret != NULL)
        memset(ret, 0, sizeof(*ret));
    ret->flags = DEFAULT_CONF_MFLAGS;
    return ret;
 }
 #ifndef OPENSSL_NO_STDIO
 int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings,
                                     const char *filename)
 {
    char *newfilename = NULL;
    if (filename != NULL) {
        newfilename = strdup(filename);
        if (newfilename == NULL)
            return 0;
    }
    free(settings->filename);
    settings->filename = newfilename;
    return 1;
 }
 void OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *settings,
                                        unsigned long flags)
 {
    settings->flags = flags;
 }
 int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings,
                                    const char *appname)
 {
@ -383,6 +408,7 @@ int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings,
 void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings)
 {
    free(settings->filename);
    free(settings->appname);
    free(settings);
 }
--- a/crypto/conf/conf_mod.c
+++ b/crypto/conf/conf_mod.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -142,6 +142,9 @@ int CONF_modules_load_file(const char *filename, const char *appname,
        OPENSSL_free(file);
    NCONF_free(conf);
    if (flags & CONF_MFLAGS_IGNORE_RETURN_CODES)
        return 1;
    return ret;
 }
@ -480,11 +483,8 @@ char *CONF_get1_default_config_file(void)
    char *file, *sep = "";
    int len;
-    if (!OPENSSL_issetugid()) {
+    if ((file = ossl_safe_getenv("OPENSSL_CONF")) != NULL)
-        file = getenv("OPENSSL_CONF");
+        return OPENSSL_strdup(file);
        if (file)
            return OPENSSL_strdup(file);
    }
    len = strlen(X509_get_default_cert_area());
 #ifndef OPENSSL_SYS_VMS
--- a/crypto/conf/conf_sap.c
+++ b/crypto/conf/conf_sap.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -39,10 +39,24 @@ void OPENSSL_config(const char *appname)
 }
 #endif
-void openssl_config_int(const char *appname)
+int openssl_config_int(const OPENSSL_INIT_SETTINGS *settings)
 {
    int ret;
    const char *filename;
    const char *appname;
    unsigned long flags;
    if (openssl_configured)
-        return;
+        return 1;
    filename = settings ? settings->filename : NULL;
    appname = settings ? settings->appname : NULL;
    flags = settings ? settings->flags : DEFAULT_CONF_MFLAGS;
 #ifdef OPENSSL_INIT_DEBUG
    fprintf(stderr, "OPENSSL_INIT: openssl_config_int(%s, %s, %lu)\n",
            filename, appname, flags);
 #endif
    OPENSSL_load_builtin_modules();
 #ifndef OPENSSL_NO_ENGINE
@ -51,11 +65,10 @@ void openssl_config_int(const char *appname)
 #endif
    ERR_clear_error();
 #ifndef OPENSSL_SYS_UEFI
-    CONF_modules_load_file(NULL, appname,
+    ret = CONF_modules_load_file(filename, appname, flags);
                               CONF_MFLAGS_DEFAULT_SECTION |
                               CONF_MFLAGS_IGNORE_MISSING_FILE);
 #endif
    openssl_configured = 1;
    return ret;
 }
 void openssl_no_config_int(void)
--- a/crypto/conf/conf_ssl.c
+++ b/crypto/conf/conf_ssl.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -78,6 +78,8 @@ static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf)
    cnt = sk_CONF_VALUE_num(cmd_lists);
    ssl_module_free(md);
    ssl_names = OPENSSL_zalloc(sizeof(*ssl_names) * cnt);
    if (ssl_names == NULL)
        goto err;
    ssl_names_count = cnt;
    for (i = 0; i < ssl_names_count; i++) {
        struct ssl_conf_name_st *ssl_name = ssl_names + i;
--- a/crypto/conf/keysets.pl
+++ b/crypto/conf/keysets.pl
@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved.
 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
@ -204,7 +204,7 @@ int OPENSSL_isservice(void)
    if (_OPENSSL_isservice.p == NULL) {
        HANDLE mod = GetModuleHandle(NULL);
-        FARPROC f;
+        FARPROC f = NULL;
        if (mod != NULL)
            f = GetProcAddress(mod, "_OPENSSL_isservice");
@ -352,9 +352,9 @@ void OPENSSL_showfatal(const char *fmta, ...)
    /*
    * TODO: (For non GUI and no std error cases)
-    * Add event logging feature here. 
+    * Add event logging feature here.
    */
-    
+
 #   if !defined(NDEBUG)
        /*
        * We are in a situation where we tried to report a critical
@ -393,7 +393,7 @@ void OPENSSL_showfatal(const char *fmta, ...)
 #  endif
 # else
    MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONERROR);
-# endif     
+# endif
 }
 #else
 void OPENSSL_showfatal(const char *fmta, ...)
@ -460,4 +460,14 @@ uint32_t OPENSSL_rdtsc(void)
 {
    return 0;
 }
 size_t OPENSSL_instrument_bus(unsigned int *out, size_t cnt)
 {
    return 0;
 }
 size_t OPENSSL_instrument_bus2(unsigned int *out, size_t cnt, size_t max)
 {
    return 0;
 }
 #endif
--- a/crypto/ct/ct_log.c
+++ b/crypto/ct/ct_log.c
@ -137,7 +137,7 @@ static int ctlog_new_from_conf(CTLOG **ct_log, const CONF *conf, const char *sec
 int CTLOG_STORE_load_default_file(CTLOG_STORE *store)
 {
-    const char *fpath = getenv(CTLOG_FILE_EVP);
+    const char *fpath = ossl_safe_getenv(CTLOG_FILE_EVP);
    if (fpath == NULL)
      fpath = CTLOG_FILE;
--- a/crypto/des/asm/des_enc.m4
+++ b/crypto/des/asm/des_enc.m4
@ -1,4 +1,4 @@
-! Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+! Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
 !
 ! Licensed under the OpenSSL license (the "License").  You may not use
 ! this file except in compliance with the License.  You can obtain a copy
@ -313,7 +313,7 @@ $4:
 	sll	out1, 28, out1            ! rotate
 	xor	$1, local1, $1            ! 1 finished, local1 now sbox 7
-	ld	[global2+local2], local2  ! 2 
+	ld	[global2+local2], local2  ! 2
 	srl	out0, 24, local1          ! 7
 	or	out1, local0, out1        ! rotate
@ -1392,7 +1392,7 @@ DES_ncbc_encrypt:
 	add	%o7,global1,global1
 	sub	global1,.PIC.DES_SPtrans-.des_and,out2
-	cmp	in5, 0                    ! enc   
+	cmp	in5, 0                    ! enc
 	be	.ncbc.dec
 	STPTR	in4, IVEC
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@ -327,6 +327,12 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
    if (mctx == NULL)
        goto err;
    /* make sure L > N, otherwise we'll get trapped in an infinite loop */
    if (L <= N) {
        DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_INVALID_PARAMETERS);
        goto err;
    }
    if (evpmd == NULL) {
        if (N == 160)
            evpmd = EVP_sha1();
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@ -9,6 +9,7 @@
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include "internal/bn_int.h"
 #include <openssl/bn.h>
 #include <openssl/sha.h>
 #include "dsa_locl.h"
@ -23,6 +24,8 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
                         DSA_SIG *sig, DSA *dsa);
 static int dsa_init(DSA *dsa);
 static int dsa_finish(DSA *dsa);
 static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q,
                                      BN_CTX *ctx);
 static DSA_METHOD openssl_dsa_meth = {
    "OpenSSL DSA method",
@ -178,9 +181,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
 {
    BN_CTX *ctx = NULL;
    BIGNUM *k, *kinv = NULL, *r = *rp;
-    BIGNUM *l, *m;
+    BIGNUM *l;
    int ret = 0;
-    int q_bits;
+    int q_bits, q_words;
    if (!dsa->p || !dsa->q || !dsa->g) {
        DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS);
@ -189,8 +192,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
    k = BN_new();
    l = BN_new();
-    m = BN_new();
+    if (k == NULL || l == NULL)
    if (k == NULL || l == NULL || m == NULL)
        goto err;
    if (ctx_in == NULL) {
@ -201,9 +203,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
    /* Preallocate space */
    q_bits = BN_num_bits(dsa->q);
-    if (!BN_set_bit(k, q_bits)
+    q_words = bn_get_top(dsa->q);
-        || !BN_set_bit(l, q_bits)
+    if (!bn_wexpand(k, q_words + 2)
-        || !BN_set_bit(m, q_bits))
+        || !bn_wexpand(l, q_words + 2))
        goto err;
    /* Get random k */
@ -221,6 +223,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
    } while (BN_is_zero(k));
    BN_set_flags(k, BN_FLG_CONSTTIME);
    BN_set_flags(l, BN_FLG_CONSTTIME);
    if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
        if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
@ -238,14 +241,17 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
     * small timing information leakage.  We then choose the sum that is
     * one bit longer than the modulus.
     *
-     * TODO: revisit the BN_copy aiming for a memory access agnostic
+     * There are some concerns about the efficacy of doing this.  More
-     * conditional copy.
+     * specificly refer to the discussion starting with:
     *     https://github.com/openssl/openssl/pull/7486#discussion_r228323705
     * The fix is to rework BN so these gymnastics aren't required.
     */
    if (!BN_add(l, k, dsa->q)
-        || !BN_add(m, l, dsa->q)
+        || !BN_add(k, l, dsa->q))
        || !BN_copy(k, BN_num_bits(l) > q_bits ? l : m))
        goto err;
    BN_consttime_swap(BN_is_bit_set(l, q_bits), k, l, q_words + 2);
    if ((dsa)->meth->bn_mod_exp != NULL) {
            if (!dsa->meth->bn_mod_exp(dsa, r, dsa->g, k, dsa->p, ctx,
                                       dsa->method_mont_p))
@ -258,8 +264,8 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
    if (!BN_mod(r, r, dsa->q, ctx))
        goto err;
-    /* Compute  part of 's = inv(k) (m + xr) mod q' */
+    /* Compute part of 's = inv(k) (m + xr) mod q' */
-    if ((kinv = BN_mod_inverse(NULL, k, dsa->q, ctx)) == NULL)
+    if ((kinv = dsa_mod_inverse_fermat(k, dsa->q, ctx)) == NULL)
        goto err;
    BN_clear_free(*kinvp);
@ -273,7 +279,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
        BN_CTX_free(ctx);
    BN_clear_free(k);
    BN_clear_free(l);
    BN_clear_free(m);
    return ret;
 }
@ -393,3 +398,31 @@ static int dsa_finish(DSA *dsa)
    BN_MONT_CTX_free(dsa->method_mont_p);
    return 1;
 }
 /*
 * Compute the inverse of k modulo q.
 * Since q is prime, Fermat's Little Theorem applies, which reduces this to
 * mod-exp operation.  Both the exponent and modulus are public information
 * so a mod-exp that doesn't leak the base is sufficient.  A newly allocated
 * BIGNUM is returned which the caller must free.
 */
 static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q,
                                      BN_CTX *ctx)
 {
    BIGNUM *res = NULL;
    BIGNUM *r, *e;
    if ((r = BN_new()) == NULL)
        return NULL;
    BN_CTX_start(ctx);
    if ((e = BN_CTX_get(ctx)) != NULL
            && BN_set_word(r, 2)
            && BN_sub(e, q, r)
            && BN_mod_exp_mont(r, k, e, q, ctx, NULL))
        res = r;
    else
        BN_free(r);
    BN_CTX_end(ctx);
    return res;
 }
--- a/Show More
+++ b/Show More