From 60adbfdea1ee754341d64454274e7aa83bae8971 Mon Sep 17 00:00:00 2001
From: marha <marha@users.sourceforge.net>
Date: Fri, 30 Sep 2011 08:40:25 +0200
Subject: Upgraded to openssl-1.0.0e

---
 openssl/CHANGES                       |  43 +++-
 openssl/FAQ                           |   2 +-
 openssl/INSTALL.VMS                   |  52 ++---
 openssl/Makefile                      |   2 +-
 openssl/NEWS                          |   8 +
 openssl/README                        |   2 +-
 openssl/VMS/install-vms.com           |  67 ++++++
 openssl/VMS/install.com               |  79 -------
 openssl/VMS/mkshared.com              | 244 ++++++++++++--------
 openssl/VMS/openssl_startup.com       | 108 +++++++++
 openssl/VMS/openssl_undo.com          |  20 ++
 openssl/apps/CA.com                   |  98 +++++----
 openssl/apps/apps.c                   |   6 +
 openssl/apps/asn1pars.c               |   1 +
 openssl/apps/enc.c                    |   4 +
 openssl/apps/install-apps.com         | 107 +++++++++
 openssl/apps/install.com              |  65 ------
 openssl/apps/makeapps.com             | 321 ++++++++++++++++++---------
 openssl/apps/md4.c                    |   1 +
 openssl/apps/openssl.c                |  64 +++++-
 openssl/apps/pkcs12.c                 |   2 +-
 openssl/apps/speed.c                  |   2 +
 openssl/apps/vms_decc_init.c          | 188 ++++++++++++++++
 openssl/config                        |   4 +
 openssl/crypto/LPdir_vms.c            |  49 +++--
 openssl/crypto/alphacpuid.pl          |   8 +-
 openssl/crypto/asn1/a_object.c        |   4 +-
 openssl/crypto/asn1/bio_ndef.c        |   3 -
 openssl/crypto/asn1/x_name.c          |   7 +-
 openssl/crypto/bio/b_sock.c           |  29 ++-
 openssl/crypto/bio/bss_dgram.c        |  18 +-
 openssl/crypto/bio/bss_log.c          |  32 ++-
 openssl/crypto/bn/asm/alpha-mont.pl   |   2 +-
 openssl/crypto/bn/asm/s390x-mont.pl   |   4 +-
 openssl/crypto/bn/bn.h                |  18 ++
 openssl/crypto/bn/bn_gf2m.c           |   1 +
 openssl/crypto/bn/bn_mont.c           |   2 +-
 openssl/crypto/bn/bn_nist.c           |  64 +++---
 openssl/crypto/conf/conf_api.c        |   1 +
 openssl/crypto/cryptlib.c             |   1 -
 openssl/crypto/crypto-lib.com         | 350 +++++++++++++++++++----------
 openssl/crypto/dsa/dsa_pmeth.c        |   1 +
 openssl/crypto/dso/dso_dlfcn.c        |   1 +
 openssl/crypto/dso/dso_vms.c          | 179 ++++++++-------
 openssl/crypto/ecdsa/ecdsatest.c      |   5 +-
 openssl/crypto/ecdsa/ecs_ossl.c       |   8 +
 openssl/crypto/evp/evp_test.c         |   1 +
 openssl/crypto/hmac/hm_pmeth.c        |   2 +
 openssl/crypto/install-crypto.com     | 196 +++++++++++++++++
 openssl/crypto/install.com            | 150 -------------
 openssl/crypto/o_time.c               |  22 +-
 openssl/crypto/ocsp/ocsp_lib.c        |   8 +-
 openssl/crypto/opensslv.h             |   6 +-
 openssl/crypto/perlasm/cbc.pl         |   2 -
 openssl/crypto/rand/rand_vms.c        |  16 +-
 openssl/crypto/rand/randfile.c        |   2 +
 openssl/crypto/rsa/rsa_oaep.c         |  20 +-
 openssl/crypto/stack/safestack.h      |  50 ++---
 openssl/crypto/vms_rms.h              |  51 +++++
 openssl/crypto/x509/x509_vfy.c        |   4 +
 openssl/doc/ssl/ssl.pod               |   2 +-
 openssl/engines/ccgost/gost_crypt.c   |   3 +-
 openssl/engines/e_capi_err.h          |   4 +
 openssl/engines/makeengines.com       | 312 +++++++++++++++++---------
 openssl/include/openssl/aes.h         |   1 +
 openssl/include/openssl/asn1.h        |   1 +
 openssl/include/openssl/asn1_mac.h    |   1 +
 openssl/include/openssl/asn1t.h       |   1 +
 openssl/include/openssl/bio.h         |   1 +
 openssl/include/openssl/blowfish.h    |   1 +
 openssl/include/openssl/bn.h          |   1 +
 openssl/include/openssl/buffer.h      |   1 +
 openssl/include/openssl/camellia.h    |   1 +
 openssl/include/openssl/cast.h        |   1 +
 openssl/include/openssl/cms.h         |   1 +
 openssl/include/openssl/comp.h        |   1 +
 openssl/include/openssl/conf.h        |   1 +
 openssl/include/openssl/conf_api.h    |   1 +
 openssl/include/openssl/crypto.h      |   1 +
 openssl/include/openssl/des.h         |   1 +
 openssl/include/openssl/des_old.h     |   1 +
 openssl/include/openssl/dh.h          |   1 +
 openssl/include/openssl/dsa.h         |   1 +
 openssl/include/openssl/dso.h         |   1 +
 openssl/include/openssl/dtls1.h       |   1 +
 openssl/include/openssl/e_os2.h       |   1 +
 openssl/include/openssl/ebcdic.h      |   1 +
 openssl/include/openssl/ec.h          |   1 +
 openssl/include/openssl/ecdh.h        |   1 +
 openssl/include/openssl/ecdsa.h       |   1 +
 openssl/include/openssl/engine.h      |   1 +
 openssl/include/openssl/err.h         |   1 +
 openssl/include/openssl/evp.h         |   1 +
 openssl/include/openssl/hmac.h        |   1 +
 openssl/include/openssl/idea.h        |   1 +
 openssl/include/openssl/krb5_asn.h    |   1 +
 openssl/include/openssl/kssl.h        |   1 +
 openssl/include/openssl/lhash.h       |   1 +
 openssl/include/openssl/md4.h         |   1 +
 openssl/include/openssl/md5.h         |   1 +
 openssl/include/openssl/mdc2.h        |   1 +
 openssl/include/openssl/modes.h       |   1 +
 openssl/include/openssl/obj_mac.h     |   1 +
 openssl/include/openssl/objects.h     |   1 +
 openssl/include/openssl/ocsp.h        |   1 +
 openssl/include/openssl/opensslconf.h |   1 +
 openssl/include/openssl/opensslv.h    |   1 +
 openssl/include/openssl/ossl_typ.h    |   1 +
 openssl/include/openssl/pem.h         |   1 +
 openssl/include/openssl/pem2.h        |   1 +
 openssl/include/openssl/pkcs12.h      |   1 +
 openssl/include/openssl/pkcs7.h       |   1 +
 openssl/include/openssl/pqueue.h      |   1 +
 openssl/include/openssl/rand.h        |   1 +
 openssl/include/openssl/rc2.h         |   1 +
 openssl/include/openssl/rc4.h         |   1 +
 openssl/include/openssl/ripemd.h      |   1 +
 openssl/include/openssl/rsa.h         |   1 +
 openssl/include/openssl/safestack.h   |   1 +
 openssl/include/openssl/seed.h        |   1 +
 openssl/include/openssl/sha.h         |   1 +
 openssl/include/openssl/ssl.h         |   1 +
 openssl/include/openssl/ssl2.h        |   1 +
 openssl/include/openssl/ssl23.h       |   1 +
 openssl/include/openssl/ssl3.h        |   1 +
 openssl/include/openssl/stack.h       |   1 +
 openssl/include/openssl/symhacks.h    |   1 +
 openssl/include/openssl/tls1.h        |   1 +
 openssl/include/openssl/ts.h          |   1 +
 openssl/include/openssl/txt_db.h      |   1 +
 openssl/include/openssl/ui.h          |   1 +
 openssl/include/openssl/ui_compat.h   |   1 +
 openssl/include/openssl/whrlpool.h    |   1 +
 openssl/include/openssl/x509.h        |   1 +
 openssl/include/openssl/x509_vfy.h    |   1 +
 openssl/include/openssl/x509v3.h      |   1 +
 openssl/install.com                   | 219 ++++++++++--------
 openssl/makevms.com                   | 404 ++++++++++++++++++++++------------
 openssl/ms/uplink.c                   |   3 +-
 openssl/openssl.spec                  |   2 +-
 openssl/ssl/bio_ssl.c                 |   4 +
 openssl/ssl/d1_both.c                 |  28 +--
 openssl/ssl/d1_clnt.c                 |   6 +-
 openssl/ssl/d1_lib.c                  |  65 +++++-
 openssl/ssl/d1_pkt.c                  |  20 +-
 openssl/ssl/d1_srvr.c                 |  26 ++-
 openssl/ssl/install-ssl.com           | 136 ++++++++++++
 openssl/ssl/install.com               |  90 --------
 openssl/ssl/s3_clnt.c                 |   2 +
 openssl/ssl/s3_lib.c                  |   6 +
 openssl/ssl/s3_pkt.c                  |   6 +-
 openssl/ssl/s3_srvr.c                 |  23 +-
 openssl/ssl/ssl-lib.com               | 306 ++++++++++++++++---------
 openssl/ssl/ssl_lib.c                 |  32 ++-
 openssl/test/bftest.c                 |   1 +
 openssl/test/bntest.c                 |   1 +
 openssl/test/bntest.com               |   7 +
 openssl/test/casttest.c               |   1 +
 openssl/test/clean_test.com           |  35 +++
 openssl/test/cms-test.pl              |   4 +-
 openssl/test/destest.c                |   1 +
 openssl/test/dhtest.c                 |   1 +
 openssl/test/dsatest.c                |   1 +
 openssl/test/ecdhtest.c               |   1 +
 openssl/test/ecdsatest.c              |   1 +
 openssl/test/ectest.c                 |   1 +
 openssl/test/enginetest.c             |   1 +
 openssl/test/evp_test.c               |   1 +
 openssl/test/exptest.c                |   1 +
 openssl/test/hmactest.c               |   1 +
 openssl/test/ideatest.c               |   1 +
 openssl/test/jpaketest.c              |   1 +
 openssl/test/maketests.com            | 307 +++++++++++++++++---------
 openssl/test/md2test.c                |   1 +
 openssl/test/md4test.c                |   1 +
 openssl/test/md5test.c                |   1 +
 openssl/test/mdc2test.c               |   1 +
 openssl/test/randtest.c               |   1 +
 openssl/test/rc2test.c                |   1 +
 openssl/test/rc4test.c                |   1 +
 openssl/test/rc5test.c                |   1 +
 openssl/test/rmdtest.c                |   1 +
 openssl/test/rsa_test.c               |   1 +
 openssl/test/sha1test.c               |   1 +
 openssl/test/sha256t.c                |   1 +
 openssl/test/sha512t.c                |   1 +
 openssl/test/shatest.c                |   1 +
 openssl/test/ssltest.c                |   1 +
 openssl/test/tcrl.com                 |  13 +-
 openssl/test/testca.com               |   8 +-
 openssl/test/testenc.com              |  13 +-
 openssl/test/testgen.com              |  22 +-
 openssl/test/tests.com                | 103 +++++----
 openssl/test/testss.com               |  17 +-
 openssl/test/testssl.com              |  20 +-
 openssl/test/testtsa.com              |  61 ++---
 openssl/test/tpkcs7.com               |  13 +-
 openssl/test/tpkcs7d.com              |  13 +-
 openssl/test/treq.com                 |  13 +-
 openssl/test/trsa.com                 |  13 +-
 openssl/test/tsid.com                 |  13 +-
 openssl/test/tverify.com              |  10 +-
 openssl/test/tx509.com                |  13 +-
 openssl/test/wp_test.c                |   1 +
 openssl/util/libeay.num               |   5 +
 openssl/util/mkdef.pl                 |   2 +
 openssl/util/mkerr.pl                 |   2 +-
 207 files changed, 3571 insertions(+), 1745 deletions(-)
 create mode 100644 openssl/VMS/install-vms.com
 delete mode 100644 openssl/VMS/install.com
 create mode 100644 openssl/VMS/openssl_startup.com
 create mode 100644 openssl/VMS/openssl_undo.com
 create mode 100644 openssl/apps/install-apps.com
 delete mode 100644 openssl/apps/install.com
 create mode 100644 openssl/apps/vms_decc_init.c
 create mode 100644 openssl/crypto/install-crypto.com
 delete mode 100644 openssl/crypto/install.com
 create mode 100644 openssl/crypto/vms_rms.h
 create mode 100644 openssl/ssl/install-ssl.com
 delete mode 100644 openssl/ssl/install.com
 create mode 100644 openssl/test/clean_test.com

(limited to 'openssl')

diff --git a/openssl/CHANGES b/openssl/CHANGES
index 5cae85c9c..a0de5abb6 100644
--- a/openssl/CHANGES
+++ b/openssl/CHANGES
@@ -2,6 +2,31 @@
  OpenSSL CHANGES
  _______________
 
+ Changes between 1.0.0d and 1.0.0e [6 Sep 2011]
+
+  *) Fix bug where CRLs with nextUpdate in the past are sometimes accepted
+     by initialising X509_STORE_CTX properly. (CVE-2011-3207)
+     [Kaspar Brand <ossl@velox.ch>]
+
+  *) Fix SSL memory handling for (EC)DH ciphersuites, in particular
+     for multi-threaded use of ECDH. (CVE-2011-3210)
+     [Adam Langley (Google)]
+
+  *) Fix x509_name_ex_d2i memory leak on bad inputs.
+     [Bodo Moeller]
+
+  *) Remove hard coded ecdsaWithSHA1 signature tests in ssl code and check
+     signature public key algorithm by using OID xref utilities instead.
+     Before this you could only use some ECC ciphersuites with SHA1 only.
+     [Steve Henson]
+
+  *) Add protection against ECDSA timing attacks as mentioned in the paper
+     by Billy Bob Brumley and Nicola Tuveri, see:
+
+	http://eprint.iacr.org/2011/232.pdf
+
+     [Billy Bob Brumley and Nicola Tuveri]
+
  Changes between 1.0.0c and 1.0.0d [8 Feb 2011]
 
   *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014
@@ -882,9 +907,25 @@
   *) Change 'Configure' script to enable Camellia by default.
      [NTT]
   
+ Changes between 0.9.8r and 0.9.8s [xx XXX xxxx]
+
+  *) Fix SSL memory handling for (EC)DH ciphersuites, in particular
+     for multi-threaded use of ECDH.
+     [Adam Langley (Google)]
+
+  *) Fix x509_name_ex_d2i memory leak on bad inputs.
+     [Bodo Moeller]
+
+  *) Add protection against ECDSA timing attacks as mentioned in the paper
+     by Billy Bob Brumley and Nicola Tuveri, see:
+
+	http://eprint.iacr.org/2011/232.pdf
+
+     [Billy Bob Brumley and Nicola Tuveri]
+
  Changes between 0.9.8q and 0.9.8r [8 Feb 2011]
 
-  *) Fix parsing of OCSP stapling ClientHello extension.  CVE-2011-0014
+  *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014
      [Neel Mehta, Adam Langley, Bodo Moeller (Google)]
 
   *) Fix bug in string printing code: if *any* escaping is enabled we must
diff --git a/openssl/FAQ b/openssl/FAQ
index 0e008cbdd..fe54856a6 100644
--- a/openssl/FAQ
+++ b/openssl/FAQ
@@ -82,7 +82,7 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?
 
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 1.0.0d was released on Feb 8th, 2011.
+OpenSSL 1.0.0e was released on Sep 6th, 2011.
 
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
diff --git a/openssl/INSTALL.VMS b/openssl/INSTALL.VMS
index 7658f64e1..e5d43a57a 100644
--- a/openssl/INSTALL.VMS
+++ b/openssl/INSTALL.VMS
@@ -71,7 +71,7 @@ the top to understand how to use them.  However, if you want to
 compile all you can get, the simplest is to use MAKEVMS.COM in the top
 directory.  The syntax is the following:
 
-  @MAKEVMS <option> <rsaref-p> <debug-p> [<compiler>]
+  @MAKEVMS <option> <bits> <debug-p> [<compiler>]
 
 <option> must be one of the following:
 
@@ -87,24 +87,11 @@ directory.  The syntax is the following:
       TEST      Just build the "[.xxx.EXE.TEST]" test programs for OpenSSL.
       APPS      Just build the "[.xxx.EXE.APPS]" application programs for OpenSSL.
 
-<rsaref-p> must be one of the following:
+<bits> must be one of the following:
 
-      RSAREF    compile using the RSAREF Library
-      NORSAREF  compile without using RSAREF
-
-Note 0: The RSAREF library IS NO LONGER NEEDED.  The RSA patent
-        expires September 20, 2000, and RSA Security chose to make
-        the algorithm public domain two weeks before that.
-
-Note 1: If you still want to use RSAREF, the library is NOT INCLUDED
-        and you have to download it.  RSA Security doesn't carry it
-        any more, but there are a number of places where you can find
-        it.  You have to get the ".tar-Z" file as the ".zip" file
-        doesn't have the directory structure stored.  You have to
-        extract the file into the [.RSAREF] directory as that is where
-        the scripts will look for the files.
-
-Note 2: I have never done this, so I've no idea if it works or not.
+      ""        compile using default pointer size
+      32        compile using 32 bit pointer size
+      64        compile using 64 bit pointer size
 
 <debug-p> must be one of the following:
 
@@ -117,12 +104,13 @@ Note 2: I have never done this, so I've no idea if it works or not.
       GNUC      For GNU C.
 
 
-You will find the crypto library in [.xxx.EXE.CRYPTO], called LIBCRYPTO.OLB,
-where xxx is VAX or AXP.  You will find the SSL library in [.xxx.EXE.SSL],
-named LIBSSL.OLB, and you will find a bunch of useful programs in
-[.xxx.EXE.APPS].  However, these shouldn't be used right off unless it's
-just to test them.  For production use, make sure you install first, see
-Installation below.
+You will find the crypto library in [.xxx.EXE.CRYPTO] (where xxx is VAX,
+ALPHA or IA64), called SSL_LIBCRYPTO32.OLB or SSL_LIBCRYPTO.OLB depending
+on how it was built.  You will find the SSL library in [.xxx.EXE.SSL],
+named SSL_LIBSSL32.OLB or SSL_LIBSSL.OLB, and you will find a bunch of
+useful programs in [.xxx.EXE.APPS].  However, these shouldn't be used
+right off unless it's just to test them.  For production use, make sure
+you install first, see Installation below.
 
 Note 1: Some programs in this package require a TCP/IP library.
 
@@ -170,12 +158,14 @@ Installation:
 
 Installation is easy, just do the following:
 
-  @INSTALL <root>
+  @INSTALL <root> <bits>
 
 <root> is the directory in which everything will be installed,
 subdirectories, libraries, header files, programs and startup command
 procedures.
 
+<bits> works the same way as for MAKEVMS.COM
+
 N.B.: INSTALL.COM builds a new directory structure, different from
 the directory tree where you have now build OpenSSL.
 
@@ -196,6 +186,10 @@ following command procedures:
         sets up the symbols to the applications.  Should be called
         from for example SYS$MANAGER:SYLOGIN.COM 
 
+  OPENSSL_UNDO.COM
+
+	deassigns the logical names created with OPENSSL_STARTUP.COM.
+
 The logical names that are set up are the following:
 
   SSLROOT       a dotted concealed logical name pointing at the
@@ -203,7 +197,6 @@ The logical names that are set up are the following:
 
   SSLCERTS      Initially an empty directory, this is the default
 		location for certificate files.
-  SSLMISC	Various scripts.
   SSLPRIVATE	Initially an empty directory, this is the default
 		location for private key files.
 
@@ -211,8 +204,9 @@ The logical names that are set up are the following:
 		programs.
   SSLINCLUDE    Contains the header files needed if you want to
 		compile programs with libcrypto or libssl.
-  SSLLIB        Contains the OpenSSL library files (LIBCRYPTO.OLB
-		and LIBSSL.OLB) themselves.
+  SSLLIB        Contains the OpenSSL library files themselves:
+  		- SSL_LIBCRYPTO32.OLB and SSL_LIBSSL32.OLB or
+		- SSL_LIBCRYPTO.OLB and SSL_LIBSSL.OLB
 
   OPENSSL	Same as SSLINCLUDE.  This is because the standard
 		way to include OpenSSL header files from version
@@ -296,4 +290,4 @@ have any ideas.
 
 --
 Richard Levitte <richard@levitte.org>
-2000-02-27
+2000-02-27, 2011-03-18
diff --git a/openssl/Makefile b/openssl/Makefile
index 5b918c486..445e15d67 100644
--- a/openssl/Makefile
+++ b/openssl/Makefile
@@ -4,7 +4,7 @@
 ## Makefile for OpenSSL
 ##
 
-VERSION=1.0.0d
+VERSION=1.0.0e
 MAJOR=1
 MINOR=0.0
 SHLIB_VERSION_NUMBER=1.0.0
diff --git a/openssl/NEWS b/openssl/NEWS
index a9c9b7803..672810dcc 100644
--- a/openssl/NEWS
+++ b/openssl/NEWS
@@ -5,6 +5,14 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e:
+
+      o Fix for CRL vulnerability issue CVE-2011-3207
+      o Fix for ECDH crashes CVE-2011-3210
+      o Protection against EC timing attacks.
+      o Support ECDH ciphersuites for certificates using SHA2 algorithms.
+      o Various DTLS fixes.
+
   Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d:
 
       o Fix for security issue CVE-2011-0014
diff --git a/openssl/README b/openssl/README
index e3858eab8..898437989 100644
--- a/openssl/README
+++ b/openssl/README
@@ -1,5 +1,5 @@
 
- OpenSSL 1.0.0d
+ OpenSSL 1.0.0e 6 Sep 2011
 
  Copyright (c) 1998-2011 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
diff --git a/openssl/VMS/install-vms.com b/openssl/VMS/install-vms.com
new file mode 100644
index 000000000..7da8b2153
--- /dev/null
+++ b/openssl/VMS/install-vms.com
@@ -0,0 +1,67 @@
+$! install-vms.com -- Installs the files in a given directory tree
+$!
+$! Author: Richard Levitte <richard@levitte.org>
+$! Time of creation: 23-MAY-1998 19:22
+$!
+$! P1	root of the directory tree
+$!
+$!
+$! Announce/identify.
+$!
+$ proc = f$environment( "procedure")
+$ write sys$output "@@@ "+ -
+   f$parse( proc, , , "name")+ f$parse( proc, , , "type")
+$!
+$ on error then goto tidy
+$ on control_c then goto tidy
+$!
+$ if p1 .eqs. ""
+$ then
+$   write sys$output "First argument missing."
+$   write sys$output -
+     "Should be the directory where you want things installed."
+$   exit
+$ endif
+$
+$ if (f$getsyi( "cpu") .lt. 128)
+$ then
+$   arch = "VAX"
+$ else
+$   arch = f$edit( f$getsyi( "arch_name"), "upcase")
+$   if (arch .eqs. "") then arch = "UNK"
+$ endif
+$
+$ root = f$parse( P1, "[]A.;0", , , "SYNTAX_ONLY, NO_CONCEAL")- "A.;0"
+$ root_dev = f$parse( root, , , "device", "syntax_only")
+$ root_dir = f$parse( root, , , "directory", "syntax_only") - -
+   "[000000." - "][" - "[" - "]"
+$ root = root_dev + "[" + root_dir
+$
+$ define /nolog wrk_sslroot 'root'.] /translation_attributes = concealed
+$ define /nolog wrk_sslinclude wrk_sslroot:[include]
+$
+$ if f$parse( "wrk_sslroot:[000000]") .eqs. "" then -
+   create /directory /log wrk_sslroot:[000000]
+$ if f$parse( "wrk_sslinclude:") .eqs. "" then -
+   create /directory /log wrk_sslinclude:
+$ if f$parse( "wrk_sslroot:[vms]") .eqs. "" then -
+   create /directory /log wrk_sslroot:[vms]
+$!
+$ copy /log /protection = world:re openssl_startup.com wrk_sslroot:[vms]
+$ copy /log /protection = world:re openssl_undo.com wrk_sslroot:[vms]
+$ copy /log /protection = world:re openssl_utils.com wrk_sslroot:[vms]
+$!
+$ tidy:
+$!
+$ call deass wrk_sslroot
+$ call deass wrk_sslinclude
+$!
+$ exit
+$!
+$ deass: subroutine
+$ if (f$trnlnm( p1, "LNM$PROCESS") .nes. "")
+$ then
+$   deassign /process 'p1'
+$ endif
+$ endsubroutine
+$!
diff --git a/openssl/VMS/install.com b/openssl/VMS/install.com
deleted file mode 100644
index 9c9c0e1e2..000000000
--- a/openssl/VMS/install.com
+++ /dev/null
@@ -1,79 +0,0 @@
-$! INSTALL.COM -- Installs the files in a given directory tree
-$!
-$! Author: Richard Levitte <richard@levitte.org>
-$! Time of creation: 23-MAY-1998 19:22
-$!
-$! P1	root of the directory tree
-$!
-$	IF P1 .EQS. ""
-$	THEN
-$	    WRITE SYS$OUTPUT "First argument missing."
-$	    WRITE SYS$OUTPUT "Should be the directory where you want things installed."
-$	    EXIT
-$	ENDIF
-$
-$	IF (F$GETSYI("CPU").LT.128)
-$	THEN
-$	    ARCH := VAX
-$	ELSE
-$	    ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
-$	    IF (ARCH .EQS. "") THEN ARCH = "UNK"
-$	ENDIF
-$
-$	ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
-$	ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
-$	ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
-		   - "[000000." - "][" - "[" - "]"
-$	ROOT = ROOT_DEV + "[" + ROOT_DIR
-$
-$	DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
-$	DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE]
-$
-$	IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLROOT:[000000]
-$	IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLINCLUDE:
-$	IF F$PARSE("WRK_SSLROOT:[VMS]") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLROOT:[VMS]
-$
-$	IF F$SEARCH("WRK_SSLINCLUDE:vms_idhacks.h") .NES. "" THEN -
-	   DELETE WRK_SSLINCLUDE:vms_idhacks.h;*
-$
-$	OPEN/WRITE SF WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM
-$	WRITE SYS$OUTPUT "%OPEN-I-CREATED,  ",F$SEARCH("WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM")," created."
-$	WRITE SF "$! Startup file for Openssl"
-$	WRITE SF "$!"
-$	WRITE SF "$! Do not edit this file, as it will be regenerated during next installation."
-$	WRITE SF "$! Instead, add or change SSLROOT:[VMS]OPENSSL_SYSTARTUP.COM"
-$	WRITE SF "$!"
-$	WRITE SF "$! P1	a qualifier to DEFINE.  For example ""/SYSTEM"" to get the logical names"
-$	WRITE SF "$!	defined in the system logical name table."
-$	WRITE SF "$!"
-$	WRITE SF "$	IF (F$GETSYI(""CPU"").LT.128)"
-$	WRITE SF "$	THEN"
-$	WRITE SF "$	    ARCH := VAX"
-$	WRITE SF "$	ELSE"
-$	WRITE SF "$	    ARCH = F$EDIT( F$GETSYI( ""ARCH_NAME""), ""UPCASE"")"
-$	WRITE SF "$	    IF (ARCH .EQS. """") THEN ARCH = ""UNK"""
-$	WRITE SF "$	ENDIF"
-$	WRITE SF "$	DEFINE/NOLOG'P1	SSLROOT		",ROOT,".] /TRANS=CONC"
-$	WRITE SF "$	DEFINE/NOLOG'P1	SSLLIB		SSLROOT:['ARCH'_LIB]"
-$	WRITE SF "$	DEFINE/NOLOG'P1	SSLINCLUDE	SSLROOT:[INCLUDE]"
-$	WRITE SF "$	DEFINE/NOLOG'P1	SSLEXE		SSLROOT:['ARCH'_EXE]"
-$	WRITE SF "$	DEFINE/NOLOG'P1	SSLCERTS	SSLROOT:[CERTS]"
-$	WRITE SF "$	DEFINE/NOLOG'P1	SSLPRIVATE	SSLROOT:[PRIVATE]"
-$	WRITE SF "$"
-$	WRITE SF "$!	This is program can include <openssl/{foo}.h>"
-$	WRITE SF "$	DEFINE/NOLOG'P1	OPENSSL		SSLINCLUDE:"
-$	WRITE SF "$"
-$	WRITE SF "$	IF F$SEARCH(""SSLROOT:[VMS]OPENSSL_SYSTARTUP.COM"") .NES."""" THEN -"
-$	WRITE SF "	   @SSLROOT:[VMS]OPENSSL_SYSTARTUP.COM"
-$	WRITE SF "$"
-$	WRITE SF "$	EXIT"
-$	CLOSE SF
-$	SET FILE/PROT=WORLD:RE WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM
-$
-$	COPY OPENSSL_UTILS.COM WRK_SSLROOT:[VMS]/LOG
-$	SET FILE/PROT=WORLD:RE WRK_SSLROOT:[VMS]OPENSSL_UTILS.COM
-$
-$	EXIT
diff --git a/openssl/VMS/mkshared.com b/openssl/VMS/mkshared.com
index 2f9167eea..794e1de62 100644
--- a/openssl/VMS/mkshared.com
+++ b/openssl/VMS/mkshared.com
@@ -1,101 +1,159 @@
-$! MKSHARED.COM -- script to created shareable images on VMS
+$! MKSHARED.COM -- Create shareable images.
 $!
-$! No command line parameters.  This should be run at the start of the source
-$! tree (the same directory where one finds INSTALL.VMS).
+$! P1: "64" for 64-bit pointers.
 $!
-$! Input:	[.UTIL]LIBEAY.NUM,[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB
-$!		[.UTIL]SSLEAY.NUM,[.xxx.EXE.SSL]LIBSSL.OLB
-$! Output:	[.xxx.EXE.CRYPTO]LIBCRYPTO.OPT,.MAP,.EXE
-$!		[.xxx.EXE.SSL]LIBSSL.OPT,.MAP,.EXE
+$! P2: Zlib object library path (optional).
+$!
+$! Input:	[.UTIL]LIBEAY.NUM,[.xxx.EXE.CRYPTO]SSL_LIBCRYPTO[32].OLB
+$!		[.UTIL]SSLEAY.NUM,[.xxx.EXE.SSL]SSL_LIBSSL[32].OLB
+$! Output:	[.xxx.EXE.CRYPTO]SSL_LIBCRYPTO_SHR[32].OPT,.MAP,.EXE
+$!		[.xxx.EXE.SSL]SSL_LIBSSL_SRH[32].OPT,.MAP,.EXE
 $!
 $! So far, tests have only been made on VMS for Alpha.  VAX will come in time.
 $! ===========================================================================
-$
+$!
+$! Announce/identify.
+$!
+$ proc = f$environment( "procedure")
+$ write sys$output "@@@ "+ -
+   f$parse( proc, , , "name")+ f$parse( proc, , , "type")
+$!
+$! Save the original default device:[directory].
+$!
+$ def_orig = f$environment( "default")
+$ on error then goto tidy
+$ on control_c then goto tidy
+$!
+$! SET DEFAULT to the main kit directory.
+$!
+$ proc = f$environment("procedure")
+$ proc = f$parse( "A.;", proc)- "A.;"
+$ set default 'proc'
+$ set default [-]
+$!
 $! ----- Prepare info for processing: version number and file info
 $ gosub read_version_info
 $ if libver .eqs. ""
 $ then
 $   write sys$error "ERROR: Couldn't find any library version info..."
-$   exit
+$   go to tidy:
 $ endif
 $
-$ if (f$getsyi("cpu").lt.128)
+$ if (f$getsyi("cpu") .lt. 128)
 $ then
-$     arch := VAX
+$   arch_vax = 1
+$   arch = "VAX"
 $ else
-$     arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$     if (arch .eqs. "") then arch = "UNK"
+$   arch_vax = 0
+$   arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$   if (arch .eqs. "") then arch = "UNK"
 $ endif
-$
-$ if arch .nes. "VAX"
+$!
+$ archd = arch
+$ lib32 = "32"
+$ shr = "SHR32"
+$!
+$ if (p1 .nes. "")
 $ then
-$   arch_vax = 0
-$   libid  = "Crypto"
-$   libnum = "[.UTIL]LIBEAY.NUM"
-$   libdir = "[.''ARCH'.EXE.CRYPTO]"
-$   libolb = "''libdir'LIBCRYPTO.OLB"
-$   libopt = "''libdir'LIBCRYPTO.OPT"
-$   libmap = "''libdir'LIBCRYPTO.MAP"
-$   libgoal= "''libdir'LIBCRYPTO.EXE"
-$   libref = ""
-$   if f$search(libdir+libolb) .nes. "" then gosub create_nonvax_shr
-$   libid  = "SSL"
-$   libnum = "[.UTIL]SSLEAY.NUM"
-$   libdir = "[.''ARCH'.EXE.SSL]"
-$   libolb = "''libdir'LIBSSL.OLB"
-$   libopt = "''libdir'LIBSSL.OPT"
-$   libmap = "''libdir'LIBSSL.MAP"
-$   libgoal= "''libdir'LIBSSL.EXE"
-$   libref = "[.''ARCH'.EXE.CRYPTO]LIBCRYPTO.EXE"
-$   if f$search(libdir+libolb) .nes. "" then gosub create_nonvax_shr
-$   arch_vax = 0
+$   if (p1 .eqs. "64")
+$   then
+$     archd = arch+ "_64"
+$     lib32 = ""
+$     shr = "SHR"
+$   else
+$     if (p1 .nes. "32")
+$     then
+$       write sys$output "Second argument invalid."
+$       write sys$output "It should be "32", "64", or nothing."
+$       exit
+$     endif
+$   endif
+$ endif
+$!
+$ ZLIB = p2
+$ zlib_lib = ""
+$ if (ZLIB .nes. "")
+$ then
+$   file2 = f$parse( ZLIB, "libz.olb", , , "syntax_only")
+$   if (f$search( file2) .eqs. "")
+$   then
+$     write sys$output ""
+$     write sys$output "The Option ", ZLIB, " Is Invalid."
+$     write sys$output "    Can't find library: ''file2'"
+$     write sys$output ""
+$     goto tidy
+$   endif
+$   zlib_lib = ", ''file2' /library"
+$ endif
+$!
+$ if (arch_vax)
+$ then
+$   libtit = "CRYPTO_TRANSFER_VECTOR"
 $   libid  = "Crypto"
 $   libnum = "[.UTIL]LIBEAY.NUM"
-$   libdir = "[.''ARCH'.EXE.CRYPTO]"
-$   libolb = "''libdir'LIBCRYPTO32.OLB"
-$   libopt = "''libdir'LIBCRYPTO32.OPT"
-$   libmap = "''libdir'LIBCRYPTO32.MAP"
-$   libgoal= "''libdir'LIBCRYPTO32.EXE"
+$   libdir = "[.''ARCHD'.EXE.CRYPTO]"
+$   libmar = "''libdir'SSL_LIBCRYPTO_''shr'.MAR"
+$   libolb = "''libdir'SSL_LIBCRYPTO''lib32'.OLB"
+$   libopt = "''libdir'SSL_LIBCRYPTO_''shr'.OPT"
+$   libobj = "''libdir'SSL_LIBCRYPTO_''shr'.OBJ"
+$   libmap = "''libdir'SSL_LIBCRYPTO_''shr'.MAP"
+$   libgoal= "''libdir'SSL_LIBCRYPTO_''shr'.EXE"
 $   libref = ""
-$   if f$search(libdir+libolb) .nes. "" then gosub create_nonvax_shr
+$   libvec = "LIBCRYPTO"
+$   if f$search( libolb) .nes. "" then gosub create_vax_shr
+$   libtit = "SSL_TRANSFER_VECTOR"
 $   libid  = "SSL"
 $   libnum = "[.UTIL]SSLEAY.NUM"
-$   libdir = "[.''ARCH'.EXE.SSL]"
-$   libolb = "''libdir'LIBSSL32.OLB"
-$   libopt = "''libdir'LIBSSL32.OPT"
-$   libmap = "''libdir'LIBSSL32.MAP"
-$   libgoal= "''libdir'LIBSSL32.EXE"
-$   libref = "[.''ARCH'.EXE.CRYPTO]LIBCRYPTO32.EXE"
-$   if f$search(libdir+libolb) .nes. "" then gosub create_nonvax_shr
+$   libdir = "[.''ARCHD'.EXE.SSL]"
+$   libmar = "''libdir'SSL_LIBSSL_''shr'.MAR"
+$   libolb = "''libdir'SSL_LIBSSL''lib32'.OLB"
+$   libopt = "''libdir'SSL_LIBSSL_''shr'.OPT"
+$   libobj = "''libdir'SSL_LIBSSL_''shr'.OBJ"
+$   libmap = "''libdir'SSL_LIBSSL_''shr'.MAP"
+$   libgoal= "''libdir'SSL_LIBSSL_''shr'.EXE"
+$   libref = "[.''ARCHD'.EXE.CRYPTO]SSL_LIBCRYPTO_''shr'.EXE"
+$   libvec = "LIBSSL"
+$   if f$search( libolb) .nes. "" then gosub create_vax_shr
 $ else
-$   arch_vax = 1
-$   libtit = "CRYPTO_TRANSFER_VECTOR"
 $   libid  = "Crypto"
 $   libnum = "[.UTIL]LIBEAY.NUM"
-$   libdir = "[.''ARCH'.EXE.CRYPTO]"
-$   libmar = "''libdir'LIBCRYPTO.MAR"
-$   libolb = "''libdir'LIBCRYPTO.OLB"
-$   libopt = "''libdir'LIBCRYPTO.OPT"
-$   libobj = "''libdir'LIBCRYPTO.OBJ"
-$   libmap = "''libdir'LIBCRYPTO.MAP"
-$   libgoal= "''libdir'LIBCRYPTO.EXE"
+$   libdir = "[.''ARCHD'.EXE.CRYPTO]"
+$   libolb = "''libdir'SSL_LIBCRYPTO''lib32'.OLB"
+$   libopt = "''libdir'SSL_LIBCRYPTO_''shr'.OPT"
+$   libmap = "''libdir'SSL_LIBCRYPTO_''shr'.MAP"
+$   libgoal= "''libdir'SSL_LIBCRYPTO_''shr'.EXE"
 $   libref = ""
-$   libvec = "LIBCRYPTO"
-$   if f$search(libdir+libolb) .nes. "" then gosub create_vax_shr
-$   libtit = "SSL_TRANSFER_VECTOR"
+$   if f$search( libolb) .nes. "" then gosub create_nonvax_shr
 $   libid  = "SSL"
 $   libnum = "[.UTIL]SSLEAY.NUM"
-$   libdir = "[.''ARCH'.EXE.SSL]"
-$   libmar = "''libdir'LIBSSL.MAR"
-$   libolb = "''libdir'LIBSSL.OLB"
-$   libopt = "''libdir'LIBSSL.OPT"
-$   libobj = "''libdir'LIBSSL.OBJ"
-$   libmap = "''libdir'LIBSSL.MAP"
-$   libgoal= "''libdir'LIBSSL.EXE"
-$   libref = "[.''ARCH'.EXE.CRYPTO]LIBCRYPTO.EXE"
-$   libvec = "LIBSSL"
-$   if f$search(libdir+libolb) .nes. "" then gosub create_vax_shr
+$   libdir = "[.''ARCHD'.EXE.SSL]"
+$   libolb = "''libdir'SSL_LIBSSL''lib32'.OLB"
+$   libopt = "''libdir'SSL_LIBSSL_''shr'.OPT"
+$   libmap = "''libdir'SSL_LIBSSL_''shr'.MAP"
+$   libgoal= "''libdir'SSL_LIBSSL_''shr'.EXE"
+$   libref = "[.''ARCHD'.EXE.CRYPTO]SSL_LIBCRYPTO_''shr'.EXE"
+$   if f$search( libolb) .nes. "" then gosub create_nonvax_shr
 $ endif
+$!
+$ tidy:
+$!
+$! Close any open files.
+$!
+$ if (f$trnlnm( "libnum", "LNM$PROCESS", 0, "SUPERVISOR") .nes. "") then -
+   close libnum
+$!
+$ if (f$trnlnm( "mar", "LNM$PROCESS", 0, "SUPERVISOR") .nes. "") then -
+   close mar
+$!
+$ if (f$trnlnm( "opt", "LNM$PROCESS", 0, "SUPERVISOR") .nes. "") then -
+   close opt
+$!
+$ if (f$trnlnm( "vf", "LNM$PROCESS", 0, "SUPERVISOR") .nes. "") then -
+   close vf
+$!
+$! Restore the original default device:[directory].
+$!
+$ set default 'def_orig'
 $ exit
 $
 $! ----- Subroutines to build the shareable libraries
@@ -130,9 +188,9 @@ $! ----- Subroutines for non-VAX
 $! -----
 $! The creator routine
 $ create_nonvax_shr:
-$   open/write opt 'libopt'
+$   open /write opt 'libopt'
 $   write opt "identification=""",libid," ",libverstr,""""
-$   write opt libolb,"/lib"
+$   write opt libolb, " /library"
 $   if libref .nes. "" then write opt libref,"/SHARE"
 $   write opt "SYMBOL_VECTOR=(-"
 $   libfirstentry := true
@@ -143,7 +201,8 @@ $   gosub read_func_num
 $   write opt ")"
 $   write opt "GSMATCH=",libvmatch,",",libver
 $   close opt
-$   link/map='libmap'/full/share='libgoal' 'libopt'/option
+$   link /map = 'libmap' /full /share = 'libgoal' 'libopt' /options -
+     'zlib_lib'
 $   return
 $
 $! The record writer routine
@@ -177,7 +236,7 @@ $! ----- Subroutines for VAX
 $! -----
 $! The creator routine
 $ create_vax_shr:
-$   open/write mar 'libmar'
+$   open /write mar 'libmar'
 $   type sys$input:/out=mar:
 ;
 ; Transfer vector for VAX shareable image
@@ -212,10 +271,10 @@ $!   libwriter := write_vax_vtransfer_entry
 $!   gosub read_func_num
 $   write mar "	.END"
 $   close mar
-$   open/write opt 'libopt'
+$   open /write opt 'libopt'
 $   write opt "identification=""",libid," ",libverstr,""""
 $   write opt libobj
-$   write opt libolb,"/lib"
+$   write opt libolb, " /library"
 $   if libref .nes. "" then write opt libref,"/SHARE"
 $   type sys$input:/out=opt:
 !
@@ -234,7 +293,8 @@ $   libwriter := write_vax_psect_attr
 $   gosub read_func_num
 $   close opt
 $   macro/obj='libobj' 'libmar'
-$   link/map='libmap'/full/share='libgoal' 'libopt'/option
+$   link /map = 'libmap' /full /share = 'libgoal' 'libopt' /options -
+     'zlib_lib'
 $   return
 $
 $! The record writer routine for VAX functions
@@ -256,9 +316,9 @@ $   return
 $
 $! ----- Common subroutines
 $! -----
-$! The .num file reader.  This one has great responsability.
+$! The .num file reader.  This one has great responsibility.
 $ read_func_num:
-$   open libnum 'libnum'
+$   open /read libnum 'libnum'
 $   goto read_nums
 $
 $ read_nums:
@@ -266,27 +326,30 @@ $   libentrynum=0
 $   liblastentry:=false
 $   entrycount=0
 $   loop:
-$     read/end=loop_end/err=loop_end libnum line
-$     entrynum=f$int(f$element(1," ",f$edit(line,"COMPRESS,TRIM")))
-$     entryinfo=f$element(2," ",f$edit(line,"COMPRESS,TRIM"))
-$     curentry=f$element(0," ",f$edit(line,"COMPRESS,TRIM"))
-$     info_exist=f$element(0,":",entryinfo)
-$     info_platforms=","+f$element(1,":",entryinfo)+","
-$     info_kind=f$element(2,":",entryinfo)
-$     info_algorithms=","+f$element(3,":",entryinfo)+","
+$     read /end=loop_end /err=loop_end libnum line
+$     lin = f$edit( line, "COMPRESS,TRIM")
+$!    Skip a "#" comment line.
+$     if (f$extract( 0, 1, lin) .eqs. "#") then goto loop
+$     entrynum = f$int(f$element( 1, " ", lin))
+$     entryinfo = f$element( 2, " ", lin)
+$     curentry = f$element( 0, " ", lin)
+$     info_exist = f$element( 0, ":", entryinfo)
+$     info_platforms = ","+ f$element(1, ":", entryinfo)+ ","
+$     info_kind = f$element( 2, ":", entryinfo)
+$     info_algorithms = ","+ f$element( 3, ":", entryinfo)+ ","
 $     if info_exist .eqs. "NOEXIST" then goto loop
 $     truesum = 0
 $     falsesum = 0
 $     negatives = 1
 $     plat_i = 0
 $     loop1:
-$       plat_entry = f$element(plat_i,",",info_platforms)
+$       plat_entry = f$element( plat_i, ",", info_platforms)
 $       plat_i = plat_i + 1
 $       if plat_entry .eqs. "" then goto loop1
 $       if plat_entry .nes. ","
 $       then
 $         if f$extract(0,1,plat_entry) .nes. "!" then negatives = 0
-$         if f$getsyi("CPU") .lt. 128
+$         if (arch_vax)
 $         then
 $           if plat_entry .eqs. "EXPORT_VAR_AS_FUNCTION" then -
 $             truesum = truesum + 1
@@ -295,6 +358,7 @@ $             falsesum = falsesum + 1
 $         endif
 $!
 $         if ((plat_entry .eqs. "VMS") .or. -
+            ((plat_entry .eqs. "ZLIB") .and. (ZLIB .nes. "")) .or. -
             (arch_vax .and. (plat_entry .eqs. "VMSVAX"))) then -
             truesum = truesum + 1
 $!
@@ -364,7 +428,7 @@ $
 $! The version number reader
 $ read_version_info:
 $   libver = ""
-$   open/read vf [.CRYPTO]OPENSSLV.H
+$   open /read vf [.CRYPTO]OPENSSLV.H
 $   loop_rvi:
 $     read/err=endloop_rvi/end=endloop_rvi vf rvi_line
 $     if rvi_line - "SHLIB_VERSION_NUMBER """ .eqs. rvi_line then -
diff --git a/openssl/VMS/openssl_startup.com b/openssl/VMS/openssl_startup.com
new file mode 100644
index 000000000..04bbbde88
--- /dev/null
+++ b/openssl/VMS/openssl_startup.com
@@ -0,0 +1,108 @@
+$!
+$! Startup file for OpenSSL 1.x.
+$!
+$! 2011-03-05 SMS.
+$!
+$! This procedure must reside in the OpenSSL installation directory.
+$! It will fail if it is copied to a different location.
+$!
+$! P1  qualifier(s) for DEFINE.  For example, "/SYSTEM" to get the
+$!     logical names defined in the system logical name table.
+$!
+$! P2  "64", to use executables which were built with 64-bit pointers.
+$!
+$! Good (default) and bad status values.
+$!
+$ status =    %x00010001 ! RMS$_NORMAL, normal successful completion.
+$ rms_e_fnf = %x00018292 ! RMS$_FNF, file not found.
+$!
+$! Prepare for problems.
+$!
+$ orig_dev_dir = f$environment( "DEFAULT")
+$ on control_y then goto clean_up
+$ on error then goto clean_up
+$!
+$! Determine hardware architecture.
+$!
+$ if (f$getsyi( "cpu") .lt. 128)
+$ then
+$   arch_name = "VAX"
+$ else
+$   arch_name = f$edit( f$getsyi( "arch_name"), "upcase")
+$   if (arch_name .eqs. "") then arch_name = "UNK"
+$ endif
+$!
+$ if (p2 .eqs. "64")
+$ then
+$   arch_name_exe = arch_name+ "_64"
+$ else
+$   arch_name_exe = arch_name
+$ endif
+$!
+$! Derive the OpenSSL installation device:[directory] from the location
+$! of this command procedure.
+$!
+$ proc = f$environment( "procedure")
+$ proc_dev_dir = f$parse( "A.;", proc, , , "no_conceal") - "A.;"
+$ proc_dev = f$parse( proc_dev_dir, , , "device", "syntax_only")
+$ proc_dir = f$parse( proc_dev_dir, , , "directory", "syntax_only") - -
+   ".][000000"- "[000000."- "]["- "["- "]"
+$ proc_dev_dir = proc_dev+ "["+ proc_dir+ "]"
+$ set default 'proc_dev_dir'
+$ set default [-]
+$ ossl_dev_dir = f$environment( "default")
+$!
+$! Check existence of expected directories (to see if this procedure has
+$! been moved away from its proper place).
+$!
+$ if ((f$search( "certs.dir;1") .eqs. "") .or. -
+   (f$search( "include.dir;1") .eqs. "") .or. -
+   (f$search( "private.dir;1") .eqs. "") .or. -
+   (f$search( "vms.dir;1") .eqs. ""))
+$ then
+$    write sys$output -
+      "   Can't find expected common OpenSSL directories in:"
+$    write sys$output "   ''ossl_dev_dir'"
+$    status = rms_e_fnf
+$    goto clean_up
+$ endif
+$!
+$ if ((f$search( "''arch_name_exe'_exe.dir;1") .eqs. "") .or. -
+   (f$search( "''arch_name'_lib.dir;1") .eqs. ""))
+$ then
+$    write sys$output -
+      "   Can't find expected architecture-specific OpenSSL directories in:"
+$    write sys$output "   ''ossl_dev_dir'"
+$    status = rms_e_fnf
+$    goto clean_up
+$ endif
+$!
+$! All seems well (enough).  Define the OpenSSL logical names.
+$!
+$ ossl_root = ossl_dev_dir- "]"+ ".]"
+$ define /translation_attributes = concealed /nolog'p1 SSLROOT 'ossl_root'
+$ define /nolog 'p1' SSLCERTS     sslroot:[certs]
+$ define /nolog 'p1' SSLINCLUDE   sslroot:[include]
+$ define /nolog 'p1' SSLPRIVATE   sslroot:[private]
+$ define /nolog 'p1' SSLEXE       sslroot:['arch_name_exe'_exe]
+$ define /nolog 'p1' SSLLIB       sslroot:['arch_name'_lib]
+$!
+$! Defining OPENSSL lets a C program use "#include <openssl/{foo}.h>":
+$ define /nolog 'p1' OPENSSL      SSLINCLUDE:
+$!
+$! Run a site-specific procedure, if it exists.
+$!
+$ if f$search( "sslroot:[vms]openssl_systartup.com") .nes."" then -
+   @ sslroot:[vms]openssl_systartup.com
+$!
+$! Restore the original default dev:[dir] (if known).
+$!
+$ clean_up:
+$!
+$ if (f$type( orig_dev_dir) .nes. "")
+$ then
+$    set default 'orig_dev_dir'
+$ endif
+$!
+$ EXIT 'status'
+$!
diff --git a/openssl/VMS/openssl_undo.com b/openssl/VMS/openssl_undo.com
new file mode 100644
index 000000000..d1623a316
--- /dev/null
+++ b/openssl/VMS/openssl_undo.com
@@ -0,0 +1,20 @@
+$!
+$! Deassign OpenSSL logical names.
+$!
+$ call deass "OPENSSL" "''p1'"
+$ call deass "SSLCERTS" "''p1'"
+$ call deass "SSLEXE" "''p1'"
+$ call deass "SSLINCLUDE" "''p1'"
+$ call deass "SSLLIB" "''p1'"
+$ call deass "SSLPRIVATE" "''p1'"
+$ call deass "SSLROOT" "''p1'"
+$!
+$ exit
+$!
+$deass: subroutine
+$ if (f$trnlnm( p1) .nes. "")
+$ then
+$    deassign 'p2' 'p1'
+$ endif
+$ endsubroutine
+$!
diff --git a/openssl/apps/CA.com b/openssl/apps/CA.com
index 69b7bb3fd..2c0d46527 100644
--- a/openssl/apps/CA.com
+++ b/openssl/apps/CA.com
@@ -37,14 +37,25 @@ $ VERIFY = openssl + " verify"
 $ X509   = openssl + " x509"
 $ PKCS12 = openssl + " pkcs12"
 $ echo   = "write sys$Output"
+$ RET = 1
+$!
+$! 2010-12-20 SMS.
+$! Use a concealed logical name to reduce command line lengths, to
+$! avoid DCL errors on VAX:
+$!     %DCL-W-TKNOVF, command element is too long - shorten
+$! (Path segments like "openssl-1_0_1-stable-SNAP-20101217" accumulate
+$! quickly.)
+$!
+$ CATOP = F$PARSE( F$ENVIRONMENT( "DEFAULT"), "[]")- "].;"+ ".demoCA.]"
+$ define /translation_attributes = concealed CATOP 'CATOP'
 $!
-$ s = F$PARSE(F$ENVIRONMENT("DEFAULT"),"[]") - "].;"
-$ CATOP  := 's'.demoCA
-$ CAKEY  := ]cakey.pem
-$ CACERT := ]cacert.pem
+$ on error then goto clean_up
+$ on control_y then goto clean_up
+$!
+$ CAKEY  = "CATOP:[private]cakey.pem"
+$ CACERT = "CATOP:[000000]cacert.pem"
 $
 $ __INPUT := SYS$COMMAND
-$ RET = 1
 $!
 $ i = 1
 $opt_loop:
@@ -55,7 +66,7 @@ $
 $ IF (prog_opt .EQS. "?" .OR. prog_opt .EQS. "-h" .OR. prog_opt .EQS. "-help") 
 $ THEN
 $   echo "usage: CA -newcert|-newreq|-newca|-sign|-verify" 
-$   exit
+$   goto clean_up
 $ ENDIF
 $!
 $ IF (prog_opt .EQS. "-input")
@@ -69,7 +80,7 @@ $!
 $ IF (prog_opt .EQS. "-newcert")
 $ THEN
 $   ! Create a certificate.
-$   DEFINE/USER SYS$INPUT '__INPUT'
+$   DEFINE /USER_MODE SYS$INPUT '__INPUT'
 $   REQ -new -x509 -keyout newreq.pem -out newreq.pem 'DAYS'
 $   RET=$STATUS
 $   echo "Certificate (and private key) is in newreq.pem"
@@ -79,7 +90,7 @@ $!
 $ IF (prog_opt .EQS. "-newreq")
 $ THEN
 $   ! Create a certificate request
-$   DEFINE/USER SYS$INPUT '__INPUT'
+$   DEFINE /USER_MODE SYS$INPUT '__INPUT'
 $   REQ -new -keyout newreq.pem -out newreq.pem 'DAYS'
 $   RET=$STATUS
 $   echo "Request (and private key) is in newreq.pem"
@@ -90,41 +101,40 @@ $ IF (prog_opt .EQS. "-newca")
 $ THEN
 $   ! If explicitly asked for or it doesn't exist then setup the directory
 $   ! structure that Eric likes to manage things.
-$   IF F$SEARCH(CATOP+"]serial.") .EQS. ""
+$   IF F$SEARCH( "CATOP:[000000]serial.") .EQS. ""
 $   THEN
-$     CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP']
-$     CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.certs]
-$     CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.crl]
-$     CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.newcerts]
-$     CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.private]
+$     CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[000000]
+$     CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[certs]
+$     CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[crl]
+$     CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[newcerts]
+$     CREATE /DIRECTORY /PROTECTION=OWNER:RWED CATOP:[private]
 $
-$     OPEN   /WRITE ser_file 'CATOP']serial. 
+$     OPEN /WRITE ser_file CATOP:[000000]serial. 
 $     WRITE ser_file "01"
 $     CLOSE ser_file
-$     APPEND/NEW NL: 'CATOP']index.txt
+$     APPEND /NEW_VERSION NL: CATOP:[000000]index.txt
 $
 $     ! The following is to make sure access() doesn't get confused.  It
 $     ! really needs one file in the directory to give correct answers...
-$     COPY NLA0: 'CATOP'.certs].;
-$     COPY NLA0: 'CATOP'.crl].;
-$     COPY NLA0: 'CATOP'.newcerts].;
-$     COPY NLA0: 'CATOP'.private].;
+$     COPY NLA0: CATOP:[certs].;
+$     COPY NLA0: CATOP:[crl].;
+$     COPY NLA0: CATOP:[newcerts].;
+$     COPY NLA0: CATOP:[private].;
 $   ENDIF
 $!
-$   IF F$SEARCH(CATOP+".private"+CAKEY) .EQS. ""
+$   IF F$SEARCH( CAKEY) .EQS. ""
 $   THEN
 $     READ '__INPUT' FILE -
-	   /PROMPT="CA certificate filename (or enter to create)"
+       /PROMPT="CA certificate filename (or enter to create): "
 $     IF (FILE .NES. "") .AND. (F$SEARCH(FILE) .NES. "")
 $     THEN
-$       COPY 'FILE' 'CATOP'.private'CAKEY'
-$	RET=$STATUS
+$       COPY 'FILE' 'CAKEY'
+$       RET=$STATUS
 $     ELSE
 $       echo "Making CA certificate ..."
-$       DEFINE/USER SYS$INPUT '__INPUT'
-$       REQ -new -x509 -keyout 'CATOP'.private'CAKEY' -
-		       -out 'CATOP''CACERT' 'DAYS'
-$	RET=$STATUS
+$       DEFINE /USER_MODE SYS$INPUT '__INPUT'
+$       REQ -new -x509 -keyout 'CAKEY' -out 'CACERT' 'DAYS'
+$       RET=$STATUS
 $     ENDIF
 $   ENDIF
 $   GOTO opt_loop_continue
@@ -135,16 +145,16 @@ $ THEN
 $   i = i + 1
 $   cname = P'i'
 $   IF cname .EQS. "" THEN cname = "My certificate"
-$   PKCS12 -in newcert.pem -inkey newreq.pem -certfile 'CATOP''CACERT -
-	   -out newcert.p12 -export -name "''cname'"
+$   PKCS12 -in newcert.pem -inkey newreq.pem -certfile 'CACERT' -
+     -out newcert.p12 -export -name "''cname'"
 $   RET=$STATUS
-$   exit RET
+$   goto clean_up
 $ ENDIF
 $!
 $ IF (prog_opt .EQS. "-xsign")
 $ THEN
 $!
-$   DEFINE/USER SYS$INPUT '__INPUT'
+$   DEFINE /USER_MODE SYS$INPUT '__INPUT'
 $   CA -policy policy_anything -infiles newreq.pem
 $   RET=$STATUS
 $   GOTO opt_loop_continue
@@ -153,7 +163,7 @@ $!
 $ IF ((prog_opt .EQS. "-sign") .OR. (prog_opt .EQS. "-signreq"))
 $ THEN
 $!   
-$   DEFINE/USER SYS$INPUT '__INPUT'
+$   DEFINE /USER_MODE SYS$INPUT '__INPUT'
 $   CA -policy policy_anything -out newcert.pem -infiles newreq.pem
 $   RET=$STATUS
 $   type newcert.pem
@@ -165,9 +175,9 @@ $ IF (prog_opt .EQS. "-signcert")
 $  THEN
 $!   
 $   echo "Cert passphrase will be requested twice - bug?"
-$   DEFINE/USER SYS$INPUT '__INPUT'
+$   DEFINE /USER_MODE SYS$INPUT '__INPUT'
 $   X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem
-$   DEFINE/USER SYS$INPUT '__INPUT'
+$   DEFINE /USER_MODE SYS$INPUT '__INPUT'
 $   CA -policy policy_anything -out newcert.pem -infiles tmp.pem
 y
 y
@@ -182,17 +192,17 @@ $!
 $   i = i + 1
 $   IF (p'i' .EQS. "")
 $   THEN
-$     DEFINE/USER SYS$INPUT '__INPUT'
-$     VERIFY "-CAfile" 'CATOP''CACERT' newcert.pem
+$     DEFINE /USER_MODE SYS$INPUT '__INPUT'
+$     VERIFY "-CAfile" 'CACERT' newcert.pem
 $   ELSE
 $     j = i
 $    verify_opt_loop:
 $     IF j .GT. 8 THEN GOTO verify_opt_loop_end
 $     IF p'j' .NES. ""
 $     THEN 
-$       DEFINE/USER SYS$INPUT '__INPUT'
+$       DEFINE /USER_MODE SYS$INPUT '__INPUT'
 $       __tmp = p'j'
-$       VERIFY "-CAfile" 'CATOP''CACERT' '__tmp'
+$       VERIFY "-CAfile" 'CACERT' '__tmp'
 $       tmp=$STATUS
 $       IF tmp .NE. 0 THEN RET=tmp
 $     ENDIF
@@ -208,8 +218,8 @@ $ IF (prog_opt .NES. "")
 $ THEN
 $!   
 $   echo "Unknown argument ''prog_opt'"
-$   
-$   EXIT 3
+$   RET = 3
+$   goto clean_up
 $ ENDIF
 $
 $opt_loop_continue:
@@ -217,4 +227,10 @@ $ i = i + 1
 $ GOTO opt_loop
 $
 $opt_loop_end:
+$!
+$clean_up:
+$!
+$ if f$trnlnm( "CATOP", "LNM$PROCESS") .nes. "" then -
+   deassign /process CATOP
+$!
 $ EXIT 'RET'
diff --git a/openssl/apps/apps.c b/openssl/apps/apps.c
index c2797711a..feb7ed46e 100644
--- a/openssl/apps/apps.c
+++ b/openssl/apps/apps.c
@@ -798,7 +798,9 @@ X509 *load_cert(BIO *err, const char *file, int format,
 	if (file == NULL)
 		{
 #ifdef _IONBF
+# ifndef OPENSSL_NO_SETVBUF_IONBF
 		setvbuf(stdin, NULL, _IONBF, 0);
+# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
 #endif
 		BIO_set_fp(cert,stdin,BIO_NOCLOSE);
 		}
@@ -899,7 +901,9 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
 	if (file == NULL && maybe_stdin)
 		{
 #ifdef _IONBF
+# ifndef OPENSSL_NO_SETVBUF_IONBF
 		setvbuf(stdin, NULL, _IONBF, 0);
+# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
 #endif
 		BIO_set_fp(key,stdin,BIO_NOCLOSE);
 		}
@@ -988,7 +992,9 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
 	if (file == NULL && maybe_stdin)
 		{
 #ifdef _IONBF
+# ifndef OPENSSL_NO_SETVBUF_IONBF
 		setvbuf(stdin, NULL, _IONBF, 0);
+# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
 #endif
 		BIO_set_fp(key,stdin,BIO_NOCLOSE);
 		}
diff --git a/openssl/apps/asn1pars.c b/openssl/apps/asn1pars.c
index b5d65e725..0d6607071 100644
--- a/openssl/apps/asn1pars.c
+++ b/openssl/apps/asn1pars.c
@@ -408,6 +408,7 @@ static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)
 
 	atyp = ASN1_generate_nconf(genstr, cnf);
 	NCONF_free(cnf);
+	cnf = NULL;
 
 	if (!atyp)
 		return -1;
diff --git a/openssl/apps/enc.c b/openssl/apps/enc.c
index c28d8b194..076225c4c 100644
--- a/openssl/apps/enc.c
+++ b/openssl/apps/enc.c
@@ -393,8 +393,10 @@ bad:
 
 	if (inf == NULL)
 	        {
+#ifndef OPENSSL_NO_SETVBUF_IONBF
 		if (bufsize != NULL)
 			setvbuf(stdin, (char *)NULL, _IONBF, 0);
+#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
 	        }
 	else
@@ -447,8 +449,10 @@ bad:
 	if (outf == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifndef OPENSSL_NO_SETVBUF_IONBF
 		if (bufsize != NULL)
 			setvbuf(stdout, (char *)NULL, _IONBF, 0);
+#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
 #ifdef OPENSSL_SYS_VMS
 		{
 		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
diff --git a/openssl/apps/install-apps.com b/openssl/apps/install-apps.com
new file mode 100644
index 000000000..7a553aa12
--- /dev/null
+++ b/openssl/apps/install-apps.com
@@ -0,0 +1,107 @@
+$! INSTALL.COM -- Installs the files in a given directory tree
+$!
+$! Author: Richard Levitte <richard@levitte.org>
+$! Time of creation: 22-MAY-1998 10:13
+$!
+$! P1  root of the directory tree
+$! P2  "64" for 64-bit pointers.
+$!
+$!
+$! Announce/identify.
+$!
+$ proc = f$environment( "procedure")
+$ write sys$output "@@@ "+ -
+   f$parse( proc, , , "name")+ f$parse( proc, , , "type")
+$!
+$ on error then goto tidy
+$ on control_c then goto tidy
+$!
+$ if (p1 .eqs. "")
+$ then
+$   write sys$output "First argument missing."
+$   write sys$output -
+     "It should be the directory where you want things installed."
+$   exit
+$ endif
+$!
+$ if (f$getsyi("cpu") .lt. 128)
+$ then
+$   arch = "VAX"
+$ else
+$   arch = f$edit( f$getsyi( "arch_name"), "upcase")
+$   if (arch .eqs. "") then arch = "UNK"
+$ endif
+$!
+$ archd = arch
+$!
+$ if (p2 .nes. "")
+$ then
+$   if (p2 .eqs. "64")
+$   then
+$     archd = arch+ "_64"
+$   else
+$     if (p2 .nes. "32")
+$     then
+$       write sys$output "Second argument invalid."
+$       write sys$output "It should be "32", "64", or nothing."
+$       exit
+$     endif
+$   endif
+$ endif
+$!
+$ root = f$parse( p1, "[]A.;0", , , "syntax_only, no_conceal") - "A.;0"
+$ root_dev = f$parse(root,,,"device","syntax_only")
+$ root_dir = f$parse(root,,,"directory","syntax_only") - -
+   "[000000." - "][" - "[" - "]"
+$ root = root_dev + "[" + root_dir
+$!
+$ define /nolog wrk_sslroot 'root'.] /trans=conc
+$ define /nolog wrk_sslxexe wrk_sslroot:['archd'_exe]
+$!
+$ if f$parse("wrk_sslroot:[000000]") .eqs. "" then -
+   create /directory /log wrk_sslroot:[000000]
+$ if f$parse("wrk_sslxexe:") .eqs. "" then -
+   create /directory /log wrk_sslxexe:
+$!
+$ exe := openssl
+$!
+$ exe_dir := [-.'archd'.exe.apps]
+$!
+$! Executables.
+$!
+$ i = 0
+$ loop_exe:
+$   e = f$edit(f$element( i, ",", exe), "trim")
+$   i = i + 1
+$   if e .eqs. "," then goto loop_exe_end
+$   set noon
+$   file = exe_dir+ e+ ".exe"
+$   if f$search( file) .nes. ""
+$   then
+$     copy /protection = w:re 'file' wrk_sslxexe: /log
+$   endif
+$   set on
+$ goto loop_exe
+$ loop_exe_end:
+$!
+$! Miscellaneous.
+$!
+$ set noon
+$ copy /protection = w:re ca.com wrk_sslxexe:ca.com /log
+$ copy /protection = w:re openssl-vms.cnf wrk_sslroot:[000000]openssl.cnf /log
+$ set on
+$!
+$ tidy:
+$!
+$ call deass wrk_sslroot
+$ call deass wrk_sslxexe
+$!
+$ exit
+$!
+$ deass: subroutine
+$ if (f$trnlnm( p1, "LNM$PROCESS") .nes. "")
+$ then
+$   deassign /process 'p1'
+$ endif
+$ endsubroutine
+$!
diff --git a/openssl/apps/install.com b/openssl/apps/install.com
deleted file mode 100644
index c5821b40e..000000000
--- a/openssl/apps/install.com
+++ /dev/null
@@ -1,65 +0,0 @@
-$! INSTALL.COM -- Installs the files in a given directory tree
-$!
-$! Author: Richard Levitte <richard@levitte.org>
-$! Time of creation: 22-MAY-1998 10:13
-$!
-$! P1	root of the directory tree
-$!
-$
-$	IF P1 .EQS. ""
-$	THEN
-$	    WRITE SYS$OUTPUT "First argument missing."
-$	    WRITE SYS$OUTPUT -
-		  "Should be the directory where you want things installed."
-$	    EXIT
-$	ENDIF
-$
-$	IF (F$GETSYI("CPU").LT.128)
-$	THEN
-$	    ARCH := VAX
-$	ELSE
-$	    ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
-$	    IF (ARCH .EQS. "") THEN ARCH = "UNK"
-$	ENDIF
-$
-$	ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
-$	ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
-$	ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
-		   - "[000000." - "][" - "[" - "]"
-$	ROOT = ROOT_DEV + "[" + ROOT_DIR
-$
-$	DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
-$	DEFINE/NOLOG WRK_SSLEXE WRK_SSLROOT:['ARCH'_EXE]
-$
-$	IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLROOT:[000000]
-$	IF F$PARSE("WRK_SSLEXE:") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLEXE:
-$
-$	EXE := openssl
-$
-$	EXE_DIR := [-.'ARCH'.EXE.APPS]
-$
-$	I = 0
-$ LOOP_EXE: 
-$	E = F$EDIT(F$ELEMENT(I, ",", EXE),"TRIM")
-$	I = I + 1
-$	IF E .EQS. "," THEN GOTO LOOP_EXE_END
-$	SET NOON
-$	IF F$SEARCH(EXE_DIR+E+".EXE") .NES. ""
-$	THEN
-$	  COPY 'EXE_DIR''E'.EXE WRK_SSLEXE:'E'.EXE/log
-$	  SET FILE/PROT=W:RE WRK_SSLEXE:'E'.EXE
-$	ENDIF
-$	SET ON
-$	GOTO LOOP_EXE
-$ LOOP_EXE_END:
-$
-$	SET NOON
-$	COPY CA.COM WRK_SSLEXE:CA.COM/LOG
-$	SET FILE/PROT=W:RE WRK_SSLEXE:CA.COM
-$	COPY OPENSSL-VMS.CNF WRK_SSLROOT:[000000]OPENSSL.CNF/LOG
-$	SET FILE/PROT=W:R WRK_SSLROOT:[000000]OPENSSL.CNF
-$	SET ON
-$
-$	EXIT
diff --git a/openssl/apps/makeapps.com b/openssl/apps/makeapps.com
index 7a728e6a5..71417a86b 100644
--- a/openssl/apps/makeapps.com
+++ b/openssl/apps/makeapps.com
@@ -39,18 +39,35 @@ $!  P4, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
 $!
 $!  P5, if defined, sets a choice of programs to compile.
 $!
-$!  For 64 bit architectures (Alpha and IA64), specify the pointer size as P6.
-$!  For 32 bit architectures (VAX), P6 is ignored.
-$!  Currently supported values are:
+$!  P6, if defined, specifies the C pointer size.  Ignored on VAX.
+$!      ("64=ARGV" gives more efficient code with HP C V7.3 or newer.)
+$!      Supported values are:
 $!
-$!	32	To ge a library compiled with /POINTER_SIZE=32
-$!	64	To ge a library compiled with /POINTER_SIZE=64
+$!      ""       Compile with default (/NOPOINTER_SIZE)
+$!      32       Compile with /POINTER_SIZE=32 (SHORT)
+$!      64       Compile with /POINTER_SIZE=64[=ARGV] (LONG[=ARGV])
+$!               (Automatically select ARGV if compiler supports it.)
+$!      64=      Compile with /POINTER_SIZE=64 (LONG).
+$!      64=ARGV  Compile with /POINTER_SIZE=64=ARGV (LONG=ARGV).
 $!
+$!  P7, if defined, specifies a directory where ZLIB files (zlib.h,
+$!  libz.olb) may be found.  Optionally, a non-default object library
+$!  name may be included ("dev:[dir]libz_64.olb", for example).
+$!
+$!
+$! Announce/identify.
+$!
+$ proc = f$environment( "procedure")
+$ write sys$output "@@@ "+ -
+   f$parse( proc, , , "name")+ f$parse( proc, , , "type")
+$!
+$ on control_c then goto exit
 $!
 $! Define A TCP/IP Library That We Will Need To Link To.
 $! (That Is, If We Need To Link To One.)
 $!
 $ TCPIP_LIB = ""
+$ ZLIB_LIB = ""
 $!
 $! Check What Architecture We Are Using.
 $!
@@ -74,29 +91,45 @@ $! End The Architecture Check.
 $!
 $ ENDIF
 $!
+$ ARCHD = ARCH
+$ LIB32 = "32"
+$ OPT_FILE = ""
+$ POINTER_SIZE = ""
+$!
 $! Define what programs should be compiled
 $!
 $ PROGRAMS := OPENSSL
 $!
+$! Check To Make Sure We Have Valid Command Line Parameters.
+$!
+$ GOSUB CHECK_OPTIONS
+$!
 $! Define The CRYPTO Library.
 $!
-$ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO'LIB32'.OLB
+$ CRYPTO_LIB := SYS$DISK:[-.'ARCHD'.EXE.CRYPTO]SSL_LIBCRYPTO'LIB32'.OLB
 $!
 $! Define The SSL Library.
 $!
-$ SSL_LIB := SYS$DISK:[-.'ARCH'.EXE.SSL]LIBSSL'LIB32'.OLB
+$ SSL_LIB := SYS$DISK:[-.'ARCHD'.EXE.SSL]SSL_LIBSSL'LIB32'.OLB
 $!
-$! Define The OBJ Directory.
+$! Define The OBJ and EXE Directories.
 $!
-$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.APPS]
+$ OBJ_DIR := SYS$DISK:[-.'ARCHD'.OBJ.APPS]
+$ EXE_DIR := SYS$DISK:[-.'ARCHD'.EXE.APPS]
 $!
-$! Define The EXE Directory.
+$! Specify the destination directory in any /MAP option.
 $!
-$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.APPS]
+$ if (LINKMAP .eqs. "MAP")
+$ then
+$   LINKMAP = LINKMAP+ "=''EXE_DIR'"
+$ endif
 $!
-$! Check To Make Sure We Have Valid Command Line Parameters.
+$! Add the location prefix to the linker options file name.
 $!
-$ GOSUB CHECK_OPTIONS
+$ if (OPT_FILE .nes. "")
+$ then
+$   OPT_FILE = EXE_DIR+ OPT_FILE
+$ endif
 $!
 $! Initialise logical names and such
 $!
@@ -104,7 +137,7 @@ $ GOSUB INITIALISE
 $!
 $! Tell The User What Kind of Machine We Run On.
 $!
-$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine."
+$ WRITE SYS$OUTPUT "Host system architecture: ''ARCHD'"
 $!
 $! Check To See If The OBJ Directory Exists.
 $!
@@ -152,6 +185,9 @@ $ LIB_OPENSSL = "VERIFY,ASN1PARS,REQ,DGST,DH,DHPARAM,ENC,PASSWD,GENDH,ERRSTR,"+-
 	      	"S_TIME,APPS,S_CB,S_SOCKET,APP_RAND,VERSION,SESS_ID,"+-
 	      	"CIPHERS,NSEQ,PKCS12,PKCS8,PKEY,PKEYPARAM,PKEYUTL,"+ -
 	      	"SPKAC,SMIME,CMS,RAND,ENGINE,OCSP,PRIME,TS"
+$!
+$ LIB_OPENSSL = LIB_OPENSSL+ ",VMS_DECC_INIT"
+$!
 $ TCPIP_PROGRAMS = ",,"
 $ IF COMPILER .EQS. "VAXC" THEN -
      TCPIP_PROGRAMS = ",OPENSSL,"
@@ -209,7 +245,7 @@ $   LIB_COUNTER = -1
 $!
 $!  Create a .OPT file for the object files
 $!
-$   OPEN/WRITE OBJECTS 'EXE_DIR''CURRENT_APP'.OPT
+$   OPEN /WRITE OBJECTS 'EXE_DIR''CURRENT_APP'.OPT
 $!
 $!  Top Of The File Loop.
 $!
@@ -296,34 +332,18 @@ $   GOTO NEXT_APP
 $ ENDIF
 $!
 $! Link The Program.
-$! Check To See If We Are To Link With A Specific TCP/IP Library.
 $!
 $ ON WARNING THEN GOTO NEXT_APP
 $!
-$ IF (TCPIP_LIB.NES."")
-$ THEN
-$!
 $! Don't Link With The RSAREF Routines And TCP/IP Library.
 $!
-$   LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' -
-	'EXE_DIR''CURRENT_APP'.OPT/OPTION, -
-        'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, -
-        'TCPIP_LIB','OPT_FILE'/OPTION
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$! Don't Link With The RSAREF Routines And Link With A TCP/IP Library.
-$!
-$   LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' -
-	'EXE_DIR''CURRENT_APP'.OPT/OPTION, -
-        'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, -
-        'OPT_FILE'/OPTION
-$!
-$! End The TCP/IP Library Check.
-$!
-$ ENDIF
+$ LINK /'DEBUGGER' /'LINKMAP' /'TRACEBACK' /EXE='EXE_FILE' -
+  'EXE_DIR''CURRENT_APP'.OPT /OPTIONS, -
+  'SSL_LIB' /LIBRARY, -
+  'CRYPTO_LIB' /LIBRARY -
+  'TCPIP_LIB' -
+  'ZLIB_LIB' -
+  ,'OPT_FILE' /OPTIONS
 $!
 $! Go Back And Do It Again.
 $!
@@ -358,7 +378,7 @@ $!
 $     CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File To Link Agianst 
+! Default System Options File To Link Against 
 ! The Sharable VAX C Runtime Library.
 !
 SYS$SHARE:VAXCRTL.EXE/SHARE
@@ -387,7 +407,7 @@ $!
 $     CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File To Link Agianst 
+! Default System Options File To Link Against 
 ! The Sharable C Runtime Library.
 !
 GNU_CC:[000000]GCCLIB/LIBRARY
@@ -422,7 +442,7 @@ $!
 $       CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File To Link Agianst 
+! Default System Options File To Link Against 
 ! The Sharable DEC C Runtime Library.
 !
 SYS$SHARE:DECC$SHR.EXE/SHARE
@@ -437,7 +457,7 @@ $!
 $       CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File For non-VAX To Link Agianst 
+! Default System Options File For non-VAX To Link Against 
 ! The Sharable C Runtime Library.
 !
 SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
@@ -521,14 +541,15 @@ $!
 $ IF (P1.EQS."NODEBUG")
 $ THEN
 $!
-$!   P1 Is NODEBUG, So Compile Without Debugger Information.
+$!  P1 Is NODEBUG, So Compile Without Debugger Information.
 $!
-$    DEBUGGER  = "NODEBUG"
-$    TRACEBACK = "NOTRACEBACK" 
-$    GCC_OPTIMIZE = "OPTIMIZE"
-$    CC_OPTIMIZE = "OPTIMIZE"
-$    WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
-$    WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
+$   DEBUGGER  = "NODEBUG"
+$   LINKMAP = "NOMAP"
+$   TRACEBACK = "NOTRACEBACK" 
+$   GCC_OPTIMIZE = "OPTIMIZE"
+$   CC_OPTIMIZE = "OPTIMIZE"
+$   WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
+$   WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
 $!
 $! Else...
 $!
@@ -542,6 +563,7 @@ $!
 $!    Compile With Debugger Information.
 $!
 $     DEBUGGER  = "DEBUG"
+$     LINKMAP = "MAP"
 $     TRACEBACK = "TRACEBACK"
 $     GCC_OPTIMIZE = "NOOPTIMIZE"
 $     CC_OPTIMIZE = "NOOPTIMIZE"
@@ -549,7 +571,7 @@ $     WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile."
 $     WRITE SYS$OUTPUT "Compiling Without Compiler Optimization."
 $   ELSE
 $!
-$!    Tell The User Entered An Invalid Option..
+$!    Tell The User Entered An Invalid Option.
 $!
 $     WRITE SYS$OUTPUT ""
 $     WRITE SYS$OUTPUT "The Option ",P1," Is Invalid.  The Valid Options Are:"
@@ -570,58 +592,87 @@ $! End The P1 Check.
 $!
 $ ENDIF
 $!
-$! Check To See If P6 Is Blank.
+$! Check P6 (POINTER_SIZE).
 $!
-$ IF (P6.EQS."")
+$ IF (P6 .NES. "") .AND. (ARCH .NES. "VAX")
 $ THEN
-$   POINTER_SIZE = ""
-$ ELSE
-$!
-$!  Check is P6 Is Valid
 $!
-$   IF (P6.EQS."32")
+$   IF (P6 .EQS. "32")
 $   THEN
-$     POINTER_SIZE = "/POINTER_SIZE=32"
-$     IF ARCH .EQS. "VAX"
-$     THEN
-$       LIB32 = ""
-$     ELSE
-$       LIB32 = "32"
-$     ENDIF
+$     POINTER_SIZE = " /POINTER_SIZE=32"
 $   ELSE
-$     IF (P6.EQS."64")
+$     POINTER_SIZE = F$EDIT( P6, "COLLAPSE, UPCASE")
+$     IF ((POINTER_SIZE .EQS. "64") .OR. -
+       (POINTER_SIZE .EQS. "64=") .OR. -
+       (POINTER_SIZE .EQS. "64=ARGV"))
 $     THEN
+$       ARCHD = ARCH+ "_64"
 $       LIB32 = ""
-$       IF ARCH .EQS. "VAX"
+$       IF (F$EXTRACT( 2, 1, POINTER_SIZE) .EQS. "=")
 $       THEN
-$         POINTER_SIZE = "/POINTER_SIZE=32"
+$!        Explicit user choice: "64" or "64=ARGV".
+$         IF (POINTER_SIZE .EQS. "64=") THEN POINTER_SIZE = "64"
 $       ELSE
-$         POINTER_SIZE = "/POINTER_SIZE=64"
+$         SET NOON
+$         DEFINE /USER_MODE SYS$OUTPUT NL:
+$         DEFINE /USER_MODE SYS$ERROR NL:
+$         CC /NOLIST /NOOBJECT /POINTER_SIZE=64=ARGV NL:
+$         IF ($STATUS .AND. %X0FFF0000) .EQ. %X00030000
+$         THEN
+$           ! If we got here, it means DCL complained like this:
+$           ! %DCL-W-NOVALU, value not allowed - remove value specification
+$           !  \64=\
+$           !
+$           ! If the compiler was run, logicals defined in /USER would
+$           ! have been deassigned automatically.  However, when DCL
+$           ! complains, they aren't, so we do it here (it might be
+$           ! unnecessary, but just in case there will be another error
+$           ! message further on that we don't want to miss)
+$           DEASSIGN /USER_MODE SYS$ERROR
+$           DEASSIGN /USER_MODE SYS$OUTPUT
+$         ELSE
+$           POINTER_SIZE = POINTER_SIZE + "=ARGV"
+$         ENDIF
+$         SET ON
 $       ENDIF
+$       POINTER_SIZE = " /POINTER_SIZE=''POINTER_SIZE'"
+$!
 $     ELSE
 $!
-$!      Tell The User Entered An Invalid Option..
+$!      Tell The User Entered An Invalid Option.
 $!
 $       WRITE SYS$OUTPUT ""
-$       WRITE SYS$OUTPUT "The Option ",P6," Is Invalid.  The Valid Options Are:"
+$       WRITE SYS$OUTPUT "The Option ", P6, -
+         " Is Invalid.  The Valid Options Are:"
 $       WRITE SYS$OUTPUT ""
-$       WRITE SYS$OUTPUT "    32  :  Compile with 32 bit pointer size"
-$       WRITE SYS$OUTPUT "    64  :  Compile with 64 bit pointer size"
+$       WRITE SYS$OUTPUT -
+         "    """"  :  Compile with default (short) pointers."
+$       WRITE SYS$OUTPUT -
+         "    32  :  Compile with 32-bit (short) pointers."
+$       WRITE SYS$OUTPUT -
+         "    64       :  Compile with 64-bit (long) pointers (auto ARGV)."
+$       WRITE SYS$OUTPUT -
+         "    64=      :  Compile with 64-bit (long) pointers (no ARGV)."
+$       WRITE SYS$OUTPUT -
+         "    64=ARGV  :  Compile with 64-bit (long) pointers (ARGV)."
 $       WRITE SYS$OUTPUT ""
-$!
+$! 
 $!      Time To EXIT.
 $!
-$       GOTO TIDY
-$!
-$!      End The Valid Arguement Check.
+$       EXIT
 $!
 $     ENDIF
+$!
 $   ENDIF
 $!
-$! End The P6 Check.
+$! End The P6 (POINTER_SIZE) Check.
 $!
 $ ENDIF
 $!
+$! Set basic C compiler /INCLUDE directories.
+$!
+$ CC_INCLUDES = "SYS$DISK:[-],SYS$DISK:[-.CRYPTO]"
+$!
 $! Check To See If P2 Is Blank.
 $!
 $ IF (P2.EQS."")
@@ -722,11 +773,64 @@ $ CCDEFS = "MONOLITH"
 $ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
 $ CCEXTRAFLAGS = ""
 $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
+$ CCDISABLEWARNINGS = "" !!! "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
 $ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
 	CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
 $!
-$!  Check To See If The User Entered A Valid Paramter.
+$! Check To See If We Have A ZLIB Option.
+$!
+$ ZLIB = P7
+$ IF (ZLIB .NES. "")
+$ THEN
+$!
+$!  Check for expected ZLIB files.
+$!
+$   err = 0
+$   file1 = f$parse( "zlib.h", ZLIB, , , "SYNTAX_ONLY")
+$   if (f$search( file1) .eqs. "")
+$   then
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid."
+$     WRITE SYS$OUTPUT "    Can't find header: ''file1'"
+$     err = 1
+$   endif
+$   file1 = f$parse( "A.;", ZLIB)- "A.;"
+$!
+$   file2 = f$parse( ZLIB, "libz.olb", , , "SYNTAX_ONLY")
+$   if (f$search( file2) .eqs. "")
+$   then
+$     if (err .eq. 0)
+$     then
+$       WRITE SYS$OUTPUT ""
+$       WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid."
+$     endif
+$     WRITE SYS$OUTPUT "    Can't find library: ''file2'"
+$     WRITE SYS$OUTPUT ""
+$     err = err+ 2
+$   endif
+$   if (err .eq. 1)
+$   then
+$     WRITE SYS$OUTPUT ""
+$   endif
+$!
+$   if (err .ne. 0)
+$   then
+$     EXIT
+$   endif
+$!
+$   CCDEFS = """ZLIB=1"", "+ CCDEFS
+$   CC_INCLUDES = CC_INCLUDES+ ", "+ file1
+$   ZLIB_LIB = ", ''file2' /library"
+$!
+$!  Print info
+$!
+$   WRITE SYS$OUTPUT "ZLIB library spec: ", file2
+$!
+$! End The ZLIB Check.
+$!
+$ ENDIF
+$!
+$!  Check To See If The User Entered A Valid Parameter.
 $!
 $ IF (P2.EQS."VAXC").OR.(P2.EQS."DECC").OR.(P2.EQS."GNUC")
 $ THEN
@@ -749,13 +853,13 @@ $!
 $     CC = "CC"
 $     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
 	 THEN CC = "CC/DECC"
-$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89''POINTER_SIZE'" + -
-           "/NOLIST/PREFIX=ALL" + -
-	   "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS
+$     CC = CC + " /''CC_OPTIMIZE' /''DEBUGGER' /STANDARD=RELAXED"+ -
+       "''POINTER_SIZE' /NOLIST /PREFIX=ALL" + -
+       " /INCLUDE=(''CC_INCLUDES') " + CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT"
+$     OPT_FILE = "VAX_DECC_OPTIONS.OPT"
 $!
 $!  End DECC Check.
 $!
@@ -783,7 +887,7 @@ $	EXIT
 $     ENDIF
 $     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
 $     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-	   "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS
+	   "/INCLUDE=(''CC_INCLUDES')" + CCEXTRAFLAGS
 $     CCDEFS = CCDEFS + ",""VAXC"""
 $!
 $!    Define <sys> As SYS$COMMON:[SYSLIB]
@@ -792,7 +896,7 @@ $     DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT"
+$     OPT_FILE = "VAX_VAXC_OPTIONS.OPT"
 $!
 $!  End VAXC Check
 $!
@@ -815,11 +919,11 @@ $!    Use GNU C...
 $!
 $     IF F$TYPE(GCC) .EQS. "" THEN GCC := GCC
 $     CC = GCC+"/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-	   "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS
+	   "/INCLUDE=(''CC_INCLUDES')" + CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT"
+$     OPT_FILE = "VAX_GNUC_OPTIONS.OPT"
 $!
 $!  End The GNU C Check.
 $!
@@ -861,7 +965,7 @@ $   THEN
 $!
 $!    Set the library to use SOCKETSHR
 $!
-$     TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT/OPT"
+$     TCPIP_LIB = ",SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT /OPTIONS"
 $!
 $!    Done with SOCKETSHR
 $!
@@ -887,13 +991,13 @@ $   THEN
 $!
 $!    Set the library to use UCX.
 $!
-$     TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT/OPT"
+$     TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT /OPTIONS"
 $     IF F$TRNLNM("UCX$IPC_SHR") .NES. ""
 $     THEN
-$       TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT"
+$       TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT /OPTIONS"
 $     ELSE
 $       IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN -
-	  TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT/OPT"
+	  TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT /OPTIONS"
 $     ENDIF
 $!
 $!    Done with UCX
@@ -907,7 +1011,7 @@ $   THEN
 $!
 $!    Set the library to use TCPIP.
 $!
-$     TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT"
+$     TCPIP_LIB = ",SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT /OPTIONS"
 $!
 $!    Done with TCPIP
 $!
@@ -932,7 +1036,7 @@ $   CCDEFS = CCDEFS + ",TCPIP_TYPE_''P3'"
 $!
 $!  Print info
 $!
-$   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB
+$   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB- ","
 $!
 $!  Else The User Entered An Invalid Argument.
 $!
@@ -962,13 +1066,13 @@ $ IF COMPILER .EQS. "DECC"
 $ THEN
 $   IF CCDISABLEWARNINGS .NES. ""
 $   THEN
-$     CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
+$     CCDISABLEWARNINGS = " /WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
 $   ENDIF
 $ ELSE
 $   CCDISABLEWARNINGS = ""
 $ ENDIF
-$ CC2 = CC + "/DEFINE=(" + CCDEFS + ",_POSIX_C_SOURCE)" + CCDISABLEWARNINGS
-$ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
+$ CC2 = CC + " /DEFINE=(" + CCDEFS + ",_POSIX_C_SOURCE)" + CCDISABLEWARNINGS
+$ CC = CC + " /DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
 $!
 $! Show user the result
 $!
@@ -1034,7 +1138,7 @@ $ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
 $!
 $! Set up the logical name OPENSSL to point at the include directory
 $!
-$ DEFINE OPENSSL/NOLOG '__INCLUDE'
+$ DEFINE OPENSSL /NOLOG '__INCLUDE'
 $!
 $! Done
 $!
@@ -1042,15 +1146,24 @@ $ RETURN
 $!
 $ CLEANUP:
 $!
-$! Restore the logical name OPENSSL if it had a value
+$! Restore the saved logical name OPENSSL, if it had a value.
 $!
-$ IF __SAVE_OPENSSL .EQS. ""
-$ THEN
-$   DEASSIGN OPENSSL
-$ ELSE
-$   DEFINE/NOLOG OPENSSL '__SAVE_OPENSSL'
-$ ENDIF
+$ if (f$type( __SAVE_OPENSSL) .nes. "")
+$ then
+$   IF __SAVE_OPENSSL .EQS. ""
+$   THEN
+$     DEASSIGN OPENSSL
+$   ELSE
+$     DEFINE /NOLOG OPENSSL '__SAVE_OPENSSL'
+$   ENDIF
+$ endif
+$!
+$! Close any open files.
+$!
+$ if (f$trnlnm( "objects", "LNM$PROCESS", 0, "SUPERVISOR") .nes. "") then -
+   close objects
 $!
 $! Done
 $!
 $ RETURN
+$!
diff --git a/openssl/apps/md4.c b/openssl/apps/md4.c
index e69de29bb..7f457b2ab 100644
--- a/openssl/apps/md4.c
+++ b/openssl/apps/md4.c
@@ -0,0 +1 @@
+../crypto/md4/md4.c
\ No newline at end of file
diff --git a/openssl/apps/openssl.c b/openssl/apps/openssl.c
index 851e63973..dab057bbf 100644
--- a/openssl/apps/openssl.c
+++ b/openssl/apps/openssl.c
@@ -212,8 +212,13 @@ static void lock_dbg_cb(int mode, int type, const char *file, int line)
 		}
 	}
 
+#if defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64)
+# define ARGV _Argv
+#else
+# define ARGV Argv
+#endif
 
-int main(int Argc, char *Argv[])
+int main(int Argc, char *ARGV[])
 	{
 	ARGS arg;
 #define PROG_NAME_SIZE	39
@@ -227,7 +232,55 @@ int main(int Argc, char *Argv[])
 	char **argv,*p;
 	LHASH_OF(FUNCTION) *prog=NULL;
 	long errline;
- 
+
+#if defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64)
+	/* 2011-03-22 SMS.
+	 * If we have 32-bit pointers everywhere, then we're safe, and
+	 * we bypass this mess, as on non-VMS systems.  (See ARGV,
+	 * above.)
+	 * Problem 1: Compaq/HP C before V7.3 always used 32-bit
+	 * pointers for argv[].
+	 * Fix 1: For a 32-bit argv[], when we're using 64-bit pointers
+	 * everywhere else, we always allocate and use a 64-bit
+	 * duplicate of argv[].
+	 * Problem 2: Compaq/HP C V7.3 (Alpha, IA64) before ECO1 failed
+	 * to NULL-terminate a 64-bit argv[].  (As this was written, the
+	 * compiler ECO was available only on IA64.)
+	 * Fix 2: Unless advised not to (VMS_TRUST_ARGV), we test a
+	 * 64-bit argv[argc] for NULL, and, if necessary, use a
+	 * (properly) NULL-terminated (64-bit) duplicate of argv[].
+	 * The same code is used in either case to duplicate argv[].
+	 * Some of these decisions could be handled in preprocessing,
+	 * but the code tends to get even uglier, and the penalty for
+	 * deciding at compile- or run-time is tiny.
+	 */
+	char **Argv = NULL;
+	int free_Argv = 0;
+
+	if ((sizeof( _Argv) < 8)        /* 32-bit argv[]. */
+# if !defined( VMS_TRUST_ARGV)
+	 || (_Argv[ Argc] != NULL)      /* Untrusted argv[argc] not NULL. */
+# endif
+		)
+		{
+		int i;
+		Argv = OPENSSL_malloc( (Argc+ 1)* sizeof( char *));
+		if (Argv == NULL)
+			{ ret = -1; goto end; }
+		for(i = 0; i < Argc; i++)
+			Argv[i] = _Argv[i];
+		Argv[ Argc] = NULL;     /* Certain NULL termination. */
+		free_Argv = 1;
+		}
+	else
+		{
+		/* Use the known-good 32-bit argv[] (which needs the
+		 * type cast to satisfy the compiler), or the trusted or
+		 * tested-good 64-bit argv[] as-is. */
+		Argv = (char **)_Argv;
+		}
+#endif /* defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64) */
+
 	arg.data=NULL;
 	arg.count=0;
 
@@ -373,6 +426,13 @@ end:
 		BIO_free(bio_err);
 		bio_err=NULL;
 		}
+#if defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64)
+	/* Free any duplicate Argv[] storage. */
+	if (free_Argv)
+		{
+		OPENSSL_free(Argv);
+		}
+#endif
 	OPENSSL_EXIT(ret);
 	}
 
diff --git a/openssl/apps/pkcs12.c b/openssl/apps/pkcs12.c
index 514a02e0f..b54c6f84a 100644
--- a/openssl/apps/pkcs12.c
+++ b/openssl/apps/pkcs12.c
@@ -647,7 +647,7 @@ int MAIN(int argc, char **argv)
 
     if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass);
 
-    if (options & INFO) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1);
+    if ((options & INFO) && p12->mac) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1);
     if(macver) {
 #ifdef CRYPTO_MDEBUG
     CRYPTO_push_info("verify MAC");
diff --git a/openssl/apps/speed.c b/openssl/apps/speed.c
index 0cb7f24cc..65f85fecf 100644
--- a/openssl/apps/speed.c
+++ b/openssl/apps/speed.c
@@ -2703,6 +2703,7 @@ static int do_multi(int multi)
 				else
 					rsa_results[k][1]=d;
 				}
+#ifndef OPENSSL_NO_DSA
 			else if(!strncmp(buf,"+F3:",4))
 				{
 				int k;
@@ -2724,6 +2725,7 @@ static int do_multi(int multi)
 				else
 					dsa_results[k][1]=d;
 				}
+#endif
 #ifndef OPENSSL_NO_ECDSA
 			else if(!strncmp(buf,"+F4:",4))
 				{
diff --git a/openssl/apps/vms_decc_init.c b/openssl/apps/vms_decc_init.c
new file mode 100644
index 000000000..f512c8f1b
--- /dev/null
+++ b/openssl/apps/vms_decc_init.c
@@ -0,0 +1,188 @@
+#if defined( __VMS) && !defined( OPENSSL_NO_DECC_INIT) && \
+ defined( __DECC) && !defined( __VAX) && (__CRTL_VER >= 70301000)
+# define USE_DECC_INIT 1
+#endif
+
+#ifdef USE_DECC_INIT
+
+/*
+ * 2010-04-26 SMS.
+ *
+ *----------------------------------------------------------------------
+ *
+ *       decc_init()
+ *
+ *    On non-VAX systems, uses LIB$INITIALIZE to set a collection of C
+ *    RTL features without using the DECC$* logical name method.
+ *
+ *----------------------------------------------------------------------
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unixlib.h>
+
+
+/* Global storage. */
+
+/* Flag to sense if decc_init() was called. */
+
+int decc_init_done = -1;
+
+
+/* Structure to hold a DECC$* feature name and its desired value. */
+
+typedef struct
+{
+    char *name;
+    int value;
+} decc_feat_t;
+
+
+/* Array of DECC$* feature names and their desired values.
+ * Note: DECC$ARGV_PARSE_STYLE is the urgent one.
+ */
+
+decc_feat_t decc_feat_array[] =
+{
+ /* Preserve command-line case with SET PROCESS/PARSE_STYLE=EXTENDED */
+ { "DECC$ARGV_PARSE_STYLE", 1 },
+
+ /* Preserve case for file names on ODS5 disks. */
+ { "DECC$EFS_CASE_PRESERVE", 1 },
+
+ /* Enable multiple dots (and most characters) in ODS5 file names,
+  * while preserving VMS-ness of ";version".
+  */
+ { "DECC$EFS_CHARSET", 1 },
+
+ /* List terminator. */
+ { (char *)NULL, 0 }
+};
+
+
+/* LIB$INITIALIZE initialization function. */
+
+static void decc_init( void)
+{
+    char *openssl_debug_decc_init;
+    int verbose = 0;
+    int feat_index;
+    int feat_value;
+    int feat_value_max;
+    int feat_value_min;
+    int i;
+    int sts;
+
+    /* Get debug option. */
+    openssl_debug_decc_init = getenv( "OPENSSL_DEBUG_DECC_INIT");
+    if (openssl_debug_decc_init != NULL)
+    {
+        verbose = strtol( openssl_debug_decc_init, NULL, 10);
+        if (verbose <= 0)
+        {
+            verbose = 1;
+        }
+    }
+
+    /* Set the global flag to indicate that LIB$INITIALIZE worked. */
+    decc_init_done = 1;
+
+    /* Loop through all items in the decc_feat_array[]. */
+
+    for (i = 0; decc_feat_array[ i].name != NULL; i++)
+    {
+        /* Get the feature index. */
+        feat_index = decc$feature_get_index( decc_feat_array[ i].name);
+        if (feat_index >= 0)
+        {
+            /* Valid item.  Collect its properties. */
+            feat_value = decc$feature_get_value( feat_index, 1);
+            feat_value_min = decc$feature_get_value( feat_index, 2);
+            feat_value_max = decc$feature_get_value( feat_index, 3);
+
+            /* Check the validity of our desired value. */
+            if ((decc_feat_array[ i].value >= feat_value_min) &&
+             (decc_feat_array[ i].value <= feat_value_max))
+            {
+                /* Valid value.  Set it if necessary. */
+                if (feat_value != decc_feat_array[ i].value)
+                {
+                    sts = decc$feature_set_value( feat_index,
+                     1,
+                     decc_feat_array[ i].value);
+
+                     if (verbose > 1)
+                     {
+                         fprintf( stderr, " %s = %d, sts = %d.\n",
+                          decc_feat_array[ i].name,
+                          decc_feat_array[ i].value,
+                          sts);
+                     }
+                }
+            }
+            else
+            {
+                /* Invalid DECC feature value. */
+                fprintf( stderr,
+                 " INVALID DECC$FEATURE VALUE, %d: %d <= %s <= %d.\n",
+                 feat_value,
+                 feat_value_min, decc_feat_array[ i].name, feat_value_max);
+            }
+        }
+        else
+        {
+            /* Invalid DECC feature name. */
+            fprintf( stderr,
+             " UNKNOWN DECC$FEATURE: %s.\n", decc_feat_array[ i].name);
+        }
+    }
+
+    if (verbose > 0)
+    {
+        fprintf( stderr, " DECC_INIT complete.\n");
+    }
+}
+
+/* Get "decc_init()" into a valid, loaded LIB$INITIALIZE PSECT. */
+
+#pragma nostandard
+
+/* Establish the LIB$INITIALIZE PSECTs, with proper alignment and
+ * other attributes.  Note that "nopic" is significant only on VAX.
+ */
+#pragma extern_model save
+
+#if __INITIAL_POINTER_SIZE == 64
+# define PSECT_ALIGN 3
+#else
+# define PSECT_ALIGN 2
+#endif
+
+#pragma extern_model strict_refdef "LIB$INITIALIZ" PSECT_ALIGN, nopic, nowrt
+const int spare[ 8] = { 0 };
+
+#pragma extern_model strict_refdef "LIB$INITIALIZE" PSECT_ALIGN, nopic, nowrt
+void (*const x_decc_init)() = decc_init;
+
+#pragma extern_model restore
+
+/* Fake reference to ensure loading the LIB$INITIALIZE PSECT. */
+
+#pragma extern_model save
+
+int LIB$INITIALIZE( void);
+
+#pragma extern_model strict_refdef
+int dmy_lib$initialize = (int) LIB$INITIALIZE;
+
+#pragma extern_model restore
+
+#pragma standard
+
+#else /* def USE_DECC_INIT */
+
+/* Dummy code to avoid a %CC-W-EMPTYFILE complaint. */
+int decc_init_dummy( void);
+
+#endif /* def USE_DECC_INIT */
diff --git a/openssl/config b/openssl/config
index 965884a62..cf64ec563 100644
--- a/openssl/config
+++ b/openssl/config
@@ -825,6 +825,10 @@ esac
 #  options="$options -DATALLA"
 #fi
 
+($CC -Wa,--help -c -o /dev/null -x assembler /dev/null 2>&1 | \
+ grep \\--noexecstack) 2>&1 > /dev/null && \
+  options="$options -Wa,--noexecstack"
+
 # gcc < 2.8 does not support -march=ultrasparc
 if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ]
 then
diff --git a/openssl/crypto/LPdir_vms.c b/openssl/crypto/LPdir_vms.c
index 85b427a62..7613bd254 100644
--- a/openssl/crypto/LPdir_vms.c
+++ b/openssl/crypto/LPdir_vms.c
@@ -40,22 +40,18 @@
 #ifndef LPDIR_H
 #include "LPdir.h"
 #endif
+#include "vms_rms.h"
 
-/* Because some compiler options hide this macor */
+/* Some compiler options hide EVMSERR. */
 #ifndef EVMSERR
-#define EVMSERR		65535  /* error for non-translatable VMS errors */
+# define EVMSERR	65535  /* error for non-translatable VMS errors */
 #endif
 
 struct LP_dir_context_st
 {
   unsigned long VMS_context;
-#ifdef NAML$C_MAXRSS
-  char filespec[NAML$C_MAXRSS+1];
-  char result[NAML$C_MAXRSS+1];
-#else
-  char filespec[256];
-  char result[256];
-#endif
+  char filespec[ NAMX_MAXRSS+ 1];
+  char result[ NAMX_MAXRSS+ 1];
   struct dsc$descriptor_d filespec_dsc;
   struct dsc$descriptor_d result_dsc;
 };
@@ -66,6 +62,16 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
   char *p, *r;
   size_t l;
   unsigned long flags = 0;
+
+/* Arrange 32-bit pointer to (copied) string storage, if needed. */
+#if __INITIAL_POINTER_SIZE == 64
+# pragma pointer_size save
+# pragma pointer_size 32
+        char *ctx_filespec_32p;
+# pragma pointer_size restore
+        char ctx_filespec_32[ NAMX_MAXRSS+ 1];
+#endif /* __INITIAL_POINTER_SIZE == 64 */
+
 #ifdef NAML$C_MAXRSS
   flags |= LIB$M_FIL_LONG_NAMES;
 #endif
@@ -93,13 +99,7 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
 
       filespeclen += 4;		/* "*.*;" */
 
-      if (filespeclen >
-#ifdef NAML$C_MAXRSS
-	  NAML$C_MAXRSS
-#else
-	  255
-#endif
-	  )
+      if (filespeclen > NAMX_MAXRSS)
 	{
 	  errno = ENAMETOOLONG;
 	  return 0;
@@ -115,14 +115,21 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
 
       strcpy((*ctx)->filespec,directory);
       strcat((*ctx)->filespec,"*.*;");
+
+/* Arrange 32-bit pointer to (copied) string storage, if needed. */
+#if __INITIAL_POINTER_SIZE == 64
+# define CTX_FILESPEC ctx_filespec_32p
+        /* Copy the file name to storage with a 32-bit pointer. */
+        ctx_filespec_32p = ctx_filespec_32;
+        strcpy( ctx_filespec_32p, (*ctx)->filespec);
+#else /* __INITIAL_POINTER_SIZE == 64 */
+# define CTX_FILESPEC (*ctx)->filespec
+#endif /* __INITIAL_POINTER_SIZE == 64 [else] */
+
       (*ctx)->filespec_dsc.dsc$w_length = filespeclen;
       (*ctx)->filespec_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
       (*ctx)->filespec_dsc.dsc$b_class = DSC$K_CLASS_S;
-      (*ctx)->filespec_dsc.dsc$a_pointer = (*ctx)->filespec;
-      (*ctx)->result_dsc.dsc$w_length = 0;
-      (*ctx)->result_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
-      (*ctx)->result_dsc.dsc$b_class = DSC$K_CLASS_D;
-      (*ctx)->result_dsc.dsc$a_pointer = 0;
+      (*ctx)->filespec_dsc.dsc$a_pointer = CTX_FILESPEC;
     }
 
   (*ctx)->result_dsc.dsc$w_length = 0;
diff --git a/openssl/crypto/alphacpuid.pl b/openssl/crypto/alphacpuid.pl
index c9474ff49..4b3cbb982 100644
--- a/openssl/crypto/alphacpuid.pl
+++ b/openssl/crypto/alphacpuid.pl
@@ -99,19 +99,19 @@ OPENSSL_cleanse:
 	beq	$0,.Laligned
 
 .Little:
+	subq	$0,8,$0
 	ldq_u	$1,0($16)
 	mov	$16,$2
 .Lalign:
 	mskbl	$1,$16,$1
 	lda	$16,1($16)
 	subq	$17,1,$17
-	subq	$0,1,$0
+	addq	$0,1,$0
 	beq	$17,.Lout
 	bne	$0,.Lalign
 .Lout:	stq_u	$1,0($2)
 	beq	$17,.Ldone
 	bic	$17,7,$at
-	mov	$17,$0
 	beq	$at,.Little
 
 .Laligned:
@@ -120,9 +120,7 @@ OPENSSL_cleanse:
 	lda	$16,8($16)
 	bic	$17,7,$at
 	bne	$at,.Laligned
-	beq	$17,.Ldone
-	mov	$17,$0
-	br	.Little
+	bne	$17,.Little
 .Ldone: ret	($26)
 .end	OPENSSL_cleanse
 ___
diff --git a/openssl/crypto/asn1/a_object.c b/openssl/crypto/asn1/a_object.c
index e5fbe7cbb..3978c9150 100644
--- a/openssl/crypto/asn1/a_object.c
+++ b/openssl/crypto/asn1/a_object.c
@@ -139,7 +139,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
 				ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_DIGIT);
 				goto err;
 				}
-			if (!use_bn && l > (ULONG_MAX / 10L))
+			if (!use_bn && l >= ((ULONG_MAX - 80) / 10L))
 				{
 				use_bn = 1;
 				if (!bl)
@@ -293,7 +293,7 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
 	/* Sanity check OID encoding: can't have leading 0x80 in
 	 * subidentifiers, see: X.690 8.19.2
 	 */
-	for (i = 0, p = *pp + 1; i < len - 1; i++, p++)
+	for (i = 0, p = *pp; i < len; i++, p++)
 		{
 		if (*p == 0x80 && (!i || !(p[-1] & 0x80)))
 			{
diff --git a/openssl/crypto/asn1/bio_ndef.c b/openssl/crypto/asn1/bio_ndef.c
index 370389b1e..b91f97a1b 100644
--- a/openssl/crypto/asn1/bio_ndef.c
+++ b/openssl/crypto/asn1/bio_ndef.c
@@ -57,9 +57,6 @@
 #include <openssl/bio.h>
 #include <openssl/err.h>
 
-#ifndef OPENSSL_SYSNAME_NETWARE
-#include <memory.h>
-#endif
 #include <stdio.h>
 
 /* Experimental NDEF ASN1 BIO support routines */
diff --git a/openssl/crypto/asn1/x_name.c b/openssl/crypto/asn1/x_name.c
index caa4409fe..49be08b4d 100644
--- a/openssl/crypto/asn1/x_name.c
+++ b/openssl/crypto/asn1/x_name.c
@@ -214,7 +214,9 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
 	*val = nm.a;
 	*in = p;
 	return ret;
-	err:
+err:
+        if (nm.x != NULL)
+		X509_NAME_free(nm.x);
 	ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
 	return 0;
 }
@@ -464,7 +466,8 @@ static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in)
 			}
 		else
 			{
-			*to++ = tolower(*from++);
+			*to++ = tolower(*from);
+			from++;
 			i++;
 			}
 		}
diff --git a/openssl/crypto/bio/b_sock.c b/openssl/crypto/bio/b_sock.c
index 12b0a53a8..d47310d65 100644
--- a/openssl/crypto/bio/b_sock.c
+++ b/openssl/crypto/bio/b_sock.c
@@ -551,7 +551,30 @@ int BIO_socket_ioctl(int fd, long type, void *arg)
 #ifdef __DJGPP__
 	i=ioctlsocket(fd,type,(char *)arg);
 #else
-	i=ioctlsocket(fd,type,arg);
+# if defined(OPENSSL_SYS_VMS)
+	/* 2011-02-18 SMS.
+	 * VMS ioctl() can't tolerate a 64-bit "void *arg", but we
+	 * observe that all the consumers pass in an "unsigned long *",
+	 * so we arrange a local copy with a short pointer, and use
+	 * that, instead.
+	 */
+#  if __INITIAL_POINTER_SIZE == 64
+#   define ARG arg_32p
+#   pragma pointer_size save
+#   pragma pointer_size 32
+	unsigned long arg_32;
+	unsigned long *arg_32p;
+#   pragma pointer_size restore
+	arg_32p = &arg_32;
+	arg_32 = *((unsigned long *) arg);
+#  else /* __INITIAL_POINTER_SIZE == 64 */
+#   define ARG arg
+#  endif /* __INITIAL_POINTER_SIZE == 64 [else] */
+# else /* defined(OPENSSL_SYS_VMS) */
+#  define ARG arg
+# endif /* defined(OPENSSL_SYS_VMS) [else] */
+
+	i=ioctlsocket(fd,type,ARG);
 #endif /* __DJGPP__ */
 	if (i < 0)
 		SYSerr(SYS_F_IOCTLSOCKET,get_last_socket_error());
@@ -660,6 +683,7 @@ int BIO_get_accept_socket(char *host, int bind_mode)
 	 * note that commonly IPv6 wildchard socket can service
 	 * IPv4 connections just as well...  */
 	memset(&hint,0,sizeof(hint));
+	hint.ai_flags = AI_PASSIVE;
 	if (h)
 		{
 		if (strchr(h,':'))
@@ -672,7 +696,10 @@ int BIO_get_accept_socket(char *host, int bind_mode)
 #endif
 			}
 	    	else if (h[0]=='*' && h[1]=='\0')
+			{
+			hint.ai_family = AF_INET;
 			h=NULL;
+			}
 		}
 
 	if ((*p_getaddrinfo.f)(h,p,&hint,&res)) break;
diff --git a/openssl/crypto/bio/bss_dgram.c b/openssl/crypto/bio/bss_dgram.c
index 07d012a46..71ebe987b 100644
--- a/openssl/crypto/bio/bss_dgram.c
+++ b/openssl/crypto/bio/bss_dgram.c
@@ -57,7 +57,6 @@
  *
  */
 
-#ifndef OPENSSL_NO_DGRAM
 
 #include <stdio.h>
 #include <errno.h>
@@ -65,6 +64,7 @@
 #include "cryptlib.h"
 
 #include <openssl/bio.h>
+#ifndef OPENSSL_NO_DGRAM
 
 #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS)
 #include <sys/timeb.h>
@@ -308,7 +308,6 @@ static int dgram_read(BIO *b, char *out, int outl)
 			OPENSSL_assert(sa.len.s<=sizeof(sa.peer));
 			sa.len.i = (int)sa.len.s;
 			}
-		dgram_reset_rcv_timeout(b);
 
 		if ( ! data->connected  && ret >= 0)
 			BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &sa.peer);
@@ -322,6 +321,8 @@ static int dgram_read(BIO *b, char *out, int outl)
 				data->_errno = get_last_socket_error();
 				}
 			}
+
+		dgram_reset_rcv_timeout(b);
 		}
 	return(ret);
 	}
@@ -745,9 +746,13 @@ static int BIO_dgram_should_retry(int i)
 		{
 		err=get_last_socket_error();
 
-#if defined(OPENSSL_SYS_WINDOWS) && 0 /* more microsoft stupidity? perhaps not? Ben 4/1/99 */
-		if ((i == -1) && (err == 0))
-			return(1);
+#if defined(OPENSSL_SYS_WINDOWS)
+	/* If the socket return value (i) is -1
+	 * and err is unexpectedly 0 at this point,
+	 * the error code was overwritten by
+	 * another system call before this error
+	 * handling is called.
+	 */
 #endif
 
 		return(BIO_dgram_non_fatal_error(err));
@@ -810,7 +815,6 @@ int BIO_dgram_non_fatal_error(int err)
 		}
 	return(0);
 	}
-#endif
 
 static void get_current_time(struct timeval *t)
 	{
@@ -828,3 +832,5 @@ static void get_current_time(struct timeval *t)
 	gettimeofday(t, NULL);
 #endif
 	}
+
+#endif
diff --git a/openssl/crypto/bio/bss_log.c b/openssl/crypto/bio/bss_log.c
index 7ead044b3..b7dce5c1a 100644
--- a/openssl/crypto/bio/bss_log.c
+++ b/openssl/crypto/bio/bss_log.c
@@ -75,6 +75,15 @@
 #  include <descrip.h>
 #  include <lib$routines.h>
 #  include <starlet.h>
+/* Some compiler options may mask the declaration of "_malloc32". */
+#  if __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE
+#    if __INITIAL_POINTER_SIZE == 64
+#      pragma pointer_size save
+#      pragma pointer_size 32
+    void * _malloc32  (__size_t);
+#      pragma pointer_size restore
+#    endif /* __INITIAL_POINTER_SIZE == 64 */
+#  endif /* __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE */
 #elif defined(__ultrix)
 #  include <sys/syslog.h>
 #elif defined(OPENSSL_SYS_NETWARE)
@@ -300,7 +309,24 @@ static void xopenlog(BIO* bp, char* name, int level)
 static void xsyslog(BIO *bp, int priority, const char *string)
 {
 	struct dsc$descriptor_s opc_dsc;
+
+/* Arrange 32-bit pointer to opcdef buffer and malloc(), if needed. */
+#if __INITIAL_POINTER_SIZE == 64
+# pragma pointer_size save
+# pragma pointer_size 32
+# define OPCDEF_TYPE __char_ptr32
+# define OPCDEF_MALLOC _malloc32
+#else /* __INITIAL_POINTER_SIZE == 64 */
+# define OPCDEF_TYPE char *
+# define OPCDEF_MALLOC OPENSSL_malloc
+#endif /* __INITIAL_POINTER_SIZE == 64 [else] */
+
 	struct opcdef *opcdef_p;
+
+#if __INITIAL_POINTER_SIZE == 64
+# pragma pointer_size restore
+#endif /* __INITIAL_POINTER_SIZE == 64 */
+
 	char buf[10240];
 	unsigned int len;
         struct dsc$descriptor_s buf_dsc;
@@ -326,8 +352,8 @@ static void xsyslog(BIO *bp, int priority, const char *string)
 
 	lib$sys_fao(&fao_cmd, &len, &buf_dsc, priority_tag, string);
 
-	/* we know there's an 8 byte header.  That's documented */
-	opcdef_p = (struct opcdef *) OPENSSL_malloc(8 + len);
+	/* We know there's an 8-byte header.  That's documented. */
+	opcdef_p = OPCDEF_MALLOC( 8+ len);
 	opcdef_p->opc$b_ms_type = OPC$_RQ_RQST;
 	memcpy(opcdef_p->opc$z_ms_target_classes, &VMS_OPC_target, 3);
 	opcdef_p->opc$l_ms_rqstid = 0;
@@ -335,7 +361,7 @@ static void xsyslog(BIO *bp, int priority, const char *string)
 
 	opc_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
 	opc_dsc.dsc$b_class = DSC$K_CLASS_S;
-	opc_dsc.dsc$a_pointer = (char *)opcdef_p;
+	opc_dsc.dsc$a_pointer = (OPCDEF_TYPE) opcdef_p;
 	opc_dsc.dsc$w_length = len + 8;
 
 	sys$sndopr(opc_dsc, 0);
diff --git a/openssl/crypto/bn/asm/alpha-mont.pl b/openssl/crypto/bn/asm/alpha-mont.pl
index c63458e94..03596e201 100644
--- a/openssl/crypto/bn/asm/alpha-mont.pl
+++ b/openssl/crypto/bn/asm/alpha-mont.pl
@@ -41,7 +41,7 @@ $j="s4";
 $m1="s5";
 
 $code=<<___;
-#indef __linux__
+#ifdef __linux__
 #include <asm/regdef.h>
 #else
 #include <asm.h>
diff --git a/openssl/crypto/bn/asm/s390x-mont.pl b/openssl/crypto/bn/asm/s390x-mont.pl
index d23251033..f61246f5b 100644
--- a/openssl/crypto/bn/asm/s390x-mont.pl
+++ b/openssl/crypto/bn/asm/s390x-mont.pl
@@ -69,8 +69,8 @@ bn_mul_mont:
 	cghi	$num,16		#
 	lghi	%r2,0		#
 	blr	%r14		# if($num<16) return 0;
-	cghi	$num,128	#
-	bhr	%r14		# if($num>128) return 0;
+	cghi	$num,96		#
+	bhr	%r14		# if($num>96) return 0;
 
 	stmg	%r3,%r15,24($sp)
 
diff --git a/openssl/crypto/bn/bn.h b/openssl/crypto/bn/bn.h
index e484b7fc1..a0bc47837 100644
--- a/openssl/crypto/bn/bn.h
+++ b/openssl/crypto/bn/bn.h
@@ -253,6 +253,24 @@ extern "C" {
 #define BN_HEX_FMT2	"%08X"
 #endif
 
+/* 2011-02-22 SMS.
+ * In various places, a size_t variable or a type cast to size_t was
+ * used to perform integer-only operations on pointers.  This failed on
+ * VMS with 64-bit pointers (CC /POINTER_SIZE = 64) because size_t is
+ * still only 32 bits.  What's needed in these cases is an integer type
+ * with the same size as a pointer, which size_t is not certain to be. 
+ * The only fix here is VMS-specific.
+ */
+#if defined(OPENSSL_SYS_VMS)
+# if __INITIAL_POINTER_SIZE == 64
+#  define PTR_SIZE_INT long long
+# else /* __INITIAL_POINTER_SIZE == 64 */
+#  define PTR_SIZE_INT int
+# endif /* __INITIAL_POINTER_SIZE == 64 [else] */
+#else /* defined(OPENSSL_SYS_VMS) */
+# define PTR_SIZE_INT size_t
+#endif /* defined(OPENSSL_SYS_VMS) [else] */
+
 #define BN_DEFAULT_BITS	1280
 
 #define BN_FLG_MALLOCED		0x01
diff --git a/openssl/crypto/bn/bn_gf2m.c b/openssl/crypto/bn/bn_gf2m.c
index 527b0fa15..432a3aa33 100644
--- a/openssl/crypto/bn/bn_gf2m.c
+++ b/openssl/crypto/bn/bn_gf2m.c
@@ -545,6 +545,7 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
 		{
 		while (!BN_is_odd(u))
 			{
+			if (BN_is_zero(u)) goto err;
 			if (!BN_rshift1(u, u)) goto err;
 			if (BN_is_odd(b))
 				{
diff --git a/openssl/crypto/bn/bn_mont.c b/openssl/crypto/bn/bn_mont.c
index 7224637ab..1a866880f 100644
--- a/openssl/crypto/bn/bn_mont.c
+++ b/openssl/crypto/bn/bn_mont.c
@@ -277,7 +277,7 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
 	m1|=m2;			/* (al!=ri) */
 	m1|=(0-(size_t)v);	/* (al!=ri || v) */
 	m1&=~m2;		/* (al!=ri || v) && !al>ri */
-	nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1));
+	nrp=(BN_ULONG *)(((PTR_SIZE_INT)rp&~m1)|((PTR_SIZE_INT)ap&m1));
 	}
 
 	/* 'i<ri' is chosen to eliminate dependency on input data, even
diff --git a/openssl/crypto/bn/bn_nist.c b/openssl/crypto/bn/bn_nist.c
index 2ca5b0139..c6de03269 100644
--- a/openssl/crypto/bn/bn_nist.c
+++ b/openssl/crypto/bn/bn_nist.c
@@ -354,7 +354,7 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 	         buf[BN_NIST_192_TOP],
 		 c_d[BN_NIST_192_TOP],
 		*res;
-	size_t   mask;
+	PTR_SIZE_INT mask;
 	static const BIGNUM _bignum_nist_p_192_sqr = {
 		(BN_ULONG *)_nist_p_192_sqr,
 		sizeof(_nist_p_192_sqr)/sizeof(_nist_p_192_sqr[0]),
@@ -405,9 +405,10 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 	 * 'tmp=result-modulus; if (!carry || !borrow) result=tmp;'
 	 * this is what happens below, but without explicit if:-) a.
 	 */
-	mask  = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP);
-	mask &= 0-(size_t)carry;
-	res   = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
+	mask  = 0-(PTR_SIZE_INT)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP);
+	mask &= 0-(PTR_SIZE_INT)carry;
+	res   = (BN_ULONG *)
+	 (((PTR_SIZE_INT)c_d&~mask) | ((PTR_SIZE_INT)r_d&mask));
 	nist_cp_bn(r_d, res, BN_NIST_192_TOP);
 	r->top = BN_NIST_192_TOP;
 	bn_correct_top(r);
@@ -438,8 +439,8 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 	         buf[BN_NIST_224_TOP],
 		 c_d[BN_NIST_224_TOP],
 		*res;
-	size_t   mask;
-	union { bn_addsub_f f; size_t p; } u;
+	PTR_SIZE_INT mask;
+	union { bn_addsub_f f; PTR_SIZE_INT p; } u;
 	static const BIGNUM _bignum_nist_p_224_sqr = {
 		(BN_ULONG *)_nist_p_224_sqr,
 		sizeof(_nist_p_224_sqr)/sizeof(_nist_p_224_sqr[0]),
@@ -510,16 +511,18 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 		 * to be compared to the modulus and conditionally
 		 * adjusted by *subtracting* the latter. */
 		carry = (int)bn_add_words(r_d,r_d,_nist_p_224[-carry-1],BN_NIST_224_TOP);
-		mask = 0-(size_t)carry;
-		u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask);
+		mask = 0-(PTR_SIZE_INT)carry;
+		u.p = ((PTR_SIZE_INT)bn_sub_words&mask) |
+		 ((PTR_SIZE_INT)bn_add_words&~mask);
 		}
 	else
 		carry = 1;
 
 	/* otherwise it's effectively same as in BN_nist_mod_192... */
-	mask  = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_224[0],BN_NIST_224_TOP);
-	mask &= 0-(size_t)carry;
-	res   = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
+	mask  = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_224[0],BN_NIST_224_TOP);
+	mask &= 0-(PTR_SIZE_INT)carry;
+	res   = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) |
+	 ((PTR_SIZE_INT)r_d&mask));
 	nist_cp_bn(r_d, res, BN_NIST_224_TOP);
 	r->top = BN_NIST_224_TOP;
 	bn_correct_top(r);
@@ -549,8 +552,8 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 	         buf[BN_NIST_256_TOP],
 		 c_d[BN_NIST_256_TOP],
 		*res;
-	size_t   mask;
-	union { bn_addsub_f f; size_t p; } u;
+	PTR_SIZE_INT mask;
+	union { bn_addsub_f f; PTR_SIZE_INT p; } u;
 	static const BIGNUM _bignum_nist_p_256_sqr = {
 		(BN_ULONG *)_nist_p_256_sqr,
 		sizeof(_nist_p_256_sqr)/sizeof(_nist_p_256_sqr[0]),
@@ -629,15 +632,17 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 	else if (carry < 0)
 		{
 		carry = (int)bn_add_words(r_d,r_d,_nist_p_256[-carry-1],BN_NIST_256_TOP);
-		mask = 0-(size_t)carry;
-		u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask);
+		mask = 0-(PTR_SIZE_INT)carry;
+		u.p = ((PTR_SIZE_INT)bn_sub_words&mask) |
+		 ((PTR_SIZE_INT)bn_add_words&~mask);
 		}
 	else
 		carry = 1;
 
-	mask  = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP);
-	mask &= 0-(size_t)carry;
-	res   = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
+	mask  = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP);
+	mask &= 0-(PTR_SIZE_INT)carry;
+	res   = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) |
+	 ((PTR_SIZE_INT)r_d&mask));
 	nist_cp_bn(r_d, res, BN_NIST_256_TOP);
 	r->top = BN_NIST_256_TOP;
 	bn_correct_top(r);
@@ -671,8 +676,8 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 	         buf[BN_NIST_384_TOP],
 		 c_d[BN_NIST_384_TOP],
 		*res;
-	size_t	 mask;
-	union { bn_addsub_f f; size_t p; } u;
+	PTR_SIZE_INT mask;
+	union { bn_addsub_f f; PTR_SIZE_INT p; } u;
 	static const BIGNUM _bignum_nist_p_384_sqr = {
 		(BN_ULONG *)_nist_p_384_sqr,
 		sizeof(_nist_p_384_sqr)/sizeof(_nist_p_384_sqr[0]),
@@ -754,15 +759,17 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 	else if (carry < 0)
 		{
 		carry = (int)bn_add_words(r_d,r_d,_nist_p_384[-carry-1],BN_NIST_384_TOP);
-		mask = 0-(size_t)carry;
-		u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask);
+		mask = 0-(PTR_SIZE_INT)carry;
+		u.p = ((PTR_SIZE_INT)bn_sub_words&mask) |
+		 ((PTR_SIZE_INT)bn_add_words&~mask);
 		}
 	else
 		carry = 1;
 
-	mask  = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_384[0],BN_NIST_384_TOP);
-	mask &= 0-(size_t)carry;
-	res   = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
+	mask  = 0-(PTR_SIZE_INT)(*u.f)(c_d,r_d,_nist_p_384[0],BN_NIST_384_TOP);
+	mask &= 0-(PTR_SIZE_INT)carry;
+	res   = (BN_ULONG *)(((PTR_SIZE_INT)c_d&~mask) |
+	 ((PTR_SIZE_INT)r_d&mask));
 	nist_cp_bn(r_d, res, BN_NIST_384_TOP);
 	r->top = BN_NIST_384_TOP;
 	bn_correct_top(r);
@@ -781,7 +788,7 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 	BN_ULONG *r_d, *a_d = a->d,
 		 t_d[BN_NIST_521_TOP],
 		 val,tmp,*res;
-	size_t	mask;
+	PTR_SIZE_INT mask;
 	static const BIGNUM _bignum_nist_p_521_sqr = {
 		(BN_ULONG *)_nist_p_521_sqr,
 		sizeof(_nist_p_521_sqr)/sizeof(_nist_p_521_sqr[0]),
@@ -826,8 +833,9 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 	r_d[i] &= BN_NIST_521_TOP_MASK;
 
 	bn_add_words(r_d,r_d,t_d,BN_NIST_521_TOP);
-	mask = 0-(size_t)bn_sub_words(t_d,r_d,_nist_p_521,BN_NIST_521_TOP);
-	res  = (BN_ULONG *)(((size_t)t_d&~mask) | ((size_t)r_d&mask));
+	mask = 0-(PTR_SIZE_INT)bn_sub_words(t_d,r_d,_nist_p_521,BN_NIST_521_TOP);
+	res  = (BN_ULONG *)(((PTR_SIZE_INT)t_d&~mask) |
+	 ((PTR_SIZE_INT)r_d&mask));
 	nist_cp_bn(r_d,res,BN_NIST_521_TOP);
 	r->top = BN_NIST_521_TOP;
 	bn_correct_top(r);
diff --git a/openssl/crypto/conf/conf_api.c b/openssl/crypto/conf/conf_api.c
index 0c1ee2b73..f5fcbb9f6 100644
--- a/openssl/crypto/conf/conf_api.c
+++ b/openssl/crypto/conf/conf_api.c
@@ -64,6 +64,7 @@
 #endif
 
 #include <assert.h>
+#include <stdlib.h>
 #include <string.h>
 #include <openssl/conf.h>
 #include <openssl/conf_api.h>
diff --git a/openssl/crypto/cryptlib.c b/openssl/crypto/cryptlib.c
index 14bae0d08..24fe123e1 100644
--- a/openssl/crypto/cryptlib.c
+++ b/openssl/crypto/cryptlib.c
@@ -731,7 +731,6 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason,
 	case DLL_THREAD_ATTACH:
 		break;
 	case DLL_THREAD_DETACH:
-		ERR_remove_state(0);
 		break;
 	case DLL_PROCESS_DETACH:
 		break;
diff --git a/openssl/crypto/crypto-lib.com b/openssl/crypto/crypto-lib.com
index 6719c8aed..a29c0afd9 100644
--- a/openssl/crypto/crypto-lib.com
+++ b/openssl/crypto/crypto-lib.com
@@ -47,18 +47,33 @@ $!  P6, if defined, sets a choice of crypto methods to compile.
 $!  WARNING: this should only be done to recompile some part of an already
 $!  fully compiled library.
 $!
-$!  For 64 bit architectures (Alpha and IA64), specify the pointer size as P7.
-$!  For 32 bit architectures (VAX), P7 is ignored.
-$!  Currently supported values are:
+$!  P7, if defined, specifies the C pointer size.  Ignored on VAX.
+$!      ("64=ARGV" gives more efficient code with HP C V7.3 or newer.)
+$!      Supported values are:
 $!
-$!	32	To ge a library compiled with /POINTER_SIZE=32
-$!	64	To ge a library compiled with /POINTER_SIZE=64
+$!      ""       Compile with default (/NOPOINTER_SIZE)
+$!      32       Compile with /POINTER_SIZE=32 (SHORT)
+$!      64       Compile with /POINTER_SIZE=64[=ARGV] (LONG[=ARGV]).
+$!               (Automatically select ARGV if compiler supports it.)
+$!      64=      Compile with /POINTER_SIZE=64 (LONG).
+$!      64=ARGV  Compile with /POINTER_SIZE=64=ARGV (LONG=ARGV).
 $!
+$!  P8, if defined, specifies a directory where ZLIB files (zlib.h,
+$!  libz.olb) may be found.  Optionally, a non-default object library
+$!  name may be included ("dev:[dir]libz_64.olb", for example).
+$!
+$!
+$! Announce/identify.
+$!
+$ proc = f$environment( "procedure")
+$ write sys$output "@@@ "+ -
+   f$parse( proc, , , "name")+ f$parse( proc, , , "type")
 $!
 $! Define A TCP/IP Library That We Will Need To Link To.
 $! (That Is, If We Need To Link To One.)
 $!
 $ TCPIP_LIB = ""
+$ ZLIB_LIB = ""
 $!
 $! Check Which Architecture We Are Using.
 $!
@@ -82,6 +97,11 @@ $! End The Architecture Check.
 $!
 $ ENDIF
 $!
+$ ARCHD = ARCH
+$ LIB32 = "32"
+$ OPT_FILE = ""
+$ POINTER_SIZE = ""
+$!
 $! Define The Different Encryption Types.
 $! NOTE: Some might think this list ugly.  However, it's made this way to
 $! reflect the SDIRS variable in [-]Makefile.org as closely as possible,
@@ -98,17 +118,29 @@ $ ENCRYPT_TYPES = "Basic,"+ -
 		  "EVP,EVP_2,EVP_3,ASN1,ASN1_2,PEM,X509,X509V3,"+ -
 		  "CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5,"+ -
 		  "STORE,CMS,PQUEUE,TS,JPAKE"
-$! Define The OBJ Directory.
 $!
-$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.CRYPTO]
+$! Check To Make Sure We Have Valid Command Line Parameters.
 $!
-$! Define The EXE Directory.
+$ GOSUB CHECK_OPTIONS
 $!
-$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]
+$! Define The OBJ and EXE Directories.
 $!
-$! Check To Make Sure We Have Valid Command Line Parameters.
+$ OBJ_DIR := SYS$DISK:[-.'ARCHD'.OBJ.CRYPTO]
+$ EXE_DIR := SYS$DISK:[-.'ARCHD'.EXE.CRYPTO]
 $!
-$ GOSUB CHECK_OPTIONS
+$! Specify the destination directory in any /MAP option.
+$!
+$ if (LINKMAP .eqs. "MAP")
+$ then
+$   LINKMAP = LINKMAP+ "=''EXE_DIR'"
+$ endif
+$!
+$! Add the location prefix to the linker options file name.
+$!
+$ if (OPT_FILE .nes. "")
+$ then
+$   OPT_FILE = EXE_DIR+ OPT_FILE
+$ endif
 $!
 $! Initialise logical names and such
 $!
@@ -116,7 +148,7 @@ $ GOSUB INITIALISE
 $!
 $! Tell The User What Kind of Machine We Run On.
 $!
-$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine."
+$ WRITE SYS$OUTPUT "Host system architecture: ''ARCHD'"
 $!
 $!
 $! Check To See If The Architecture Specific OBJ Directory Exists.
@@ -147,11 +179,11 @@ $ ENDIF
 $!
 $! Define The Library Name.
 $!
-$ LIB_NAME := 'EXE_DIR'LIBCRYPTO'LIB32'.OLB
+$ LIB_NAME := 'EXE_DIR'SSL_LIBCRYPTO'LIB32'.OLB
 $!
 $! Define The CRYPTO-LIB We Are To Use.
 $!
-$ CRYPTO_LIB := 'EXE_DIR'LIBCRYPTO'LIB32'.OLB
+$ CRYPTO_LIB := 'EXE_DIR'SSL_LIBCRYPTO'LIB32'.OLB
 $!
 $! Check To See If We Already Have A "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" Library...
 $!
@@ -200,7 +232,7 @@ $ LIB_CAST = "c_skey,c_ecb,c_enc,c_cfb64,c_ofb64"
 $ LIB_CAMELLIA = "camellia,cmll_misc,cmll_ecb,cmll_cbc,cmll_ofb,"+ -
 	"cmll_cfb,cmll_ctr"
 $ LIB_SEED = "seed,seed_ecb,seed_cbc,seed_cfb,seed_ofb"
-$ LIB_MODES = "cbc128,ctr128,cfb128,ofb128,cts128"
+$ LIB_MODES = "cbc128,ctr128,cts128,cfb128,ofb128"
 $ LIB_BN_ASM = "[.asm]vms.mar,vms-helper"
 $ IF F$TRNLNM("OPENSSL_NO_ASM") .OR. ARCH .NES. "VAX" THEN -
      LIB_BN_ASM = "bn_asm"
@@ -308,15 +340,23 @@ $ LIB_JPAKE = "jpake,jpake_err"
 $!
 $! Setup exceptional compilations
 $!
-$ ! Add definitions for no threads on OpenVMS 7.1 and higher
+$ CC3_SHOWN = 0
+$ CC4_SHOWN = 0
+$ CC5_SHOWN = 0
+$ CC6_SHOWN = 0
+$!
+$! The following lists must have leading and trailing commas, and no
+$! embedded spaces.  (They are scanned for ",name,".)
+$!
+$ ! Add definitions for no threads on OpenVMS 7.1 and higher.
 $ COMPILEWITH_CC3 = ",bss_rtcp,"
-$ ! Disable the DOLLARID warning
-$ COMPILEWITH_CC4 = ",a_utctm,bss_log,o_time,o_dir"
-$ ! Disable disjoint optimization
+$ ! Disable the DOLLARID warning.  Not needed with /STANDARD=RELAXED.
+$ COMPILEWITH_CC4 = "" !!! ",a_utctm,bss_log,o_time,o_dir,"
+$ ! Disable disjoint optimization on VAX with DECC.
 $ COMPILEWITH_CC5 = ",md2_dgst,md4_dgst,md5_dgst,mdc2dgst," + -
                     "seed,sha_dgst,sha1dgst,rmd_dgst,bf_enc,"
-$ ! Disable the MIXLINKAGE warning
-$ COMPILEWITH_CC6 = ",enc_read,set_key,"
+$ ! Disable the MIXLINKAGE warning.
+$ COMPILEWITH_CC6 = "" !!! ",enc_read,set_key,"
 $!
 $! Figure Out What Other Modules We Are To Build.
 $!
@@ -522,31 +562,60 @@ $   WRITE SYS$OUTPUT "Compiling The ",FILE_NAME," File.  (",BUILDALL,",",STATE,"
 $ ENDIF
 $ IF (MODULE_NAME.NES."")
 $ THEN 
-$   WRITE SYS$OUTPUT "	",FILE_NAME,""
+$   WRITE SYS$OUTPUT "        ",FILE_NAME,""
 $ ENDIF
 $!
 $! Compile The File.
 $!
 $ ON ERROR THEN GOTO NEXT_FILE
-$ FILE_NAME0 = F$ELEMENT(0,".",FILE_NAME)
+$ FILE_NAME0 = ","+ F$ELEMENT(0,".",FILE_NAME)+ ","
 $ IF FILE_NAME - ".mar" .NES. FILE_NAME
 $ THEN
 $   MACRO/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
 $ ELSE
 $   IF COMPILEWITH_CC3 - FILE_NAME0 .NES. COMPILEWITH_CC3
 $   THEN
+$     write sys$output "        \Using special rule (3)"
+$     if (.not. CC3_SHOWN)
+$     then
+$       CC3_SHOWN = 1
+$       x = "    "+ CC3
+$       write /symbol sys$output x
+$     endif
 $     CC3/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
 $   ELSE
 $     IF COMPILEWITH_CC4 - FILE_NAME0 .NES. COMPILEWITH_CC4
 $     THEN
+$       write /symbol sys$output "        \Using special rule (4)"
+$       if (.not. CC4_SHOWN)
+$       then
+$         CC4_SHOWN = 1
+$         x = "    "+ CC4
+$         write /symbol sys$output x
+$       endif
 $       CC4/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
 $     ELSE
-$       IF COMPILEWITH_CC5 - FILE_NAME0 .NES. COMPILEWITH_CC5
+$       IF CC5_DIFFERENT .AND. -
+         (COMPILEWITH_CC5 - FILE_NAME0 .NES. COMPILEWITH_CC5)
 $       THEN
+$         write sys$output "        \Using special rule (5)"
+$         if (.not. CC5_SHOWN)
+$         then
+$           CC5_SHOWN = 1
+$           x = "    "+ CC5
+$           write /symbol sys$output x
+$         endif
 $         CC5/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
 $       ELSE
 $         IF COMPILEWITH_CC6 - FILE_NAME0 .NES. COMPILEWITH_CC6
 $         THEN
+$           write sys$output "        \Using special rule (6)"
+$           if (.not. CC6_SHOWN)
+$           then
+$             CC6_SHOWN = 1
+$             x = "    "+ CC6
+$             write /symbol sys$output x
+$           endif
 $           CC6/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
 $         ELSE
 $           CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
@@ -593,38 +662,22 @@ $!   SHOW SYMBOL APPLICATION*
 $!
 $! Tell the user what happens
 $!
-$   WRITE SYS$OUTPUT "	",APPLICATION,".exe"
+$   WRITE SYS$OUTPUT "        ",APPLICATION,".exe"
 $!
 $! Link The Program.
 $!
 $   ON ERROR THEN GOTO NEXT_APPLICATION
 $!
-$! Check To See If We Are To Link With A Specific TCP/IP Library.
-$!
-$   IF (TCPIP_LIB.NES."")
-$   THEN
+$!  Link With A TCP/IP Library.
 $!
-$!    Link With A TCP/IP Library.
+$   LINK /'DEBUGGER' /'LINKMAP' /'TRACEBACK' -
+     /EXE='EXE_DIR''APPLICATION'.EXE -
+     'OBJ_DIR''APPLICATION_OBJECTS', -
+     'CRYPTO_LIB'/LIBRARY -
+     'TCPIP_LIB' -
+     'ZLIB_LIB' -
+     ,'OPT_FILE' /OPTIONS
 $!
-$     LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR''APPLICATION'.EXE -
-          'OBJ_DIR''APPLICATION_OBJECTS', -
-	  'CRYPTO_LIB'/LIBRARY, -
-          'TCPIP_LIB','OPT_FILE'/OPTION
-$!
-$! Else...
-$!
-$   ELSE
-$!
-$!    Don't Link With A TCP/IP Library.
-$!
-$     LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR''APPLICATION'.EXE -
-          'OBJ_DIR''APPLICATION_OBJECTS',-
-	  'CRYPTO_LIB'/LIBRARY, -
-          'OPT_FILE'/OPTION
-$!
-$! End The TCP/IP Library Check.
-$!
-$   ENDIF
 $   GOTO NEXT_APPLICATION
 $  APPLICATION_DONE:
 $ ENDIF
@@ -663,7 +716,7 @@ $!
 $     CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File To Link Agianst 
+! Default System Options File To Link Against 
 ! The Sharable VAX C Runtime Library.
 !
 SYS$SHARE:VAXCRTL.EXE/SHARE
@@ -692,7 +745,7 @@ $!
 $     CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File To Link Agianst 
+! Default System Options File To Link Against 
 ! The Sharable C Runtime Library.
 !
 GNU_CC:[000000]GCCLIB/LIBRARY
@@ -727,7 +780,7 @@ $!
 $       CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File To Link Agianst 
+! Default System Options File To Link Against 
 ! The Sharable DEC C Runtime Library.
 !
 SYS$SHARE:DECC$SHR.EXE/SHARE
@@ -742,7 +795,7 @@ $!
 $       CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File For non-VAX To Link Agianst 
+! Default System Options File For non-VAX To Link Against 
 ! The Sharable C Runtime Library.
 !
 SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
@@ -763,7 +816,7 @@ $ ENDIF
 $!
 $!  Tell The User What Linker Option File We Are Using.
 $!
-$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"."	
+$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"."
 $!
 $! Time To RETURN.
 $!
@@ -810,8 +863,8 @@ $     WRITE SYS$OUTPUT "    APPS     :  To Compile Just The [.xxx.EXE.CRYPTO]*.E
 $     WRITE SYS$OUTPUT ""
 $     WRITE SYS$OUTPUT " Where 'xxx' Stands For:"
 $     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "    ALPHA    :  Alpha Architecture."
-$     WRITE SYS$OUTPUT "    IA64     :  IA64 Architecture."
+$     WRITE SYS$OUTPUT "    ALPHA[64]:  Alpha Architecture."
+$     WRITE SYS$OUTPUT "    IA64[64] :  IA64 Architecture."
 $     WRITE SYS$OUTPUT "    VAX      :  VAX Architecture."
 $     WRITE SYS$OUTPUT ""
 $!
@@ -832,15 +885,16 @@ $!
 $ IF (P2.EQS."NODEBUG")
 $ THEN
 $!
-$!   P2 Is NODEBUG, So Compile Without The Debugger Information.
+$!  P2 Is NODEBUG, So Compile Without The Debugger Information.
 $!
-$    DEBUGGER = "NODEBUG"
-$    TRACEBACK = "NOTRACEBACK" 
-$    GCC_OPTIMIZE = "OPTIMIZE"
-$    CC_OPTIMIZE = "OPTIMIZE"
-$    MACRO_OPTIMIZE = "OPTIMIZE"
-$    WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
-$    WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
+$   DEBUGGER = "NODEBUG"
+$   LINKMAP = "NOMAP"
+$   TRACEBACK = "NOTRACEBACK" 
+$   GCC_OPTIMIZE = "OPTIMIZE"
+$   CC_OPTIMIZE = "OPTIMIZE"
+$   MACRO_OPTIMIZE = "OPTIMIZE"
+$   WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
+$   WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
 $ ELSE
 $!
 $!  Check To See If We Are To Compile With Debugger Information.
@@ -851,6 +905,7 @@ $!
 $!    Compile With Debugger Information.
 $!
 $     DEBUGGER = "DEBUG"
+$     LINKMAP = "MAP"
 $     TRACEBACK = "TRACEBACK"
 $     GCC_OPTIMIZE = "NOOPTIMIZE"
 $     CC_OPTIMIZE = "NOOPTIMIZE"
@@ -859,7 +914,7 @@ $     WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile."
 $     WRITE SYS$OUTPUT "Compiling Without Compiler Optimization."
 $   ELSE 
 $!
-$!    They Entered An Invalid Option..
+$!    They Entered An Invalid Option.
 $!
 $     WRITE SYS$OUTPUT ""
 $     WRITE SYS$OUTPUT "The Option ",P2," Is Invalid.  The Valid Options Are:"
@@ -914,58 +969,60 @@ $! End The P5 Check.
 $!
 $ ENDIF
 $!
-$! Check To See If P7 Is Blank.
+$! Check P7 (POINTER_SIZE).
 $!
-$ IF (P7.EQS."")
+$ IF (P7 .NES. "") .AND. (ARCH .NES. "VAX")
 $ THEN
-$   POINTER_SIZE = ""
-$ ELSE
-$!
-$!  Check is P7 Is Valid
 $!
-$   IF (P7.EQS."32")
+$   IF (P7 .EQS. "32")
 $   THEN
-$     POINTER_SIZE = "/POINTER_SIZE=32"
-$     IF ARCH .EQS. "VAX"
-$     THEN
-$       LIB32 = ""
-$     ELSE
-$       LIB32 = "32"
-$     ENDIF
+$     POINTER_SIZE = " /POINTER_SIZE=32"
 $   ELSE
-$     IF (P7.EQS."64")
+$     POINTER_SIZE = F$EDIT( P7, "COLLAPSE, UPCASE")
+$     IF ((POINTER_SIZE .EQS. "64") .OR. -
+       (POINTER_SIZE .EQS. "64=") .OR. -
+       (POINTER_SIZE .EQS. "64=ARGV"))
 $     THEN
+$       ARCHD = ARCH+ "_64"
 $       LIB32 = ""
-$       IF ARCH .EQS. "VAX"
-$       THEN
-$         POINTER_SIZE = "/POINTER_SIZE=32"
-$       ELSE
-$         POINTER_SIZE = "/POINTER_SIZE=64"
-$       ENDIF
+$       POINTER_SIZE = " /POINTER_SIZE=64"
 $     ELSE
 $!
-$!      Tell The User Entered An Invalid Option..
+$!      Tell The User Entered An Invalid Option.
 $!
 $       WRITE SYS$OUTPUT ""
-$       WRITE SYS$OUTPUT "The Option ",P7," Is Invalid.  The Valid Options Are:"
+$       WRITE SYS$OUTPUT "The Option ", P7, -
+         " Is Invalid.  The Valid Options Are:"
 $       WRITE SYS$OUTPUT ""
-$       WRITE SYS$OUTPUT "    32  :  Compile with 32 bit pointer size"
-$       WRITE SYS$OUTPUT "    64  :  Compile with 64 bit pointer size"
+$       WRITE SYS$OUTPUT -
+         "    """"       :  Compile with default (short) pointers."
+$       WRITE SYS$OUTPUT -
+         "    32       :  Compile with 32-bit (short) pointers."
+$       WRITE SYS$OUTPUT -
+         "    64       :  Compile with 64-bit (long) pointers (auto ARGV)."
+$       WRITE SYS$OUTPUT -
+         "    64=      :  Compile with 64-bit (long) pointers (no ARGV)."
+$       WRITE SYS$OUTPUT -
+         "    64=ARGV  :  Compile with 64-bit (long) pointers (ARGV)."
 $       WRITE SYS$OUTPUT ""
-$!
+$! 
 $!      Time To EXIT.
 $!
-$       GOTO TIDY
-$!
-$!      End The Valid Arguement Check.
+$       EXIT
 $!
 $     ENDIF
+$!
 $   ENDIF
 $!
-$! End The P7 Check.
+$! End The P7 (POINTER_SIZE) Check.
 $!
 $ ENDIF
 $!
+$! Set basic C compiler /INCLUDE directories.
+$!
+$ CC_INCLUDES = "SYS$DISK:[.''ARCHD'],SYS$DISK:[],SYS$DISK:[-],"+ -
+   "SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1]"
+$!
 $! Check To See If P3 Is Blank.
 $!
 $ IF (P3.EQS."")
@@ -1066,11 +1123,64 @@ $ CCDEFS = "TCPIP_TYPE_''P4',DSO_VMS"
 $ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
 $ CCEXTRAFLAGS = ""
 $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
+$ CCDISABLEWARNINGS = "" !!! "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
 $ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
 	CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
 $!
-$!  Check To See If The User Entered A Valid Paramter.
+$! Check To See If We Have A ZLIB Option.
+$!
+$ ZLIB = P8
+$ IF (ZLIB .NES. "")
+$ THEN
+$!
+$!  Check for expected ZLIB files.
+$!
+$   err = 0
+$   file1 = f$parse( "zlib.h", ZLIB, , , "SYNTAX_ONLY")
+$   if (f$search( file1) .eqs. "")
+$   then
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid."
+$     WRITE SYS$OUTPUT "    Can't find header: ''file1'"
+$     err = 1
+$   endif
+$   file1 = f$parse( "A.;", ZLIB)- "A.;"
+$!
+$   file2 = f$parse( ZLIB, "libz.olb", , , "SYNTAX_ONLY")
+$   if (f$search( file2) .eqs. "")
+$   then
+$     if (err .eq. 0)
+$     then
+$       WRITE SYS$OUTPUT ""
+$       WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid."
+$     endif
+$     WRITE SYS$OUTPUT "    Can't find library: ''file2'"
+$     WRITE SYS$OUTPUT ""
+$     err = err+ 2
+$   endif
+$   if (err .eq. 1)
+$   then
+$     WRITE SYS$OUTPUT ""
+$   endif
+$!
+$   if (err .ne. 0)
+$   then
+$     EXIT
+$   endif
+$!
+$   CCDEFS = """ZLIB=1"", "+ CCDEFS
+$   CC_INCLUDES = CC_INCLUDES+ ", "+ file1
+$   ZLIB_LIB = ", ''file2' /library"
+$!
+$!  Print info
+$!
+$   WRITE SYS$OUTPUT "ZLIB library spec: ", file2
+$!
+$! End The ZLIB Check.
+$!
+$ ENDIF
+$!
+$!  Check To See If The User Entered A Valid Parameter.
 $!
 $ IF (P3.EQS."VAXC").OR.(P3.EQS."DECC").OR.(P3.EQS."GNUC")
 $ THEN
@@ -1093,14 +1203,14 @@ $!
 $     CC = "CC"
 $     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
 	 THEN CC = "CC/DECC"
-$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89''POINTER_SIZE'" + -
-           "/NOLIST/PREFIX=ALL" + -
-	   "/INCLUDE=(SYS$DISK:[._''ARCH'],SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + -
-	   CCEXTRAFLAGS
+$     CC = CC + " /''CC_OPTIMIZE' /''DEBUGGER' /STANDARD=RELAXED"+ -
+       "''POINTER_SIZE' /NOLIST /PREFIX=ALL" + -
+       " /INCLUDE=(''CC_INCLUDES')"+ -
+       CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT"
+$     OPT_FILE = "VAX_DECC_OPTIONS.OPT"
 $!
 $!  End DECC Check.
 $!
@@ -1129,7 +1239,7 @@ $	EXIT
 $     ENDIF
 $     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
 $     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-	   "/INCLUDE=(SYS$DISK:[._''ARCH'],SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + -
+       "/INCLUDE=(''CC_INCLUDES')"+ -
 	   CCEXTRAFLAGS
 $     CCDEFS = """VAXC""," + CCDEFS
 $!
@@ -1139,7 +1249,7 @@ $     DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT"
+$     OPT_FILE = "VAX_VAXC_OPTIONS.OPT"
 $!
 $!  End VAXC Check
 $!
@@ -1161,12 +1271,12 @@ $!
 $!    Use GNU C...
 $!
 $     CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-	   "/INCLUDE=(SYS$DISK:[._''ARCH'],SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1])" + -
+       "/INCLUDE=(''CC_INCLUDES')"+ -
 	   CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT"
+$     OPT_FILE = "VAX_GNUC_OPTIONS.OPT"
 $!
 $!  End The GNU C Check.
 $!
@@ -1187,22 +1297,24 @@ $       CC6DISABLEWARNINGS = "MIXLINKAGE"
 $     ELSE
 $       CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID"
 $       CC6DISABLEWARNINGS = CCDISABLEWARNINGS + ",MIXLINKAGE"
-$       CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
+$       CCDISABLEWARNINGS = " /WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
 $     ENDIF
-$     CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
-$     CC6DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC6DISABLEWARNINGS + "))"
+$     CC4DISABLEWARNINGS = " /WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
+$     CC6DISABLEWARNINGS = " /WARNING=(DISABLE=(" + CC6DISABLEWARNINGS + "))"
 $   ELSE
 $     CCDISABLEWARNINGS = ""
 $     CC4DISABLEWARNINGS = ""
 $     CC6DISABLEWARNINGS = ""
 $   ENDIF
-$   CC3 = CC + "/DEFINE=(" + CCDEFS + ISSEVEN + ")" + CCDISABLEWARNINGS
-$   CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
+$   CC3 = CC + " /DEFINE=(" + CCDEFS + ISSEVEN + ")" + CCDISABLEWARNINGS
+$   CC = CC + " /DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
 $   IF ARCH .EQS. "VAX" .AND. COMPILER .EQS. "DECC" .AND. P2 .NES. "DEBUG"
 $   THEN
-$     CC5 = CC + "/OPTIMIZE=NODISJOINT"
+$     CC5 = CC + " /OPTIMIZE=NODISJOINT"
+$     CC5_DIFFERENT = 1
 $   ELSE
-$     CC5 = CC + "/NOOPTIMIZE"
+$     CC5 = CC
+$     CC5_DIFFERENT = 0
 $   ENDIF
 $   CC4 = CC - CCDISABLEWARNINGS + CC4DISABLEWARNINGS
 $   CC6 = CC - CCDISABLEWARNINGS + CC6DISABLEWARNINGS
@@ -1255,7 +1367,7 @@ $   THEN
 $!
 $!    Set the library to use SOCKETSHR
 $!
-$     TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT/OPT"
+$     TCPIP_LIB = ",SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT /OPTIONS"
 $!
 $!    Done with SOCKETSHR
 $!
@@ -1281,13 +1393,13 @@ $   THEN
 $!
 $!    Set the library to use UCX.
 $!
-$     TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT/OPT"
+$     TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT /OPTIONS"
 $     IF F$TRNLNM("UCX$IPC_SHR") .NES. ""
 $     THEN
-$       TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT"
+$       TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT /OPTIONS"
 $     ELSE
 $       IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN -
-	  TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT/OPT"
+	  TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT /OPTIONS"
 $     ENDIF
 $!
 $!    Done with UCX
@@ -1301,7 +1413,7 @@ $   THEN
 $!
 $!    Set the library to use TCPIP (post UCX).
 $!
-$     TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT"
+$     TCPIP_LIB = ",SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT /OPTIONS"
 $!
 $!    Done with TCPIP
 $!
@@ -1322,7 +1434,7 @@ $   ENDIF
 $!
 $!  Print info
 $!
-$   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB
+$   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB- ","
 $!
 $!  Else The User Entered An Invalid Argument.
 $!
diff --git a/openssl/crypto/dsa/dsa_pmeth.c b/openssl/crypto/dsa/dsa_pmeth.c
index 4ce91e20c..e2df54fec 100644
--- a/openssl/crypto/dsa/dsa_pmeth.c
+++ b/openssl/crypto/dsa/dsa_pmeth.c
@@ -187,6 +187,7 @@ static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 		case EVP_PKEY_CTRL_MD:
 		if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1   &&
 		    EVP_MD_type((const EVP_MD *)p2) != NID_dsa    &&
+		    EVP_MD_type((const EVP_MD *)p2) != NID_dsaWithSHA    &&
 		    EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
 		    EVP_MD_type((const EVP_MD *)p2) != NID_sha256)
 			{
diff --git a/openssl/crypto/dso/dso_dlfcn.c b/openssl/crypto/dso/dso_dlfcn.c
index 14bd322fb..c2bc61760 100644
--- a/openssl/crypto/dso/dso_dlfcn.c
+++ b/openssl/crypto/dso/dso_dlfcn.c
@@ -85,6 +85,7 @@ DSO_METHOD *DSO_METHOD_dlfcn(void)
 # define HAVE_DLINFO 1
 # if defined(_AIX) || defined(__CYGWIN__) || \
      defined(__SCO_VERSION__) || defined(_SCO_ELF) || \
+     (defined(__osf__) && !defined(RTLD_NEXT))     || \
      (defined(__OpenBSD__) && !defined(RTLD_SELF))
 #  undef HAVE_DLINFO
 # endif
diff --git a/openssl/crypto/dso/dso_vms.c b/openssl/crypto/dso/dso_vms.c
index 321512772..eee20d14f 100644
--- a/openssl/crypto/dso/dso_vms.c
+++ b/openssl/crypto/dso/dso_vms.c
@@ -68,8 +68,20 @@
 #include <stsdef.h>
 #include <descrip.h>
 #include <starlet.h>
+#include "vms_rms.h"
 #endif
 
+/* Some compiler options may mask the declaration of "_malloc32". */
+#if __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE
+# if __INITIAL_POINTER_SIZE == 64
+#  pragma pointer_size save
+#  pragma pointer_size 32
+    void * _malloc32  (__size_t);
+#  pragma pointer_size restore
+# endif /* __INITIAL_POINTER_SIZE == 64 */
+#endif /* __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE */
+
+
 #ifndef OPENSSL_SYS_VMS
 DSO_METHOD *DSO_METHOD_vms(void)
 	{
@@ -121,14 +133,13 @@ typedef struct dso_internal_st
 	/* This should contain the name only, no directory,
 	 * no extension, nothing but a name. */
 	struct dsc$descriptor_s filename_dsc;
-	char filename[FILENAME_MAX+1];
+	char filename[ NAMX_MAXRSS+ 1];
 	/* This contains whatever is not in filename, if needed.
 	 * Normally not defined. */
 	struct dsc$descriptor_s imagename_dsc;
-	char imagename[FILENAME_MAX+1];
+	char imagename[ NAMX_MAXRSS+ 1];
 	} DSO_VMS_INTERNAL;
 
-
 DSO_METHOD *DSO_METHOD_vms(void)
 	{
 	return(&dso_meth_vms);
@@ -139,7 +150,22 @@ static int vms_load(DSO *dso)
 	void *ptr = NULL;
 	/* See applicable comments in dso_dl.c */
 	char *filename = DSO_convert_filename(dso, NULL);
-	DSO_VMS_INTERNAL *p;
+
+/* Ensure 32-bit pointer for "p", and appropriate malloc() function. */
+#if __INITIAL_POINTER_SIZE == 64
+# define DSO_MALLOC _malloc32
+# pragma pointer_size save
+# pragma pointer_size 32
+#else /* __INITIAL_POINTER_SIZE == 64 */
+# define DSO_MALLOC OPENSSL_malloc
+#endif /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+	DSO_VMS_INTERNAL *p = NULL;
+
+#if __INITIAL_POINTER_SIZE == 64
+# pragma pointer_size restore
+#endif /* __INITIAL_POINTER_SIZE == 64 */
+
 	const char *sp1, *sp2;	/* Search result */
 
 	if(filename == NULL)
@@ -192,7 +218,7 @@ static int vms_load(DSO *dso)
 		goto err;
 		}
 
-	p = (DSO_VMS_INTERNAL *)OPENSSL_malloc(sizeof(DSO_VMS_INTERNAL));
+	p = DSO_MALLOC(sizeof(DSO_VMS_INTERNAL));
 	if(p == NULL)
 		{
 		DSOerr(DSO_F_VMS_LOAD,ERR_R_MALLOC_FAILURE);
@@ -290,18 +316,38 @@ void vms_bind_sym(DSO *dso, const char *symname, void **sym)
 	int flags = 0;
 #endif
 	struct dsc$descriptor_s symname_dsc;
-	*sym = NULL;
 
-	symname_dsc.dsc$w_length = strlen(symname);
-	symname_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
-	symname_dsc.dsc$b_class = DSC$K_CLASS_S;
-	symname_dsc.dsc$a_pointer = (char *)symname; /* The cast is needed */
+/* Arrange 32-bit pointer to (copied) string storage, if needed. */
+#if __INITIAL_POINTER_SIZE == 64
+# define SYMNAME symname_32p
+# pragma pointer_size save
+# pragma pointer_size 32
+	char *symname_32p;
+# pragma pointer_size restore
+	char symname_32[ NAMX_MAXRSS+ 1];
+#else /* __INITIAL_POINTER_SIZE == 64 */
+# define SYMNAME ((char *) symname)
+#endif /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+	*sym = NULL;
 
 	if((dso == NULL) || (symname == NULL))
 		{
 		DSOerr(DSO_F_VMS_BIND_SYM,ERR_R_PASSED_NULL_PARAMETER);
 		return;
 		}
+
+#if __INITIAL_POINTER_SIZE == 64
+	/* Copy the symbol name to storage with a 32-bit pointer. */
+	symname_32p = symname_32;
+	strcpy( symname_32p, symname);
+#endif /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+	symname_dsc.dsc$w_length = strlen(SYMNAME);
+	symname_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+	symname_dsc.dsc$b_class = DSC$K_CLASS_S;
+	symname_dsc.dsc$a_pointer = SYMNAME;
+
 	if(sk_void_num(dso->meth_data) < 1)
 		{
 		DSOerr(DSO_F_VMS_BIND_SYM,DSO_R_STACK_ERROR);
@@ -372,64 +418,60 @@ static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname)
 	return sym;
 	}
 
+
 static char *vms_merger(DSO *dso, const char *filespec1, const char *filespec2)
 	{
 	int status;
 	int filespec1len, filespec2len;
 	struct FAB fab;
-#ifdef NAML$C_MAXRSS
-	struct NAML nam;
-	char esa[NAML$C_MAXRSS];
-#else
-	struct NAM nam;
-	char esa[NAM$C_MAXRSS];
-#endif
+	struct NAMX_STRUCT nam;
+	char esa[ NAMX_MAXRSS+ 1];
 	char *merged;
 
+/* Arrange 32-bit pointer to (copied) string storage, if needed. */
+#if __INITIAL_POINTER_SIZE == 64
+# define FILESPEC1 filespec1_32p;
+# define FILESPEC2 filespec2_32p;
+# pragma pointer_size save
+# pragma pointer_size 32
+	char *filespec1_32p;
+	char *filespec2_32p;
+# pragma pointer_size restore
+	char filespec1_32[ NAMX_MAXRSS+ 1];
+	char filespec2_32[ NAMX_MAXRSS+ 1];
+#else /* __INITIAL_POINTER_SIZE == 64 */
+# define FILESPEC1 ((char *) filespec1)
+# define FILESPEC2 ((char *) filespec2)
+#endif /* __INITIAL_POINTER_SIZE == 64 [else] */
+
 	if (!filespec1) filespec1 = "";
 	if (!filespec2) filespec2 = "";
 	filespec1len = strlen(filespec1);
 	filespec2len = strlen(filespec2);
 
+#if __INITIAL_POINTER_SIZE == 64
+	/* Copy the file names to storage with a 32-bit pointer. */
+	filespec1_32p = filespec1_32;
+	filespec2_32p = filespec2_32;
+	strcpy( filespec1_32p, filespec1);
+	strcpy( filespec2_32p, filespec2);
+#endif /* __INITIAL_POINTER_SIZE == 64 [else] */
+
 	fab = cc$rms_fab;
-#ifdef NAML$C_MAXRSS
-	nam = cc$rms_naml;
-#else
-	nam = cc$rms_nam;
-#endif
+	nam = CC_RMS_NAMX;
 
-	fab.fab$l_fna = (char *)filespec1;
-	fab.fab$b_fns = filespec1len;
-	fab.fab$l_dna = (char *)filespec2;
-	fab.fab$b_dns = filespec2len;
-#ifdef NAML$C_MAXRSS
-	if (filespec1len > NAM$C_MAXRSS)
-		{
-		fab.fab$l_fna = 0;
-		fab.fab$b_fns = 0;
-		nam.naml$l_long_filename = (char *)filespec1;
-		nam.naml$l_long_filename_size = filespec1len;
-		}
-	if (filespec2len > NAM$C_MAXRSS)
-		{
-		fab.fab$l_dna = 0;
-		fab.fab$b_dns = 0;
-		nam.naml$l_long_defname = (char *)filespec2;
-		nam.naml$l_long_defname_size = filespec2len;
-		}
-	nam.naml$l_esa = esa;
-	nam.naml$b_ess = NAM$C_MAXRSS;
-	nam.naml$l_long_expand = esa;
-	nam.naml$l_long_expand_alloc = sizeof(esa);
-	nam.naml$b_nop = NAM$M_SYNCHK | NAM$M_PWD;
-	nam.naml$v_no_short_upcase = 1;
-	fab.fab$l_naml = &nam;
-#else
-	nam.nam$l_esa = esa;
-	nam.nam$b_ess = NAM$C_MAXRSS;
-	nam.nam$b_nop = NAM$M_SYNCHK | NAM$M_PWD;
-	fab.fab$l_nam = &nam;
-#endif
+	FAB_OR_NAML( fab, nam).FAB_OR_NAML_FNA = FILESPEC1;
+	FAB_OR_NAML( fab, nam).FAB_OR_NAML_FNS = filespec1len;
+	FAB_OR_NAML( fab, nam).FAB_OR_NAML_DNA = FILESPEC2;
+	FAB_OR_NAML( fab, nam).FAB_OR_NAML_DNS = filespec2len;
+	NAMX_DNA_FNA_SET( fab)
+
+	nam.NAMX_ESA = esa;
+	nam.NAMX_ESS = NAMX_MAXRSS;
+	nam.NAMX_NOP = NAM$M_SYNCHK | NAM$M_PWD;
+	SET_NAMX_NO_SHORT_UPCASE( nam);
+
+	fab.FAB_NAMX = &nam;
 
 	status = sys$parse(&fab, 0, 0);
 
@@ -460,33 +502,12 @@ static char *vms_merger(DSO *dso, const char *filespec1, const char *filespec2)
 			}
 		return(NULL);
 		}
-#ifdef NAML$C_MAXRSS
-	if (nam.naml$l_long_expand_size)
-		{
-		merged = OPENSSL_malloc(nam.naml$l_long_expand_size + 1);
-		if(!merged)
-			goto malloc_err;
-		strncpy(merged, nam.naml$l_long_expand,
-			nam.naml$l_long_expand_size);
-		merged[nam.naml$l_long_expand_size] = '\0';
-		}
-	else
-		{
-		merged = OPENSSL_malloc(nam.naml$b_esl + 1);
-		if(!merged)
-			goto malloc_err;
-		strncpy(merged, nam.naml$l_esa,
-			nam.naml$b_esl);
-		merged[nam.naml$b_esl] = '\0';
-		}
-#else
-	merged = OPENSSL_malloc(nam.nam$b_esl + 1);
+
+	merged = OPENSSL_malloc( nam.NAMX_ESL+ 1);
 	if(!merged)
 		goto malloc_err;
-	strncpy(merged, nam.nam$l_esa,
-		nam.nam$b_esl);
-	merged[nam.nam$b_esl] = '\0';
-#endif
+	strncpy( merged, nam.NAMX_ESA, nam.NAMX_ESL);
+	merged[ nam.NAMX_ESL] = '\0';
 	return(merged);
  malloc_err:
 	DSOerr(DSO_F_VMS_MERGER,
diff --git a/openssl/crypto/ecdsa/ecdsatest.c b/openssl/crypto/ecdsa/ecdsatest.c
index aa4e1481a..26a4a9ee7 100644
--- a/openssl/crypto/ecdsa/ecdsatest.c
+++ b/openssl/crypto/ecdsa/ecdsatest.c
@@ -168,10 +168,9 @@ int fbytes(unsigned char *buf, int num)
 		return 0;
 		}
 	fbytes_counter ++;
-	ret = BN_bn2bin(tmp, buf);	
-	if (ret == 0 || ret != num)
+	if (num != BN_num_bytes(tmp) || !BN_bn2bin(tmp, buf))
 		ret = 0;
-	else
+	else 
 		ret = 1;
 	if (tmp)
 		BN_free(tmp);
diff --git a/openssl/crypto/ecdsa/ecs_ossl.c b/openssl/crypto/ecdsa/ecs_ossl.c
index 551cf5068..1bbf328de 100644
--- a/openssl/crypto/ecdsa/ecs_ossl.c
+++ b/openssl/crypto/ecdsa/ecs_ossl.c
@@ -144,6 +144,14 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
 			}
 		while (BN_is_zero(k));
 
+		/* We do not want timing information to leak the length of k,
+		 * so we compute G*k using an equivalent scalar of fixed
+		 * bit-length. */
+
+		if (!BN_add(k, k, order)) goto err;
+		if (BN_num_bits(k) <= BN_num_bits(order))
+			if (!BN_add(k, k, order)) goto err;
+
 		/* compute r the x-coordinate of generator * k */
 		if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx))
 		{
diff --git a/openssl/crypto/evp/evp_test.c b/openssl/crypto/evp/evp_test.c
index 902efac97..55c7cdfdc 100644
--- a/openssl/crypto/evp/evp_test.c
+++ b/openssl/crypto/evp/evp_test.c
@@ -435,6 +435,7 @@ int main(int argc,char **argv)
 	    EXIT(3);
 	    }
 	}
+	fclose(f);
 
 #ifndef OPENSSL_NO_ENGINE
     ENGINE_cleanup();
diff --git a/openssl/crypto/hmac/hm_pmeth.c b/openssl/crypto/hmac/hm_pmeth.c
index 985921ca1..71e8567a1 100644
--- a/openssl/crypto/hmac/hm_pmeth.c
+++ b/openssl/crypto/hmac/hm_pmeth.c
@@ -147,6 +147,8 @@ static int int_update(EVP_MD_CTX *ctx,const void *data,size_t count)
 
 static int hmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
 	{
+	HMAC_PKEY_CTX *hctx = ctx->data;
+	HMAC_CTX_set_flags(&hctx->ctx, mctx->flags & ~EVP_MD_CTX_FLAG_NO_INIT);
 	EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
 	mctx->update = int_update;
 	return 1;
diff --git a/openssl/crypto/install-crypto.com b/openssl/crypto/install-crypto.com
new file mode 100644
index 000000000..85b3d583c
--- /dev/null
+++ b/openssl/crypto/install-crypto.com
@@ -0,0 +1,196 @@
+$! INSTALL.COM -- Installs the files in a given directory tree
+$!
+$! Author: Richard Levitte <richard@levitte.org>
+$! Time of creation: 22-MAY-1998 10:13
+$!
+$! Changes by Zoltan Arpadffy <zoli@polarhome.com>
+$!
+$! P1  root of the directory tree
+$! P2  "64" for 64-bit pointers.
+$!
+$!
+$! Announce/identify.
+$!
+$ proc = f$environment( "procedure")
+$ write sys$output "@@@ "+ -
+   f$parse( proc, , , "name")+ f$parse( proc, , , "type")
+$!
+$ on error then goto tidy
+$ on control_c then goto tidy
+$!
+$ if (p1 .eqs. "")
+$ then
+$   write sys$output "First argument missing."
+$   write sys$output -
+     "It should be the directory where you want things installed."
+$     exit
+$ endif
+$!
+$ if (f$getsyi( "cpu") .lt. 128)
+$ then
+$   arch = "VAX"
+$ else
+$   arch = f$edit( f$getsyi( "arch_name"), "upcase")
+$   if (arch .eqs. "") then arch = "UNK"
+$ endif
+$!
+$ archd = arch
+$ lib32 = "32"
+$ shr = "_SHR32"
+$!
+$ if (p2 .nes. "")
+$ then
+$   if (p2 .eqs. "64")
+$   then
+$     archd = arch+ "_64"
+$     lib32 = ""
+$     shr = "_SHR"
+$   else
+$     if (p2 .nes. "32")
+$     then
+$       write sys$output "Second argument invalid."
+$       write sys$output "It should be "32", "64", or nothing."
+$       exit
+$     endif
+$   endif
+$ endif
+$!
+$ root = f$parse( p1, "[]A.;0", , , "syntax_only, no_conceal") - "A.;0"
+$ root_dev = f$parse( root, , , "device", "syntax_only")
+$ root_dir = f$parse( root, , , "directory", "syntax_only") - -
+   "[000000." - "][" - "[" - "]"
+$ root = root_dev + "[" + root_dir
+$!
+$ define /nolog wrk_sslroot 'root'.] /trans=conc
+$ define /nolog wrk_sslinclude wrk_sslroot:[include]
+$ define /nolog wrk_sslxlib wrk_sslroot:['arch'_lib]
+$!
+$ if f$parse("wrk_sslroot:[000000]") .eqs. "" then -
+   create /directory /log wrk_sslroot:[000000]
+$ if f$parse("wrk_sslinclude:") .eqs. "" then -
+   create /directory /log wrk_sslinclude:
+$ if f$parse("wrk_sslxlib:") .eqs. "" then -
+   create /directory /log wrk_sslxlib:
+$!
+$ sdirs := , -
+   'archd', -
+   objects, -
+   md2, md4, md5, sha, mdc2, hmac, ripemd, whrlpool, -
+   des, aes, rc2, rc4, rc5, idea, bf, cast, camellia, seed, -
+   bn, ec, rsa, dsa, ecdsa, dh, ecdh, dso, engine, -
+   buffer, bio, stack, lhash, rand, err, -
+   evp, asn1, pem, x509, x509v3, conf, txt_db, pkcs7, pkcs12, comp, ocsp, -
+   ui, krb5, -
+   store, cms, pqueue, ts, jpake
+$!
+$ exheader_ := crypto.h, opensslv.h, ebcdic.h, symhacks.h, ossl_typ.h
+$ exheader_'archd' := opensslconf.h
+$ exheader_objects := objects.h, obj_mac.h
+$ exheader_md2 := md2.h
+$ exheader_md4 := md4.h
+$ exheader_md5 := md5.h
+$ exheader_sha := sha.h
+$ exheader_mdc2 := mdc2.h
+$ exheader_hmac := hmac.h
+$ exheader_ripemd := ripemd.h
+$ exheader_whrlpool := whrlpool.h
+$ exheader_des := des.h, des_old.h
+$ exheader_aes := aes.h
+$ exheader_rc2 := rc2.h
+$ exheader_rc4 := rc4.h
+$ exheader_rc5 := rc5.h
+$ exheader_idea := idea.h
+$ exheader_bf := blowfish.h
+$ exheader_cast := cast.h
+$ exheader_camellia := camellia.h
+$ exheader_seed := seed.h
+$ exheader_modes := modes.h
+$ exheader_bn := bn.h
+$ exheader_ec := ec.h
+$ exheader_rsa := rsa.h
+$ exheader_dsa := dsa.h
+$ exheader_ecdsa := ecdsa.h
+$ exheader_dh := dh.h
+$ exheader_ecdh := ecdh.h
+$ exheader_dso := dso.h
+$ exheader_engine := engine.h
+$ exheader_buffer := buffer.h
+$ exheader_bio := bio.h
+$ exheader_stack := stack.h, safestack.h
+$ exheader_lhash := lhash.h
+$ exheader_rand := rand.h
+$ exheader_err := err.h
+$ exheader_evp := evp.h
+$ exheader_asn1 := asn1.h, asn1_mac.h, asn1t.h
+$ exheader_pem := pem.h, pem2.h
+$ exheader_x509 := x509.h, x509_vfy.h
+$ exheader_x509v3 := x509v3.h
+$ exheader_conf := conf.h, conf_api.h
+$ exheader_txt_db := txt_db.h
+$ exheader_pkcs7 := pkcs7.h
+$ exheader_pkcs12 := pkcs12.h
+$ exheader_comp := comp.h
+$ exheader_ocsp := ocsp.h
+$ exheader_ui := ui.h, ui_compat.h
+$ exheader_krb5 := krb5_asn.h
+$! exheader_store := store.h, str_compat.h
+$ exheader_store := store.h
+$ exheader_cms := cms.h
+$ exheader_pqueue := pqueue.h
+$ exheader_ts := ts.h
+$ exheader_jpake := jpake.h
+$ libs := ssl_libcrypto
+$!
+$ exe_dir := [-.'archd'.exe.crypto]
+$!
+$! Header files.
+$!
+$ i = 0
+$ loop_sdirs: 
+$   d = f$edit( f$element( i, ",", sdirs), "trim")
+$   i = i + 1
+$   if d .eqs. "," then goto loop_sdirs_end
+$   tmp = exheader_'d'
+$   if (d .nes. "") then d = "."+ d
+$   copy /protection = w:re ['d']'tmp' wrk_sslinclude: /log
+$ goto loop_sdirs
+$ loop_sdirs_end:
+$!
+$! Object libraries, shareable images.
+$!
+$ i = 0
+$ loop_lib: 
+$   e = f$edit( f$element( i, ",", libs), "trim")
+$   i = i + 1
+$   if e .eqs. "," then goto loop_lib_end
+$   set noon
+$   file = exe_dir+ e+ lib32+ ".olb"
+$   if f$search( file) .nes. ""
+$   then
+$     copy /protection = w:re 'file' wrk_sslxlib: /log
+$   endif
+$!
+$   file = exe_dir+ e+ shr+ ".exe"
+$   if f$search( file) .nes. ""
+$   then
+$     copy /protection = w:re 'file' wrk_sslxlib: /log
+$   endif
+$   set on
+$ goto loop_lib
+$ loop_lib_end:
+$!
+$ tidy:
+$!
+$ call deass wrk_sslroot
+$ call deass wrk_sslinclude
+$ call deass wrk_sslxlib
+$!
+$ exit
+$!
+$ deass: subroutine
+$ if (f$trnlnm( p1, "LNM$PROCESS") .nes. "")
+$ then
+$   deassign /process 'p1'
+$ endif
+$ endsubroutine
+$!
diff --git a/openssl/crypto/install.com b/openssl/crypto/install.com
deleted file mode 100644
index 8bc1e180e..000000000
--- a/openssl/crypto/install.com
+++ /dev/null
@@ -1,150 +0,0 @@
-$! INSTALL.COM -- Installs the files in a given directory tree
-$!
-$! Author: Richard Levitte <richard@levitte.org>
-$! Time of creation: 22-MAY-1998 10:13
-$!
-$! Changes by Zoltan Arpadffy <zoli@polarhome.com>
-$!
-$! P1	root of the directory tree
-$!
-$	IF P1 .EQS. ""
-$	THEN
-$	    WRITE SYS$OUTPUT "First argument missing."
-$	    WRITE SYS$OUTPUT -
-		  "It should be the directory where you want things installed."
-$	    EXIT
-$	ENDIF
-$
-$	IF (F$GETSYI("CPU").LT.128)
-$	THEN
-$	    ARCH := VAX
-$	ELSE
-$	    ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
-$	    IF (ARCH .EQS. "") THEN ARCH = "UNK"
-$	ENDIF
-$
-$	ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
-$	ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
-$	ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
-		   - "[000000." - "][" - "[" - "]"
-$	ROOT = ROOT_DEV + "[" + ROOT_DIR
-$
-$	DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
-$	DEFINE/NOLOG WRK_SSLLIB WRK_SSLROOT:['ARCH'_LIB]
-$	DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE]
-$
-$	IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLROOT:[000000]
-$	IF F$PARSE("WRK_SSLLIB:") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLLIB:
-$	IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLINCLUDE:
-$
-$	SDIRS := ,-
-		 _'ARCH',-
-		 OBJECTS,-
-		 MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,WHRLPOOL,-
-		 DES,AES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,-
-		 BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,-
-		 BUFFER,BIO,STACK,LHASH,RAND,ERR,-
-		 EVP,ASN1,PEM,X509,X509V3,CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,-
-		 UI,KRB5,-
-		 STORE,CMS,PQUEUE,TS,JPAKE
-$	EXHEADER_ := crypto.h,opensslv.h,ebcdic.h,symhacks.h,ossl_typ.h
-$	EXHEADER__'ARCH' := opensslconf.h
-$	EXHEADER_OBJECTS := objects.h,obj_mac.h
-$	EXHEADER_MD2 := md2.h
-$	EXHEADER_MD4 := md4.h
-$	EXHEADER_MD5 := md5.h
-$	EXHEADER_SHA := sha.h
-$	EXHEADER_MDC2 := mdc2.h
-$	EXHEADER_HMAC := hmac.h
-$	EXHEADER_RIPEMD := ripemd.h
-$	EXHEADER_WHRLPOOL := whrlpool.h
-$	EXHEADER_DES := des.h,des_old.h
-$	EXHEADER_AES := aes.h
-$	EXHEADER_RC2 := rc2.h
-$	EXHEADER_RC4 := rc4.h
-$	EXHEADER_RC5 := rc5.h
-$	EXHEADER_IDEA := idea.h
-$	EXHEADER_BF := blowfish.h
-$	EXHEADER_CAST := cast.h
-$	EXHEADER_CAMELLIA := camellia.h
-$	EXHEADER_SEED := seed.h
-$	EXHEADER_MODES := modes.h
-$	EXHEADER_BN := bn.h
-$	EXHEADER_EC := ec.h
-$	EXHEADER_RSA := rsa.h
-$	EXHEADER_DSA := dsa.h
-$	EXHEADER_ECDSA := ecdsa.h
-$	EXHEADER_DH := dh.h
-$	EXHEADER_ECDH := ecdh.h
-$	EXHEADER_DSO := dso.h
-$	EXHEADER_ENGINE := engine.h
-$	EXHEADER_BUFFER := buffer.h
-$	EXHEADER_BIO := bio.h
-$	EXHEADER_STACK := stack.h,safestack.h
-$	EXHEADER_LHASH := lhash.h
-$	EXHEADER_RAND := rand.h
-$	EXHEADER_ERR := err.h
-$	EXHEADER_EVP := evp.h
-$	EXHEADER_ASN1 := asn1.h,asn1_mac.h,asn1t.h
-$	EXHEADER_PEM := pem.h,pem2.h
-$	EXHEADER_X509 := x509.h,x509_vfy.h
-$	EXHEADER_X509V3 := x509v3.h
-$	EXHEADER_CONF := conf.h,conf_api.h
-$	EXHEADER_TXT_DB := txt_db.h
-$	EXHEADER_PKCS7 := pkcs7.h
-$	EXHEADER_PKCS12 := pkcs12.h
-$	EXHEADER_COMP := comp.h
-$	EXHEADER_OCSP := ocsp.h
-$	EXHEADER_UI := ui.h,ui_compat.h
-$	EXHEADER_KRB5 := krb5_asn.h
-$!	EXHEADER_STORE := store.h,str_compat.h
-$	EXHEADER_STORE := store.h
-$	EXHEADER_CMS := cms.h
-$	EXHEADER_PQUEUE := pqueue.h
-$	EXHEADER_TS := ts.h
-$	EXHEADER_JPAKE := jpake.h
-$	LIBS := LIBCRYPTO,LIBCRYPTO32
-$
-$	EXE_DIR := [-.'ARCH'.EXE.CRYPTO]
-$
-$	I = 0
-$ LOOP_SDIRS: 
-$	D = F$EDIT(F$ELEMENT(I, ",", SDIRS),"TRIM")
-$	I = I + 1
-$	IF D .EQS. "," THEN GOTO LOOP_SDIRS_END
-$	tmp = EXHEADER_'D'
-$	IF D .EQS. ""
-$	THEN
-$	  COPY 'tmp' WRK_SSLINCLUDE: /LOG
-$	ELSE
-$	  COPY [.'D']'tmp' WRK_SSLINCLUDE: /LOG
-$	ENDIF
-$	SET FILE/PROT=WORLD:RE WRK_SSLINCLUDE:'tmp'
-$	GOTO LOOP_SDIRS
-$ LOOP_SDIRS_END:
-$
-$	I = 0
-$ LOOP_LIB: 
-$	E = F$EDIT(F$ELEMENT(I, ",", LIBS),"TRIM")
-$	I = I + 1
-$	IF E .EQS. "," THEN GOTO LOOP_LIB_END
-$	SET NOON
-$	IF F$SEARCH(EXE_DIR+E+".OLB") .NES. ""
-$	THEN
-$	  COPY 'EXE_DIR''E'.OLB WRK_SSLLIB:'E'.OLB/log
-$	  SET FILE/PROT=W:RE WRK_SSLLIB:'E'.OLB
-$	ENDIF
-$	! Preparing for the time when we have shareable images
-$	IF F$SEARCH(EXE_DIR+E+".EXE") .NES. ""
-$	THEN
-$	  COPY 'EXE_DIR''E'.EXE WRK_SSLLIB:'E'.EXE/log
-$	  SET FILE/PROT=W:RE WRK_SSLLIB:'E'.EXE
-$	ENDIF
-$	SET ON
-$	GOTO LOOP_LIB
-$ LOOP_LIB_END:
-$
-$	EXIT
diff --git a/openssl/crypto/o_time.c b/openssl/crypto/o_time.c
index eecbdd19f..9030fdef7 100644
--- a/openssl/crypto/o_time.c
+++ b/openssl/crypto/o_time.c
@@ -64,12 +64,18 @@
 #include "o_time.h"
 
 #ifdef OPENSSL_SYS_VMS
-# include <libdtdef.h>
-# include <lib$routines.h>
-# include <lnmdef.h>
-# include <starlet.h>
-# include <descrip.h>
-# include <stdlib.h>
+# if __CRTL_VER >= 70000000 && \
+     (defined _POSIX_C_SOURCE || !defined _ANSI_C_SOURCE)
+#  define VMS_GMTIME_OK
+# endif
+# ifndef VMS_GMTIME_OK
+#  include <libdtdef.h>
+#  include <lib$routines.h>
+#  include <lnmdef.h>
+#  include <starlet.h>
+#  include <descrip.h>
+#  include <stdlib.h>
+# endif /* ndef VMS_GMTIME_OK */
 #endif
 
 struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
@@ -81,7 +87,7 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
 	   so we don't even look at the return value */
 	gmtime_r(timer,result);
 	ts = result;
-#elif !defined(OPENSSL_SYS_VMS)
+#elif !defined(OPENSSL_SYS_VMS) || defined(VMS_GMTIME_OK)
 	ts = gmtime(timer);
 	if (ts == NULL)
 		return NULL;
@@ -89,7 +95,7 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
 	memcpy(result, ts, sizeof(struct tm));
 	ts = result;
 #endif
-#ifdef OPENSSL_SYS_VMS
+#if defined( OPENSSL_SYS_VMS) && !defined( VMS_GMTIME_OK)
 	if (ts == NULL)
 		{
 		static $DESCRIPTOR(tabnam,"LNM$DCL_LOGICAL");
diff --git a/openssl/crypto/ocsp/ocsp_lib.c b/openssl/crypto/ocsp/ocsp_lib.c
index 36905d76c..e92b86c06 100644
--- a/openssl/crypto/ocsp/ocsp_lib.c
+++ b/openssl/crypto/ocsp/ocsp_lib.c
@@ -170,14 +170,14 @@ int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pss
 
 	char *host, *port;
 
-	/* dup the buffer since we are going to mess with it */
-	buf = BUF_strdup(url);
-	if (!buf) goto mem_err;
-
 	*phost = NULL;
 	*pport = NULL;
 	*ppath = NULL;
 
+	/* dup the buffer since we are going to mess with it */
+	buf = BUF_strdup(url);
+	if (!buf) goto mem_err;
+
 	/* Check for initial colon */
 	p = strchr(buf, ':');
 
diff --git a/openssl/crypto/opensslv.h b/openssl/crypto/opensslv.h
index e7fca8345..310a3387b 100644
--- a/openssl/crypto/opensslv.h
+++ b/openssl/crypto/opensslv.h
@@ -25,11 +25,11 @@
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-#define OPENSSL_VERSION_NUMBER	0x1000004fL
+#define OPENSSL_VERSION_NUMBER	0x1000005fL
 #ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.0d-fips 8 Feb 2011"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.0e-fips 6 Sep 2011"
 #else
-#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.0d 8 Feb 2011"
+#define OPENSSL_VERSION_TEXT	"OpenSSL 1.0.0e 6 Sep 2011"
 #endif
 #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
 
diff --git a/openssl/crypto/perlasm/cbc.pl b/openssl/crypto/perlasm/cbc.pl
index e43dc9ae1..6fc251090 100644
--- a/openssl/crypto/perlasm/cbc.pl
+++ b/openssl/crypto/perlasm/cbc.pl
@@ -158,7 +158,6 @@ sub cbc
 	&jmp_ptr($count);
 
 &set_label("ej7");
-	&xor("edx",		"edx") if $ppro; # ppro friendly
 	&movb(&HB("edx"),	&BP(6,$in,"",0));
 	&shl("edx",8);
 &set_label("ej6");
@@ -170,7 +169,6 @@ sub cbc
 	&jmp(&label("ejend"));
 &set_label("ej3");
 	&movb(&HB("ecx"),	&BP(2,$in,"",0));
-	&xor("ecx",		"ecx") if $ppro; # ppro friendly
 	&shl("ecx",8);
 &set_label("ej2");
 	&movb(&HB("ecx"),	&BP(1,$in,"",0));
diff --git a/openssl/crypto/rand/rand_vms.c b/openssl/crypto/rand/rand_vms.c
index 1267a3aca..0bfd8ff7e 100644
--- a/openssl/crypto/rand/rand_vms.c
+++ b/openssl/crypto/rand/rand_vms.c
@@ -69,6 +69,17 @@
 # pragma message disable DOLLARID
 #endif
 
+/* Use 32-bit pointers almost everywhere.  Define the type to which to
+ * cast a pointer passed to an external function.
+ */
+#if __INITIAL_POINTER_SIZE == 64
+# define PTR_T __void_ptr64
+# pragma pointer_size save
+# pragma pointer_size 32
+#else /* __INITIAL_POINTER_SIZE == 64 */
+# define PTR_T void *
+#endif /* __INITIAL_POINTER_SIZE == 64 [else] */
+
 static struct items_data_st
 	{
 	short length, code;	/* length is amount of bytes */
@@ -125,11 +136,12 @@ int RAND_poll(void)
 		{
 		if (status == SS$_NORMAL)
 			{
-			RAND_add(data_buffer, total_length, total_length/2);
+			RAND_add( (PTR_T)data_buffer, total_length,
+			 total_length/2);
 			}
 		}
 	sys$gettim(iosb);
-	RAND_add((unsigned char *)iosb, sizeof(iosb), sizeof(iosb)/2);
+	RAND_add( (PTR_T)iosb, sizeof(iosb), sizeof(iosb)/2);
 	return 1;
 }
 
diff --git a/openssl/crypto/rand/randfile.c b/openssl/crypto/rand/randfile.c
index f9b709e6d..bc7d9c580 100644
--- a/openssl/crypto/rand/randfile.c
+++ b/openssl/crypto/rand/randfile.c
@@ -144,7 +144,9 @@ int RAND_load_file(const char *file, long bytes)
 	   * I/O because we will waste system entropy. 
 	   */
 	  bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */
+#ifndef OPENSSL_NO_SETVBUF_IONBF
 	  setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */
+#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
 	}
 #endif
 	for (;;)
diff --git a/openssl/crypto/rsa/rsa_oaep.c b/openssl/crypto/rsa/rsa_oaep.c
index e238d10e5..18d307ea9 100644
--- a/openssl/crypto/rsa/rsa_oaep.c
+++ b/openssl/crypto/rsa/rsa_oaep.c
@@ -189,34 +189,40 @@ int PKCS1_MGF1(unsigned char *mask, long len,
 	EVP_MD_CTX c;
 	unsigned char md[EVP_MAX_MD_SIZE];
 	int mdlen;
+	int rv = -1;
 
 	EVP_MD_CTX_init(&c);
 	mdlen = EVP_MD_size(dgst);
 	if (mdlen < 0)
-		return -1;
+		goto err;
 	for (i = 0; outlen < len; i++)
 		{
 		cnt[0] = (unsigned char)((i >> 24) & 255);
 		cnt[1] = (unsigned char)((i >> 16) & 255);
 		cnt[2] = (unsigned char)((i >> 8)) & 255;
 		cnt[3] = (unsigned char)(i & 255);
-		EVP_DigestInit_ex(&c,dgst, NULL);
-		EVP_DigestUpdate(&c, seed, seedlen);
-		EVP_DigestUpdate(&c, cnt, 4);
+		if (!EVP_DigestInit_ex(&c,dgst, NULL)
+			|| !EVP_DigestUpdate(&c, seed, seedlen)
+			|| !EVP_DigestUpdate(&c, cnt, 4))
+			goto err;
 		if (outlen + mdlen <= len)
 			{
-			EVP_DigestFinal_ex(&c, mask + outlen, NULL);
+			if (!EVP_DigestFinal_ex(&c, mask + outlen, NULL))
+				goto err;
 			outlen += mdlen;
 			}
 		else
 			{
-			EVP_DigestFinal_ex(&c, md, NULL);
+			if (!EVP_DigestFinal_ex(&c, md, NULL))
+				goto err;
 			memcpy(mask + outlen, md, len - outlen);
 			outlen = len;
 			}
 		}
+	rv = 0;
+	err:
 	EVP_MD_CTX_cleanup(&c);
-	return 0;
+	return rv;
 	}
 
 static int MGF1(unsigned char *mask, long len, const unsigned char *seed,
diff --git a/openssl/crypto/stack/safestack.h b/openssl/crypto/stack/safestack.h
index 39914bdde..3e76aa58f 100644
--- a/openssl/crypto/stack/safestack.h
+++ b/openssl/crypto/stack/safestack.h
@@ -2056,31 +2056,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
 #define sk_OPENSSL_STRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_STRING, (st))
 
 
-#define sk_OPENSSL_BLOCK_new(cmp) ((STACK_OF(OPENSSL_BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp)))
-#define sk_OPENSSL_BLOCK_new_null() ((STACK_OF(OPENSSL_BLOCK) *)sk_new_null())
-#define sk_OPENSSL_BLOCK_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val))
-#define sk_OPENSSL_BLOCK_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val))
-#define sk_OPENSSL_BLOCK_value(st, i) ((OPENSSL_BLOCK)sk_value(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i))
-#define sk_OPENSSL_BLOCK_num(st) SKM_sk_num(OPENSSL_BLOCK, st)
-#define sk_OPENSSL_BLOCK_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_FREE_FUNC2(OPENSSL_BLOCK, free_func))
-#define sk_OPENSSL_BLOCK_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val), i)
-#define sk_OPENSSL_BLOCK_free(st) SKM_sk_free(OPENSSL_BLOCK, st)
-#define sk_OPENSSL_BLOCK_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i, CHECKED_PTR_OF(void, val))
-#define sk_OPENSSL_BLOCK_zero(st) SKM_sk_zero(OPENSSL_BLOCK, (st))
-#define sk_OPENSSL_BLOCK_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val))
-#define sk_OPENSSL_BLOCK_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_CONST_PTR_OF(void, val))
-#define sk_OPENSSL_BLOCK_delete(st, i) SKM_sk_delete(OPENSSL_BLOCK, (st), (i))
-#define sk_OPENSSL_BLOCK_delete_ptr(st, ptr) (OPENSSL_BLOCK *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, ptr))
-#define sk_OPENSSL_BLOCK_set_cmp_func(st, cmp)  \
-	((int (*)(const void * const *,const void * const *)) \
-	sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_CMP_FUNC(void, cmp)))
-#define sk_OPENSSL_BLOCK_dup(st) SKM_sk_dup(OPENSSL_BLOCK, st)
-#define sk_OPENSSL_BLOCK_shift(st) SKM_sk_shift(OPENSSL_BLOCK, (st))
-#define sk_OPENSSL_BLOCK_pop(st) (void *)sk_pop(CHECKED_STACK_OF(OPENSSL_BLOCK, st))
-#define sk_OPENSSL_BLOCK_sort(st) SKM_sk_sort(OPENSSL_BLOCK, (st))
-#define sk_OPENSSL_BLOCK_is_sorted(st) SKM_sk_is_sorted(OPENSSL_BLOCK, (st))
-
-
 #define sk_OPENSSL_PSTRING_new(cmp) ((STACK_OF(OPENSSL_PSTRING) *)sk_new(CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp)))
 #define sk_OPENSSL_PSTRING_new_null() ((STACK_OF(OPENSSL_PSTRING) *)sk_new_null())
 #define sk_OPENSSL_PSTRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val))
@@ -2106,6 +2081,31 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
 #define sk_OPENSSL_PSTRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_PSTRING, (st))
 
 
+#define sk_OPENSSL_BLOCK_new(cmp) ((STACK_OF(OPENSSL_BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp)))
+#define sk_OPENSSL_BLOCK_new_null() ((STACK_OF(OPENSSL_BLOCK) *)sk_new_null())
+#define sk_OPENSSL_BLOCK_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_value(st, i) ((OPENSSL_BLOCK)sk_value(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i))
+#define sk_OPENSSL_BLOCK_num(st) SKM_sk_num(OPENSSL_BLOCK, st)
+#define sk_OPENSSL_BLOCK_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_FREE_FUNC2(OPENSSL_BLOCK, free_func))
+#define sk_OPENSSL_BLOCK_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val), i)
+#define sk_OPENSSL_BLOCK_free(st) SKM_sk_free(OPENSSL_BLOCK, st)
+#define sk_OPENSSL_BLOCK_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i, CHECKED_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_zero(st) SKM_sk_zero(OPENSSL_BLOCK, (st))
+#define sk_OPENSSL_BLOCK_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_CONST_PTR_OF(void, val))
+#define sk_OPENSSL_BLOCK_delete(st, i) SKM_sk_delete(OPENSSL_BLOCK, (st), (i))
+#define sk_OPENSSL_BLOCK_delete_ptr(st, ptr) (OPENSSL_BLOCK *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, ptr))
+#define sk_OPENSSL_BLOCK_set_cmp_func(st, cmp)  \
+	((int (*)(const void * const *,const void * const *)) \
+	sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_CMP_FUNC(void, cmp)))
+#define sk_OPENSSL_BLOCK_dup(st) SKM_sk_dup(OPENSSL_BLOCK, st)
+#define sk_OPENSSL_BLOCK_shift(st) SKM_sk_shift(OPENSSL_BLOCK, (st))
+#define sk_OPENSSL_BLOCK_pop(st) (void *)sk_pop(CHECKED_STACK_OF(OPENSSL_BLOCK, st))
+#define sk_OPENSSL_BLOCK_sort(st) SKM_sk_sort(OPENSSL_BLOCK, (st))
+#define sk_OPENSSL_BLOCK_is_sorted(st) SKM_sk_is_sorted(OPENSSL_BLOCK, (st))
+
+
 #define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
 	SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
 #define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \
diff --git a/openssl/crypto/vms_rms.h b/openssl/crypto/vms_rms.h
new file mode 100644
index 000000000..00a00d993
--- /dev/null
+++ b/openssl/crypto/vms_rms.h
@@ -0,0 +1,51 @@
+
+#ifdef NAML$C_MAXRSS
+
+# define CC_RMS_NAMX cc$rms_naml
+# define FAB_NAMX fab$l_naml
+# define FAB_OR_NAML( fab, naml) naml
+# define FAB_OR_NAML_DNA naml$l_long_defname
+# define FAB_OR_NAML_DNS naml$l_long_defname_size
+# define FAB_OR_NAML_FNA naml$l_long_filename
+# define FAB_OR_NAML_FNS naml$l_long_filename_size
+# define NAMX_ESA naml$l_long_expand
+# define NAMX_ESL naml$l_long_expand_size
+# define NAMX_ESS naml$l_long_expand_alloc
+# define NAMX_NOP naml$b_nop
+# define SET_NAMX_NO_SHORT_UPCASE( nam) nam.naml$v_no_short_upcase = 1
+
+# if __INITIAL_POINTER_SIZE == 64
+#  define NAMX_DNA_FNA_SET(fab) fab.fab$l_dna = (__char_ptr32) -1; \
+   fab.fab$l_fna = (__char_ptr32) -1;
+# else /* __INITIAL_POINTER_SIZE == 64 */
+#  define NAMX_DNA_FNA_SET(fab) fab.fab$l_dna = (char *) -1; \
+   fab.fab$l_fna = (char *) -1;
+# endif /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+# define NAMX_MAXRSS NAML$C_MAXRSS
+# define NAMX_STRUCT NAML
+
+#else /* def NAML$C_MAXRSS */
+
+# define CC_RMS_NAMX cc$rms_nam
+# define FAB_NAMX fab$l_nam
+# define FAB_OR_NAML( fab, naml) fab
+# define FAB_OR_NAML_DNA fab$l_dna
+# define FAB_OR_NAML_DNS fab$b_dns
+# define FAB_OR_NAML_FNA fab$l_fna
+# define FAB_OR_NAML_FNS fab$b_fns
+# define NAMX_ESA nam$l_esa
+# define NAMX_ESL nam$b_esl
+# define NAMX_ESS nam$b_ess
+# define NAMX_NOP nam$b_nop
+# define NAMX_DNA_FNA_SET(fab)
+# define NAMX_MAXRSS NAM$C_MAXRSS
+# define NAMX_STRUCT NAM
+# ifdef NAM$M_NO_SHORT_UPCASE
+#  define SET_NAMX_NO_SHORT_UPCASE( nam) naml.naml$v_no_short_upcase = 1
+# else /* def NAM$M_NO_SHORT_UPCASE */
+#  define SET_NAMX_NO_SHORT_UPCASE( nam)
+# endif /* def NAM$M_NO_SHORT_UPCASE [else] */
+
+#endif /* def NAML$C_MAXRSS [else] */
+
diff --git a/openssl/crypto/x509/x509_vfy.c b/openssl/crypto/x509/x509_vfy.c
index bd6695d0c..5a0b0249b 100644
--- a/openssl/crypto/x509/x509_vfy.c
+++ b/openssl/crypto/x509/x509_vfy.c
@@ -703,6 +703,7 @@ static int check_cert(X509_STORE_CTX *ctx)
 	x = sk_X509_value(ctx->chain, cnum);
 	ctx->current_cert = x;
 	ctx->current_issuer = NULL;
+	ctx->current_crl_score = 0;
 	ctx->current_reasons = 0;
 	while (ctx->current_reasons != CRLDP_ALL_REASONS)
 		{
@@ -2015,6 +2016,9 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
 	ctx->error_depth=0;
 	ctx->current_cert=NULL;
 	ctx->current_issuer=NULL;
+	ctx->current_crl=NULL;
+	ctx->current_crl_score=0;
+	ctx->current_reasons=0;
 	ctx->tree = NULL;
 	ctx->parent = NULL;
 
diff --git a/openssl/doc/ssl/ssl.pod b/openssl/doc/ssl/ssl.pod
index 2b6004ee3..6d3ee24e4 100644
--- a/openssl/doc/ssl/ssl.pod
+++ b/openssl/doc/ssl/ssl.pod
@@ -158,7 +158,7 @@ Constructor for the SSLv3 SSL_METHOD structure for combined client and server.
 
 Constructor for the TLSv1 SSL_METHOD structure for a dedicated client.
 
-=item cosnt SSL_METHOD *B<TLSv1_server_method>(void);
+=item const SSL_METHOD *B<TLSv1_server_method>(void);
 
 Constructor for the TLSv1 SSL_METHOD structure for a dedicated server.
 
diff --git a/openssl/engines/ccgost/gost_crypt.c b/openssl/engines/ccgost/gost_crypt.c
index 4977d1dcf..cde58c0e9 100644
--- a/openssl/engines/ccgost/gost_crypt.c
+++ b/openssl/engines/ccgost/gost_crypt.c
@@ -495,7 +495,8 @@ int  gost89_get_asn1_parameters(EVP_CIPHER_CTX *ctx,ASN1_TYPE *params)
 int gost_imit_init_cpa(EVP_MD_CTX *ctx)
 	{
 	struct ossl_gost_imit_ctx *c = ctx->md_data;
-	memset(c->buffer,0,16);
+	memset(c->buffer,0,sizeof(c->buffer));
+	memset(c->partial_block,0,sizeof(c->partial_block));
 	c->count = 0;
 	c->bytes_left=0;
 	c->key_meshing=1;
diff --git a/openssl/engines/e_capi_err.h b/openssl/engines/e_capi_err.h
index 4c749ec43..efa700103 100644
--- a/openssl/engines/e_capi_err.h
+++ b/openssl/engines/e_capi_err.h
@@ -55,6 +55,10 @@
 #ifndef HEADER_CAPI_ERR_H
 #define HEADER_CAPI_ERR_H
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
diff --git a/openssl/engines/makeengines.com b/openssl/engines/makeengines.com
index 0d3174257..6329fbbf0 100644
--- a/openssl/engines/makeengines.com
+++ b/openssl/engines/makeengines.com
@@ -28,18 +28,35 @@ $!
 $!  P6	if defined, denotes which engines to build.  If not defined,
 $!	all available engines are built.
 $!
-$!  For 64 bit architectures (Alpha and IA64), specify the pointer size as P7.
-$!  For 32 bit architectures (VAX), P7 is ignored.
-$!  Currently supported values are:
+$!  P7, if defined, specifies the C pointer size.  Ignored on VAX.
+$!      ("64=ARGV" gives more efficient code with HP C V7.3 or newer.)
+$!      Supported values are:
 $!
-$!	32	To ge a library compiled with /POINTER_SIZE=32
-$!	64	To ge a library compiled with /POINTER_SIZE=64
+$!	""	Compile with default (/NOPOINTER_SIZE)
+$!	32	Compile with /POINTER_SIZE=32 (SHORT)
+$!	64	Compile with /POINTER_SIZE=64[=ARGV] (LONG[=ARGV])
+$!               (Automatically select ARGV if compiler supports it.)
+$!      64=      Compile with /POINTER_SIZE=64 (LONG).
+$!      64=ARGV  Compile with /POINTER_SIZE=64=ARGV (LONG=ARGV).
+$!
+$!  P8, if defined, specifies a directory where ZLIB files (zlib.h,
+$!  libz.olb) may be found.  Optionally, a non-default object library
+$!  name may be included ("dev:[dir]libz_64.olb", for example).
 $!
 $!-----------------------------------------------------------------------------
 $!
+$! Announce/identify.
+$!
+$ proc = f$environment( "procedure")
+$ write sys$output "@@@ "+ -
+   f$parse( proc, , , "name")+ f$parse( proc, , , "type")
+$!
+$ on control_c then goto exit
+$!
 $! Set the default TCP/IP library to link against if needed
 $!
 $ TCPIP_LIB = ""
+$ ZLIB_LIB = ""
 $!
 $! Check What Architecture We Are Using.
 $!
@@ -63,6 +80,11 @@ $! End The Architecture Check.
 $!
 $ ENDIF
 $!
+$ ARCHD = ARCH
+$ LIB32 = "32"
+$ OPT_FILE = ""
+$ POINTER_SIZE = ""
+$!
 $! Set the names of the engines we want to build
 $! NOTE: Some might think this list ugly.  However, it's made this way to
 $! reflect the LIBNAMES variable in Makefile as closely as possible,
@@ -79,19 +101,7 @@ $!
 $ IF (ARCH .NES. "VAX") THEN -
        ENGINES = ENGINES+ ",ccgost"
 $!
-$! Set the goal directories, and create them if necessary
-$!
-$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.ENGINES]
-$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.ENGINES]
-$ IF F$PARSE(OBJ_DIR) .EQS. "" THEN CREATE/DIRECTORY 'OBJ_DIR'
-$ IF F$PARSE(EXE_DIR) .EQS. "" THEN CREATE/DIRECTORY 'EXE_DIR'
-$!
-$! Set the goal files, and create them if necessary
-$!
-$ CRYPTO_LIB :=SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO'LIB32'.OLB
-$ IF F$SEARCH(CRYPTO_LIB) .EQS. "" THEN LIBRARY/CREATE/OBJECT 'CRYPTO_LIB'
-$!
-$! OK, time to check options and initialise
+$! Check options.
 $!
 $ OPT_PHASE = P1
 $ ACCEPT_PHASE = "ALL,ENGINES"
@@ -100,8 +110,38 @@ $ OPT_COMPILER = P3
 $ OPT_TCPIP_LIB = P4
 $ OPT_SPECIAL_THREADS = P5
 $ OPT_POINTER_SIZE = P7
+$ ZLIB = P8
 $
 $ GOSUB CHECK_OPTIONS
+$!
+$! Set the goal directories, and create them if necessary
+$!
+$ OBJ_DIR := SYS$DISK:[-.'ARCHD'.OBJ.ENGINES]
+$ EXE_DIR := SYS$DISK:[-.'ARCHD'.EXE.ENGINES]
+$ IF F$PARSE(OBJ_DIR) .EQS. "" THEN CREATE/DIRECTORY 'OBJ_DIR'
+$ IF F$PARSE(EXE_DIR) .EQS. "" THEN CREATE/DIRECTORY 'EXE_DIR'
+$!
+$! Set the goal files, and create them if necessary
+$!
+$ CRYPTO_LIB := SYS$DISK:[-.'ARCHD'.EXE.CRYPTO]SSL_LIBCRYPTO'LIB32'.OLB
+$ IF F$SEARCH(CRYPTO_LIB) .EQS. "" THEN LIBRARY/CREATE/OBJECT 'CRYPTO_LIB'
+$!
+$! Specify the destination directory in any /MAP option.
+$!
+$ if (LINKMAP .eqs. "MAP")
+$ then
+$   LINKMAP = LINKMAP+ "=''EXE_DIR'"
+$ endif
+$!
+$! Add the location prefix to the linker options file name.
+$!
+$ if (OPT_FILE .nes. "")
+$ then
+$   OPT_FILE = EXE_DIR+ OPT_FILE
+$ endif
+$!
+$! Initialise.
+$!
 $ GOSUB INITIALISE
 $ GOSUB CHECK_OPT_FILE
 $!
@@ -180,7 +220,7 @@ $! Create a .OPT file for the object files (for a real engine name).
 $!
 $ IF ENGINE_NAME .NES. ""
 $ THEN
-$   OPEN/WRITE OBJECTS 'EXE_DIR''ENGINE_NAME'.OPT
+$   OPEN /WRITE OBJECTS 'EXE_DIR''ENGINE_NAME'.OPT
 $ ENDIF
 $!
 $! Here's the start of per-engine module loop.
@@ -265,18 +305,14 @@ $! For shareable libraries, we need to do things a little differently
 $! depending on if we link with a TCP/IP library or not.
 $!
 $ ENGINE_OPT := SYS$DISK:[]'ARCH'.OPT
-$ IF TCPIP_LIB .NES. ""
-$ THEN
-$   LINK/'DEBUGGER'/'TRACEBACK' /SHARE='EXE_DIR''ENGINE_NAME'.EXE -
-	'EXE_DIR''ENGINE_NAME'.OPT/OPTION'TV_OBJ', -
-	'CRYPTO_LIB'/LIBRARY, -
-	'ENGINE_OPT'/OPTION,'TCPIP_LIB','OPT_FILE'/OPTION
-$ ELSE
-$   LINK/'DEBUGGER'/'TRACEBACK' /SHARE='EXE_DIR''ENGINE_NAME'.EXE -
-	'EXE_DIR''ENGINE_NAME'.OPT/OPTION'TV_OBJ', -
-        'CRYPTO_LIB'/LIBRARY, -
-	'ENGINE_OPT'/OPTION,'OPT_FILE'/OPTION
-$ ENDIF
+$ LINK /'DEBUGGER' /'LINKMAP' /'TRACEBACK' /SHARE='EXE_DIR''ENGINE_NAME'.EXE -
+   'EXE_DIR''ENGINE_NAME'.OPT /OPTIONS -
+   'TV_OBJ', -
+   'CRYPTO_LIB' /LIBRARY, -
+   'ENGINE_OPT' /OPTIONS -
+   'TCPIP_LIB' -
+   'ZLIB_LIB' -
+   ,'OPT_FILE' /OPTIONS
 $!
 $! Next engine
 $!
@@ -310,7 +346,7 @@ $!
 $     CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File To Link Agianst 
+! Default System Options File To Link Against 
 ! The Sharable VAX C Runtime Library.
 !
 SYS$SHARE:VAXCRTL.EXE/SHARE
@@ -339,7 +375,7 @@ $!
 $     CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File To Link Agianst 
+! Default System Options File To Link Against 
 ! The Sharable C Runtime Library.
 !
 GNU_CC:[000000]GCCLIB/LIBRARY
@@ -374,7 +410,7 @@ $!
 $       CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File To Link Agianst 
+! Default System Options File To Link Against 
 ! The Sharable DEC C Runtime Library.
 !
 SYS$SHARE:DECC$SHR.EXE/SHARE
@@ -389,7 +425,7 @@ $!
 $       CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File For non-VAX To Link Agianst 
+! Default System Options File For non-VAX To Link Against 
 ! The Sharable C Runtime Library.
 !
 SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
@@ -461,8 +497,8 @@ $     IF ("," + ACCEPT_PHASE + ",") - ",ENGINES," -
 $     WRITE SYS$OUTPUT ""
 $     WRITE SYS$OUTPUT " where 'xxx' stands for:"
 $     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "    ALPHA    :  Alpha architecture."
-$     WRITE SYS$OUTPUT "    IA64     :  IA64 architecture."
+$     WRITE SYS$OUTPUT "    ALPHA[64]:  Alpha architecture."
+$     WRITE SYS$OUTPUT "    IA64[64] :  IA64 architecture."
 $     WRITE SYS$OUTPUT "    VAX      :  VAX architecture."
 $     WRITE SYS$OUTPUT ""
 $!
@@ -483,15 +519,16 @@ $!
 $ IF (OPT_DEBUG.EQS."NODEBUG")
 $ THEN
 $!
-$!   OPT_DEBUG Is NODEBUG, So Compile Without The Debugger Information.
+$!  OPT_DEBUG Is NODEBUG, So Compile Without The Debugger Information.
 $!
-$    DEBUGGER = "NODEBUG"
-$    TRACEBACK = "NOTRACEBACK" 
-$    GCC_OPTIMIZE = "OPTIMIZE"
-$    CC_OPTIMIZE = "OPTIMIZE"
-$    MACRO_OPTIMIZE = "OPTIMIZE"
-$    WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
-$    WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
+$   DEBUGGER = "NODEBUG"
+$   LINKMAP = "NOMAP"
+$   TRACEBACK = "NOTRACEBACK" 
+$   GCC_OPTIMIZE = "OPTIMIZE"
+$   CC_OPTIMIZE = "OPTIMIZE"
+$   MACRO_OPTIMIZE = "OPTIMIZE"
+$   WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
+$   WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
 $ ELSE
 $!
 $!  Check To See If We Are To Compile With Debugger Information.
@@ -502,6 +539,7 @@ $!
 $!    Compile With Debugger Information.
 $!
 $     DEBUGGER = "DEBUG"
+$     LINKMAP = "MAP"
 $     TRACEBACK = "TRACEBACK"
 $     GCC_OPTIMIZE = "NOOPTIMIZE"
 $     CC_OPTIMIZE = "NOOPTIMIZE"
@@ -510,7 +548,7 @@ $     WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile."
 $     WRITE SYS$OUTPUT "Compiling Without Compiler Optimization."
 $   ELSE 
 $!
-$!    They Entered An Invalid Option..
+$!    They Entered An Invalid Option.
 $!
 $     WRITE SYS$OUTPUT ""
 $     WRITE SYS$OUTPUT "The Option ",OPT_DEBUG," Is Invalid.  The Valid Options Are:"
@@ -565,58 +603,59 @@ $! End The OPT_SPECIAL_THREADS Check.
 $!
 $ ENDIF
 $!
-$! Check To See If OPT_POINTER_SIZE Is Blank.
+$! Check OPT_POINTER_SIZE (P7).
 $!
-$ IF (OPT_POINTER_SIZE.EQS."")
+$ IF (OPT_POINTER_SIZE .NES. "") .AND. (ARCH .NES. "VAX")
 $ THEN
-$   POINTER_SIZE = ""
-$ ELSE
-$!
-$!  Check is OPT_POINTER_SIZE Is Valid
 $!
-$   IF (OPT_POINTER_SIZE.EQS."32")
+$   IF (OPT_POINTER_SIZE .EQS. "32")
 $   THEN
-$     POINTER_SIZE = "/POINTER_SIZE=32"
-$     IF ARCH .EQS. "VAX"
-$     THEN
-$       LIB32 = ""
-$     ELSE
-$       LIB32 = "32"
-$     ENDIF
+$     POINTER_SIZE = " /POINTER_SIZE=32"
 $   ELSE
-$     IF (OPT_POINTER_SIZE.EQS."64")
+$     POINTER_SIZE = F$EDIT( OPT_POINTER_SIZE, "COLLAPSE, UPCASE")
+$     IF ((POINTER_SIZE .EQS. "64") .OR. -
+       (POINTER_SIZE .EQS. "64=") .OR. -
+       (POINTER_SIZE .EQS. "64=ARGV"))
 $     THEN
+$       ARCHD = ARCH+ "_64"
 $       LIB32 = ""
-$       IF ARCH .EQS. "VAX"
-$       THEN
-$         POINTER_SIZE = "/POINTER_SIZE=32"
-$       ELSE
-$         POINTER_SIZE = "/POINTER_SIZE=64"
-$       ENDIF
+$       POINTER_SIZE = " /POINTER_SIZE=64"
 $     ELSE
 $!
-$!      Tell The User Entered An Invalid Option..
+$!      Tell The User Entered An Invalid Option.
 $!
 $       WRITE SYS$OUTPUT ""
-$       WRITE SYS$OUTPUT "The Option ",OPT_POINTER_SIZE," Is Invalid.  The Valid Options Are:"
+$       WRITE SYS$OUTPUT "The Option ", OPT_POINTER_SIZE, -
+         " Is Invalid.  The Valid Options Are:"
 $       WRITE SYS$OUTPUT ""
-$       WRITE SYS$OUTPUT "    32  :  Compile with 32 bit pointer size"
-$       WRITE SYS$OUTPUT "    64  :  Compile with 64 bit pointer size"
+$       WRITE SYS$OUTPUT -
+         "    """"       :  Compile with default (short) pointers."
+$       WRITE SYS$OUTPUT -
+         "    32       :  Compile with 32-bit (short) pointers."
+$       WRITE SYS$OUTPUT -
+         "    64       :  Compile with 64-bit (long) pointers (auto ARGV)."
+$       WRITE SYS$OUTPUT -
+         "    64=      :  Compile with 64-bit (long) pointers (no ARGV)."
+$       WRITE SYS$OUTPUT -
+         "    64=ARGV  :  Compile with 64-bit (long) pointers (ARGV)."
 $       WRITE SYS$OUTPUT ""
-$!
+$! 
 $!      Time To EXIT.
 $!
-$       GOTO TIDY
-$!
-$!      End The Valid Arguement Check.
+$       EXIT
 $!
 $     ENDIF
+$!
 $   ENDIF
 $!
 $! End The OPT_POINTER_SIZE Check.
 $!
 $ ENDIF
 $!
+$! Set basic C compiler /INCLUDE directories.
+$!
+$ CC_INCLUDES = "SYS$DISK:[],SYS$DISK:[.VENDOR_DEFNS]"
+$!
 $! Check To See If OPT_COMPILER Is Blank.
 $!
 $ IF (OPT_COMPILER.EQS."")
@@ -717,11 +756,63 @@ $ CCDEFS = "TCPIP_TYPE_''OPT_TCPIP_LIB',DSO_VMS"
 $ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
 $ CCEXTRAFLAGS = ""
 $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX"
+$ CCDISABLEWARNINGS = "" !!! "LONGLONGTYPE,LONGLONGSUFX"
 $ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
 	CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
 $!
-$!  Check To See If The User Entered A Valid Paramter.
+$! Check To See If We Have A ZLIB Option.
+$!
+$ IF (ZLIB .NES. "")
+$ THEN
+$!
+$!  Check for expected ZLIB files.
+$!
+$   err = 0
+$   file1 = f$parse( "zlib.h", ZLIB, , , "SYNTAX_ONLY")
+$   if (f$search( file1) .eqs. "")
+$   then
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid."
+$     WRITE SYS$OUTPUT "    Can't find header: ''file1'"
+$     err = 1
+$   endif
+$   file1 = f$parse( "A.;", ZLIB)- "A.;"
+$!
+$   file2 = f$parse( ZLIB, "libz.olb", , , "SYNTAX_ONLY")
+$   if (f$search( file2) .eqs. "")
+$   then
+$     if (err .eq. 0)
+$     then
+$       WRITE SYS$OUTPUT ""
+$       WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid."
+$     endif
+$     WRITE SYS$OUTPUT "    Can't find library: ''file2'"
+$     WRITE SYS$OUTPUT ""
+$     err = err+ 2
+$   endif
+$   if (err .eq. 1)
+$   then
+$     WRITE SYS$OUTPUT ""
+$   endif
+$!
+$   if (err .ne. 0)
+$   then
+$     EXIT
+$   endif
+$!
+$   CCDEFS = """ZLIB=1"", "+ CCDEFS
+$   CC_INCLUDES = CC_INCLUDES+ ", "+ file1
+$   ZLIB_LIB = ", ''file2' /library"
+$!
+$!  Print info
+$!
+$   WRITE SYS$OUTPUT "ZLIB library spec: ", file2
+$!
+$! End The ZLIB Check.
+$!
+$ ENDIF
+$!
+$!  Check To See If The User Entered A Valid Parameter.
 $!
 $ IF (OPT_COMPILER.EQS."VAXC").OR.(OPT_COMPILER.EQS."DECC").OR.(OPT_COMPILER.EQS."GNUC")
 $ THEN
@@ -744,14 +835,14 @@ $!
 $     CC = "CC"
 $     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
 	 THEN CC = "CC/DECC"
-$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89''POINTER_SIZE'" + -
-           "/NOLIST/PREFIX=ALL" + -
-	   "/INCLUDE=(SYS$DISK:[],SYS$DISK:[.VENDOR_DEFNS])" + -
-	   CCEXTRAFLAGS
+$     CC = CC + " /''CC_OPTIMIZE' /''DEBUGGER' /STANDARD=RELAXED"+ -
+       "''POINTER_SIZE' /NOLIST /PREFIX=ALL" + -
+       " /INCLUDE=(''CC_INCLUDES') " + -
+       CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT"
+$     OPT_FILE = "VAX_DECC_OPTIONS.OPT"
 $!
 $!  End DECC Check.
 $!
@@ -780,7 +871,7 @@ $	EXIT
 $     ENDIF
 $     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
 $     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-	   "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.VENDOR_DEFNS])" + -
+	   "/INCLUDE=(''CC_INCLUDES')" + -
 	   CCEXTRAFLAGS
 $     CCDEFS = """VAXC""," + CCDEFS
 $!
@@ -790,7 +881,7 @@ $     DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT"
+$     OPT_FILE = "VAX_VAXC_OPTIONS.OPT"
 $!
 $!  End VAXC Check
 $!
@@ -812,12 +903,12 @@ $!
 $!    Use GNU C...
 $!
 $     CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-	   "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.VENDOR_DEFNS])" + -
+	   "/INCLUDE=(''CC_INCLUDES')" + -
 	   CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT"
+$     OPT_FILE = "VAX_GNUC_OPTIONS.OPT"
 $!
 $!  End The GNU C Check.
 $!
@@ -833,12 +924,12 @@ $   IF COMPILER .EQS. "DECC"
 $   THEN
 $     IF CCDISABLEWARNINGS .NES. ""
 $     THEN
-$       CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
+$       CCDISABLEWARNINGS = " /WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
 $     ENDIF
 $   ELSE
 $     CCDISABLEWARNINGS = ""
 $   ENDIF
-$   CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
+$   CC = CC + " /DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
 $!
 $!  Show user the result
 $!
@@ -868,8 +959,12 @@ $ ENDIF
 $!
 $! Build a MACRO command for the architecture at hand
 $!
-$ IF ARCH .EQS. "VAX" THEN MACRO = "MACRO/''DEBUGGER'"
-$ IF ARCH .NES. "VAX" THEN MACRO = "MACRO/MIGRATION/''DEBUGGER'/''MACRO_OPTIMIZE'"
+$ IF ARCH .EQS. "VAX"
+$ THEN
+$   MACRO = "MACRO/''DEBUGGER'"
+$ ELSE
+$   MACRO = "MACRO/MIGRATION/''DEBUGGER'/''MACRO_OPTIMIZE'"
+$ ENDIF
 $!
 $!  Show user the result
 $!
@@ -889,7 +984,7 @@ $   THEN
 $!
 $!    Set the library to use SOCKETSHR
 $!
-$     TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT/OPT"
+$     TCPIP_LIB = ",SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT /OPTIONS"
 $!
 $!    Done with SOCKETSHR
 $!
@@ -915,13 +1010,13 @@ $   THEN
 $!
 $!    Set the library to use UCX.
 $!
-$     TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT/OPT"
+$     TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT /OPTIONS"
 $     IF F$TRNLNM("UCX$IPC_SHR") .NES. ""
 $     THEN
-$       TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT"
+$       TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT /OPTIONS"
 $     ELSE
 $       IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN -
-	  TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT/OPT"
+	  TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT /OPTIONS"
 $     ENDIF
 $!
 $!    Done with UCX
@@ -935,7 +1030,7 @@ $   THEN
 $!
 $!    Set the library to use TCPIP (post UCX).
 $!
-$     TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT"
+$     TCPIP_LIB = ",SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT /OPTIONS"
 $!
 $!    Done with TCPIP
 $!
@@ -956,7 +1051,7 @@ $   ENDIF
 $!
 $!  Print info
 $!
-$   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB
+$   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB- ","
 $!
 $!  Else The User Entered An Invalid Argument.
 $!
@@ -999,7 +1094,7 @@ $ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
 $!
 $! Set up the logical name OPENSSL to point at the include directory
 $!
-$ DEFINE OPENSSL/NOLOG '__INCLUDE'
+$ DEFINE OPENSSL /NOLOG '__INCLUDE'
 $!
 $! Done
 $!
@@ -1007,15 +1102,24 @@ $ RETURN
 $!
 $ CLEANUP:
 $!
-$! Restore the logical name OPENSSL if it had a value
+$! Restore the saved logical name OPENSSL, if it had a value.
 $!
-$ IF __SAVE_OPENSSL .EQS. ""
-$ THEN
-$   DEASSIGN OPENSSL
-$ ELSE
-$   DEFINE/NOLOG OPENSSL '__SAVE_OPENSSL'
-$ ENDIF
+$ if (f$type( __SAVE_OPENSSL) .nes. "")
+$ then
+$   IF __SAVE_OPENSSL .EQS. ""
+$   THEN
+$     DEASSIGN OPENSSL
+$   ELSE
+$     DEFINE /NOLOG OPENSSL '__SAVE_OPENSSL'
+$   ENDIF
+$ endif
+$!
+$! Close any open files.
+$!
+$ if (f$trnlnm( "objects", "LNM$PROCESS", 0, "SUPERVISOR") .nes. "") then -
+   close objects
 $!
 $! Done
 $!
 $ RETURN
+$!
diff --git a/openssl/include/openssl/aes.h b/openssl/include/openssl/aes.h
index e69de29bb..f555c13ed 100644
--- a/openssl/include/openssl/aes.h
+++ b/openssl/include/openssl/aes.h
@@ -0,0 +1 @@
+../../crypto/aes/aes.h
\ No newline at end of file
diff --git a/openssl/include/openssl/asn1.h b/openssl/include/openssl/asn1.h
index e69de29bb..dd514954a 100644
--- a/openssl/include/openssl/asn1.h
+++ b/openssl/include/openssl/asn1.h
@@ -0,0 +1 @@
+../../crypto/asn1/asn1.h
\ No newline at end of file
diff --git a/openssl/include/openssl/asn1_mac.h b/openssl/include/openssl/asn1_mac.h
index e69de29bb..97781d993 100644
--- a/openssl/include/openssl/asn1_mac.h
+++ b/openssl/include/openssl/asn1_mac.h
@@ -0,0 +1 @@
+../../crypto/asn1/asn1_mac.h
\ No newline at end of file
diff --git a/openssl/include/openssl/asn1t.h b/openssl/include/openssl/asn1t.h
index e69de29bb..31c87c388 100644
--- a/openssl/include/openssl/asn1t.h
+++ b/openssl/include/openssl/asn1t.h
@@ -0,0 +1 @@
+../../crypto/asn1/asn1t.h
\ No newline at end of file
diff --git a/openssl/include/openssl/bio.h b/openssl/include/openssl/bio.h
index e69de29bb..c598b6f73 100644
--- a/openssl/include/openssl/bio.h
+++ b/openssl/include/openssl/bio.h
@@ -0,0 +1 @@
+../../crypto/bio/bio.h
\ No newline at end of file
diff --git a/openssl/include/openssl/blowfish.h b/openssl/include/openssl/blowfish.h
index e69de29bb..88bf92234 100644
--- a/openssl/include/openssl/blowfish.h
+++ b/openssl/include/openssl/blowfish.h
@@ -0,0 +1 @@
+../../crypto/bf/blowfish.h
\ No newline at end of file
diff --git a/openssl/include/openssl/bn.h b/openssl/include/openssl/bn.h
index e69de29bb..5c251c135 100644
--- a/openssl/include/openssl/bn.h
+++ b/openssl/include/openssl/bn.h
@@ -0,0 +1 @@
+../../crypto/bn/bn.h
\ No newline at end of file
diff --git a/openssl/include/openssl/buffer.h b/openssl/include/openssl/buffer.h
index e69de29bb..76ea7114a 100644
--- a/openssl/include/openssl/buffer.h
+++ b/openssl/include/openssl/buffer.h
@@ -0,0 +1 @@
+../../crypto/buffer/buffer.h
\ No newline at end of file
diff --git a/openssl/include/openssl/camellia.h b/openssl/include/openssl/camellia.h
index e69de29bb..ad10f9792 100644
--- a/openssl/include/openssl/camellia.h
+++ b/openssl/include/openssl/camellia.h
@@ -0,0 +1 @@
+../../crypto/camellia/camellia.h
\ No newline at end of file
diff --git a/openssl/include/openssl/cast.h b/openssl/include/openssl/cast.h
index e69de29bb..b775ab04b 100644
--- a/openssl/include/openssl/cast.h
+++ b/openssl/include/openssl/cast.h
@@ -0,0 +1 @@
+../../crypto/cast/cast.h
\ No newline at end of file
diff --git a/openssl/include/openssl/cms.h b/openssl/include/openssl/cms.h
index e69de29bb..0f651adde 100644
--- a/openssl/include/openssl/cms.h
+++ b/openssl/include/openssl/cms.h
@@ -0,0 +1 @@
+../../crypto/cms/cms.h
\ No newline at end of file
diff --git a/openssl/include/openssl/comp.h b/openssl/include/openssl/comp.h
index e69de29bb..712c9d4ae 100644
--- a/openssl/include/openssl/comp.h
+++ b/openssl/include/openssl/comp.h
@@ -0,0 +1 @@
+../../crypto/comp/comp.h
\ No newline at end of file
diff --git a/openssl/include/openssl/conf.h b/openssl/include/openssl/conf.h
index e69de29bb..44156b189 100644
--- a/openssl/include/openssl/conf.h
+++ b/openssl/include/openssl/conf.h
@@ -0,0 +1 @@
+../../crypto/conf/conf.h
\ No newline at end of file
diff --git a/openssl/include/openssl/conf_api.h b/openssl/include/openssl/conf_api.h
index e69de29bb..26b42198a 100644
--- a/openssl/include/openssl/conf_api.h
+++ b/openssl/include/openssl/conf_api.h
@@ -0,0 +1 @@
+../../crypto/conf/conf_api.h
\ No newline at end of file
diff --git a/openssl/include/openssl/crypto.h b/openssl/include/openssl/crypto.h
index e69de29bb..2f3f63cb0 100644
--- a/openssl/include/openssl/crypto.h
+++ b/openssl/include/openssl/crypto.h
@@ -0,0 +1 @@
+../../crypto/crypto.h
\ No newline at end of file
diff --git a/openssl/include/openssl/des.h b/openssl/include/openssl/des.h
index e69de29bb..5eb7c88b3 100644
--- a/openssl/include/openssl/des.h
+++ b/openssl/include/openssl/des.h
@@ -0,0 +1 @@
+../../crypto/des/des.h
\ No newline at end of file
diff --git a/openssl/include/openssl/des_old.h b/openssl/include/openssl/des_old.h
index e69de29bb..970989880 100644
--- a/openssl/include/openssl/des_old.h
+++ b/openssl/include/openssl/des_old.h
@@ -0,0 +1 @@
+../../crypto/des/des_old.h
\ No newline at end of file
diff --git a/openssl/include/openssl/dh.h b/openssl/include/openssl/dh.h
index e69de29bb..c0eacb5eb 100644
--- a/openssl/include/openssl/dh.h
+++ b/openssl/include/openssl/dh.h
@@ -0,0 +1 @@
+../../crypto/dh/dh.h
\ No newline at end of file
diff --git a/openssl/include/openssl/dsa.h b/openssl/include/openssl/dsa.h
index e69de29bb..ad4695f9b 100644
--- a/openssl/include/openssl/dsa.h
+++ b/openssl/include/openssl/dsa.h
@@ -0,0 +1 @@
+../../crypto/dsa/dsa.h
\ No newline at end of file
diff --git a/openssl/include/openssl/dso.h b/openssl/include/openssl/dso.h
index e69de29bb..b1f215daf 100644
--- a/openssl/include/openssl/dso.h
+++ b/openssl/include/openssl/dso.h
@@ -0,0 +1 @@
+../../crypto/dso/dso.h
\ No newline at end of file
diff --git a/openssl/include/openssl/dtls1.h b/openssl/include/openssl/dtls1.h
index e69de29bb..95aef9913 100644
--- a/openssl/include/openssl/dtls1.h
+++ b/openssl/include/openssl/dtls1.h
@@ -0,0 +1 @@
+../../ssl/dtls1.h
\ No newline at end of file
diff --git a/openssl/include/openssl/e_os2.h b/openssl/include/openssl/e_os2.h
index e69de29bb..0e8c03992 100644
--- a/openssl/include/openssl/e_os2.h
+++ b/openssl/include/openssl/e_os2.h
@@ -0,0 +1 @@
+../../e_os2.h
\ No newline at end of file
diff --git a/openssl/include/openssl/ebcdic.h b/openssl/include/openssl/ebcdic.h
index e69de29bb..a7ee60e0a 100644
--- a/openssl/include/openssl/ebcdic.h
+++ b/openssl/include/openssl/ebcdic.h
@@ -0,0 +1 @@
+../../crypto/ebcdic.h
\ No newline at end of file
diff --git a/openssl/include/openssl/ec.h b/openssl/include/openssl/ec.h
index e69de29bb..245497eda 100644
--- a/openssl/include/openssl/ec.h
+++ b/openssl/include/openssl/ec.h
@@ -0,0 +1 @@
+../../crypto/ec/ec.h
\ No newline at end of file
diff --git a/openssl/include/openssl/ecdh.h b/openssl/include/openssl/ecdh.h
index e69de29bb..3fd1c3ba3 100644
--- a/openssl/include/openssl/ecdh.h
+++ b/openssl/include/openssl/ecdh.h
@@ -0,0 +1 @@
+../../crypto/ecdh/ecdh.h
\ No newline at end of file
diff --git a/openssl/include/openssl/ecdsa.h b/openssl/include/openssl/ecdsa.h
index e69de29bb..e48acc669 100644
--- a/openssl/include/openssl/ecdsa.h
+++ b/openssl/include/openssl/ecdsa.h
@@ -0,0 +1 @@
+../../crypto/ecdsa/ecdsa.h
\ No newline at end of file
diff --git a/openssl/include/openssl/engine.h b/openssl/include/openssl/engine.h
index e69de29bb..a02073e32 100644
--- a/openssl/include/openssl/engine.h
+++ b/openssl/include/openssl/engine.h
@@ -0,0 +1 @@
+../../crypto/engine/engine.h
\ No newline at end of file
diff --git a/openssl/include/openssl/err.h b/openssl/include/openssl/err.h
index e69de29bb..20f65bd9c 100644
--- a/openssl/include/openssl/err.h
+++ b/openssl/include/openssl/err.h
@@ -0,0 +1 @@
+../../crypto/err/err.h
\ No newline at end of file
diff --git a/openssl/include/openssl/evp.h b/openssl/include/openssl/evp.h
index e69de29bb..7e3a904ae 100644
--- a/openssl/include/openssl/evp.h
+++ b/openssl/include/openssl/evp.h
@@ -0,0 +1 @@
+../../crypto/evp/evp.h
\ No newline at end of file
diff --git a/openssl/include/openssl/hmac.h b/openssl/include/openssl/hmac.h
index e69de29bb..de19ba7ed 100644
--- a/openssl/include/openssl/hmac.h
+++ b/openssl/include/openssl/hmac.h
@@ -0,0 +1 @@
+../../crypto/hmac/hmac.h
\ No newline at end of file
diff --git a/openssl/include/openssl/idea.h b/openssl/include/openssl/idea.h
index e69de29bb..724fa3458 100644
--- a/openssl/include/openssl/idea.h
+++ b/openssl/include/openssl/idea.h
@@ -0,0 +1 @@
+../../crypto/idea/idea.h
\ No newline at end of file
diff --git a/openssl/include/openssl/krb5_asn.h b/openssl/include/openssl/krb5_asn.h
index e69de29bb..1172e522e 100644
--- a/openssl/include/openssl/krb5_asn.h
+++ b/openssl/include/openssl/krb5_asn.h
@@ -0,0 +1 @@
+../../crypto/krb5/krb5_asn.h
\ No newline at end of file
diff --git a/openssl/include/openssl/kssl.h b/openssl/include/openssl/kssl.h
index e69de29bb..2e5c2cd4d 100644
--- a/openssl/include/openssl/kssl.h
+++ b/openssl/include/openssl/kssl.h
@@ -0,0 +1 @@
+../../ssl/kssl.h
\ No newline at end of file
diff --git a/openssl/include/openssl/lhash.h b/openssl/include/openssl/lhash.h
index e69de29bb..56eb09918 100644
--- a/openssl/include/openssl/lhash.h
+++ b/openssl/include/openssl/lhash.h
@@ -0,0 +1 @@
+../../crypto/lhash/lhash.h
\ No newline at end of file
diff --git a/openssl/include/openssl/md4.h b/openssl/include/openssl/md4.h
index e69de29bb..4ff863e7f 100644
--- a/openssl/include/openssl/md4.h
+++ b/openssl/include/openssl/md4.h
@@ -0,0 +1 @@
+../../crypto/md4/md4.h
\ No newline at end of file
diff --git a/openssl/include/openssl/md5.h b/openssl/include/openssl/md5.h
index e69de29bb..26fa47eb5 100644
--- a/openssl/include/openssl/md5.h
+++ b/openssl/include/openssl/md5.h
@@ -0,0 +1 @@
+../../crypto/md5/md5.h
\ No newline at end of file
diff --git a/openssl/include/openssl/mdc2.h b/openssl/include/openssl/mdc2.h
index e69de29bb..0bc32f121 100644
--- a/openssl/include/openssl/mdc2.h
+++ b/openssl/include/openssl/mdc2.h
@@ -0,0 +1 @@
+../../crypto/mdc2/mdc2.h
\ No newline at end of file
diff --git a/openssl/include/openssl/modes.h b/openssl/include/openssl/modes.h
index e69de29bb..ccc172827 100644
--- a/openssl/include/openssl/modes.h
+++ b/openssl/include/openssl/modes.h
@@ -0,0 +1 @@
+../../crypto/modes/modes.h
\ No newline at end of file
diff --git a/openssl/include/openssl/obj_mac.h b/openssl/include/openssl/obj_mac.h
index e69de29bb..0f443c828 100644
--- a/openssl/include/openssl/obj_mac.h
+++ b/openssl/include/openssl/obj_mac.h
@@ -0,0 +1 @@
+../../crypto/objects/obj_mac.h
\ No newline at end of file
diff --git a/openssl/include/openssl/objects.h b/openssl/include/openssl/objects.h
index e69de29bb..7bd145ca0 100644
--- a/openssl/include/openssl/objects.h
+++ b/openssl/include/openssl/objects.h
@@ -0,0 +1 @@
+../../crypto/objects/objects.h
\ No newline at end of file
diff --git a/openssl/include/openssl/ocsp.h b/openssl/include/openssl/ocsp.h
index e69de29bb..08288c84a 100644
--- a/openssl/include/openssl/ocsp.h
+++ b/openssl/include/openssl/ocsp.h
@@ -0,0 +1 @@
+../../crypto/ocsp/ocsp.h
\ No newline at end of file
diff --git a/openssl/include/openssl/opensslconf.h b/openssl/include/openssl/opensslconf.h
index e69de29bb..25d2bea96 100644
--- a/openssl/include/openssl/opensslconf.h
+++ b/openssl/include/openssl/opensslconf.h
@@ -0,0 +1 @@
+../../crypto/opensslconf.h
\ No newline at end of file
diff --git a/openssl/include/openssl/opensslv.h b/openssl/include/openssl/opensslv.h
index e69de29bb..f314f5fc7 100644
--- a/openssl/include/openssl/opensslv.h
+++ b/openssl/include/openssl/opensslv.h
@@ -0,0 +1 @@
+../../crypto/opensslv.h
\ No newline at end of file
diff --git a/openssl/include/openssl/ossl_typ.h b/openssl/include/openssl/ossl_typ.h
index e69de29bb..e8f42456e 100644
--- a/openssl/include/openssl/ossl_typ.h
+++ b/openssl/include/openssl/ossl_typ.h
@@ -0,0 +1 @@
+../../crypto/ossl_typ.h
\ No newline at end of file
diff --git a/openssl/include/openssl/pem.h b/openssl/include/openssl/pem.h
index e69de29bb..ca371423e 100644
--- a/openssl/include/openssl/pem.h
+++ b/openssl/include/openssl/pem.h
@@ -0,0 +1 @@
+../../crypto/pem/pem.h
\ No newline at end of file
diff --git a/openssl/include/openssl/pem2.h b/openssl/include/openssl/pem2.h
index e69de29bb..c734dbdc3 100644
--- a/openssl/include/openssl/pem2.h
+++ b/openssl/include/openssl/pem2.h
@@ -0,0 +1 @@
+../../crypto/pem/pem2.h
\ No newline at end of file
diff --git a/openssl/include/openssl/pkcs12.h b/openssl/include/openssl/pkcs12.h
index e69de29bb..eebba7778 100644
--- a/openssl/include/openssl/pkcs12.h
+++ b/openssl/include/openssl/pkcs12.h
@@ -0,0 +1 @@
+../../crypto/pkcs12/pkcs12.h
\ No newline at end of file
diff --git a/openssl/include/openssl/pkcs7.h b/openssl/include/openssl/pkcs7.h
index e69de29bb..73e1b23f7 100644
--- a/openssl/include/openssl/pkcs7.h
+++ b/openssl/include/openssl/pkcs7.h
@@ -0,0 +1 @@
+../../crypto/pkcs7/pkcs7.h
\ No newline at end of file
diff --git a/openssl/include/openssl/pqueue.h b/openssl/include/openssl/pqueue.h
index e69de29bb..93817c2df 100644
--- a/openssl/include/openssl/pqueue.h
+++ b/openssl/include/openssl/pqueue.h
@@ -0,0 +1 @@
+../../crypto/pqueue/pqueue.h
\ No newline at end of file
diff --git a/openssl/include/openssl/rand.h b/openssl/include/openssl/rand.h
index e69de29bb..11231f852 100644
--- a/openssl/include/openssl/rand.h
+++ b/openssl/include/openssl/rand.h
@@ -0,0 +1 @@
+../../crypto/rand/rand.h
\ No newline at end of file
diff --git a/openssl/include/openssl/rc2.h b/openssl/include/openssl/rc2.h
index e69de29bb..bb5a05c5d 100644
--- a/openssl/include/openssl/rc2.h
+++ b/openssl/include/openssl/rc2.h
@@ -0,0 +1 @@
+../../crypto/rc2/rc2.h
\ No newline at end of file
diff --git a/openssl/include/openssl/rc4.h b/openssl/include/openssl/rc4.h
index e69de29bb..ef7deeb7d 100644
--- a/openssl/include/openssl/rc4.h
+++ b/openssl/include/openssl/rc4.h
@@ -0,0 +1 @@
+../../crypto/rc4/rc4.h
\ No newline at end of file
diff --git a/openssl/include/openssl/ripemd.h b/openssl/include/openssl/ripemd.h
index e69de29bb..200f562fa 100644
--- a/openssl/include/openssl/ripemd.h
+++ b/openssl/include/openssl/ripemd.h
@@ -0,0 +1 @@
+../../crypto/ripemd/ripemd.h
\ No newline at end of file
diff --git a/openssl/include/openssl/rsa.h b/openssl/include/openssl/rsa.h
index e69de29bb..3e5a65475 100644
--- a/openssl/include/openssl/rsa.h
+++ b/openssl/include/openssl/rsa.h
@@ -0,0 +1 @@
+../../crypto/rsa/rsa.h
\ No newline at end of file
diff --git a/openssl/include/openssl/safestack.h b/openssl/include/openssl/safestack.h
index e69de29bb..8ca5b4cc7 100644
--- a/openssl/include/openssl/safestack.h
+++ b/openssl/include/openssl/safestack.h
@@ -0,0 +1 @@
+../../crypto/stack/safestack.h
\ No newline at end of file
diff --git a/openssl/include/openssl/seed.h b/openssl/include/openssl/seed.h
index e69de29bb..05d04a50b 100644
--- a/openssl/include/openssl/seed.h
+++ b/openssl/include/openssl/seed.h
@@ -0,0 +1 @@
+../../crypto/seed/seed.h
\ No newline at end of file
diff --git a/openssl/include/openssl/sha.h b/openssl/include/openssl/sha.h
index e69de29bb..3025cd5d7 100644
--- a/openssl/include/openssl/sha.h
+++ b/openssl/include/openssl/sha.h
@@ -0,0 +1 @@
+../../crypto/sha/sha.h
\ No newline at end of file
diff --git a/openssl/include/openssl/ssl.h b/openssl/include/openssl/ssl.h
index e69de29bb..e87d9be8f 100644
--- a/openssl/include/openssl/ssl.h
+++ b/openssl/include/openssl/ssl.h
@@ -0,0 +1 @@
+../../ssl/ssl.h
\ No newline at end of file
diff --git a/openssl/include/openssl/ssl2.h b/openssl/include/openssl/ssl2.h
index e69de29bb..72876883c 100644
--- a/openssl/include/openssl/ssl2.h
+++ b/openssl/include/openssl/ssl2.h
@@ -0,0 +1 @@
+../../ssl/ssl2.h
\ No newline at end of file
diff --git a/openssl/include/openssl/ssl23.h b/openssl/include/openssl/ssl23.h
index e69de29bb..5605052d7 100644
--- a/openssl/include/openssl/ssl23.h
+++ b/openssl/include/openssl/ssl23.h
@@ -0,0 +1 @@
+../../ssl/ssl23.h
\ No newline at end of file
diff --git a/openssl/include/openssl/ssl3.h b/openssl/include/openssl/ssl3.h
index e69de29bb..5ae2507f2 100644
--- a/openssl/include/openssl/ssl3.h
+++ b/openssl/include/openssl/ssl3.h
@@ -0,0 +1 @@
+../../ssl/ssl3.h
\ No newline at end of file
diff --git a/openssl/include/openssl/stack.h b/openssl/include/openssl/stack.h
index e69de29bb..61d342fcd 100644
--- a/openssl/include/openssl/stack.h
+++ b/openssl/include/openssl/stack.h
@@ -0,0 +1 @@
+../../crypto/stack/stack.h
\ No newline at end of file
diff --git a/openssl/include/openssl/symhacks.h b/openssl/include/openssl/symhacks.h
index e69de29bb..4a1a6913c 100644
--- a/openssl/include/openssl/symhacks.h
+++ b/openssl/include/openssl/symhacks.h
@@ -0,0 +1 @@
+../../crypto/symhacks.h
\ No newline at end of file
diff --git a/openssl/include/openssl/tls1.h b/openssl/include/openssl/tls1.h
index e69de29bb..53d998fbd 100644
--- a/openssl/include/openssl/tls1.h
+++ b/openssl/include/openssl/tls1.h
@@ -0,0 +1 @@
+../../ssl/tls1.h
\ No newline at end of file
diff --git a/openssl/include/openssl/ts.h b/openssl/include/openssl/ts.h
index e69de29bb..a75d99db1 100644
--- a/openssl/include/openssl/ts.h
+++ b/openssl/include/openssl/ts.h
@@ -0,0 +1 @@
+../../crypto/ts/ts.h
\ No newline at end of file
diff --git a/openssl/include/openssl/txt_db.h b/openssl/include/openssl/txt_db.h
index e69de29bb..f672e3552 100644
--- a/openssl/include/openssl/txt_db.h
+++ b/openssl/include/openssl/txt_db.h
@@ -0,0 +1 @@
+../../crypto/txt_db/txt_db.h
\ No newline at end of file
diff --git a/openssl/include/openssl/ui.h b/openssl/include/openssl/ui.h
index e69de29bb..b07defad7 100644
--- a/openssl/include/openssl/ui.h
+++ b/openssl/include/openssl/ui.h
@@ -0,0 +1 @@
+../../crypto/ui/ui.h
\ No newline at end of file
diff --git a/openssl/include/openssl/ui_compat.h b/openssl/include/openssl/ui_compat.h
index e69de29bb..d8c74b7c5 100644
--- a/openssl/include/openssl/ui_compat.h
+++ b/openssl/include/openssl/ui_compat.h
@@ -0,0 +1 @@
+../../crypto/ui/ui_compat.h
\ No newline at end of file
diff --git a/openssl/include/openssl/whrlpool.h b/openssl/include/openssl/whrlpool.h
index e69de29bb..125a0816f 100644
--- a/openssl/include/openssl/whrlpool.h
+++ b/openssl/include/openssl/whrlpool.h
@@ -0,0 +1 @@
+../../crypto/whrlpool/whrlpool.h
\ No newline at end of file
diff --git a/openssl/include/openssl/x509.h b/openssl/include/openssl/x509.h
index e69de29bb..b2b85c524 100644
--- a/openssl/include/openssl/x509.h
+++ b/openssl/include/openssl/x509.h
@@ -0,0 +1 @@
+../../crypto/x509/x509.h
\ No newline at end of file
diff --git a/openssl/include/openssl/x509_vfy.h b/openssl/include/openssl/x509_vfy.h
index e69de29bb..bb99ad498 100644
--- a/openssl/include/openssl/x509_vfy.h
+++ b/openssl/include/openssl/x509_vfy.h
@@ -0,0 +1 @@
+../../crypto/x509/x509_vfy.h
\ No newline at end of file
diff --git a/openssl/include/openssl/x509v3.h b/openssl/include/openssl/x509v3.h
index e69de29bb..63d12f9dc 100644
--- a/openssl/include/openssl/x509v3.h
+++ b/openssl/include/openssl/x509v3.h
@@ -0,0 +1 @@
+../../crypto/x509v3/x509v3.h
\ No newline at end of file
diff --git a/openssl/install.com b/openssl/install.com
index d15c23a83..6a0ea2d4d 100644
--- a/openssl/install.com
+++ b/openssl/install.com
@@ -3,99 +3,134 @@ $!
 $! Author: Richard Levitte <richard@levitte.org>
 $! Time of creation: 22-MAY-1998 10:13
 $!
-$! P1	root of the directory tree
-$!
-$	DEF_ORIG = F$ENVIRONMENT( "DEFAULT")
-$	ON ERROR THEN GOTO TIDY
-$	ON CONTROL_C THEN GOTO TIDY
-$
-$	IF P1 .EQS. ""
-$	THEN
-$	    WRITE SYS$OUTPUT "First argument missing."
-$	    WRITE SYS$OUTPUT -
-		  "It Should be the directory where you want things installed."
-$	    EXIT
-$	ENDIF
-$
-$	IF (F$GETSYI("CPU").LT.128)
-$	THEN
-$	    ARCH := VAX
-$	ELSE
-$	    ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
-$	    IF (ARCH .EQS. "") THEN ARCH = "UNK"
-$	ENDIF
-$
-$	ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
-$	ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
-$	ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
+$! P1  root of the directory tree
+$! P2  "64" for 64-bit pointers.
+$!
+$!
+$! Announce/identify.
+$!
+$ proc = f$environment( "procedure")
+$ write sys$output "@@@ "+ -
+   f$parse( proc, , , "name")+ f$parse( proc, , , "type")
+$!
+$ def_orig = f$environment( "default")
+$ on error then goto tidy
+$ on control_c then goto tidy
+$!
+$ if (p1 .eqs. "")
+$ then
+$   write sys$output "First argument missing."
+$   write sys$output -
+     "It should be the directory where you want things installed."
+$   exit
+$ endif
+$!
+$ if (f$getsyi("cpu") .lt. 128)
+$ then
+$   arch = "VAX"
+$ else
+$   arch = f$edit( f$getsyi( "arch_name"), "upcase")
+$   if (arch .eqs. "") then arch = "UNK"
+$ endif
+$!
+$ archd = arch
+$!
+$ if (p2 .nes. "")
+$ then
+$   if (p2 .eqs. "64")
+$   then
+$     archd = arch+ "_64"
+$   else
+$     if (p2 .nes. "32")
+$     then
+$       write sys$output "Second argument invalid."
+$       write sys$output "It should be "32", "64", or nothing."
+$       exit
+$     endif
+$   endif
+$ endif
+$!
+$ root = f$parse( p1, "[]A.;0", , , "syntax_only, no_conceal") - "A.;0"
+$ root_dev = f$parse( root, , , "device", "syntax_only")
+$ root_dir = f$parse( root, , , "directory", "syntax_only") -
 		   - ".][000000" - "[000000." - "][" - "[" - "]"
-$	ROOT = ROOT_DEV + "[" + ROOT_DIR
-$
-$	DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
-$	DEFINE/NOLOG WRK_SSLXLIB WRK_SSLROOT:['ARCH'_LIB]
-$	DEFINE/NOLOG WRK_SSLLIB WRK_SSLROOT:[LIB]
-$	DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE]
-$	DEFINE/NOLOG WRK_SSLXEXE WRK_SSLROOT:['ARCH'_EXE]
-$	DEFINE/NOLOG WRK_SSLCERTS WRK_SSLROOT:[CERTS]
-$	DEFINE/NOLOG WRK_SSLPRIVATE WRK_SSLROOT:[PRIVATE]
-$
+$ root = root_dev + "[" + root_dir
+$!
+$ define /nolog wrk_sslroot 'root'.] /trans=conc
+$ define /nolog wrk_sslcerts wrk_sslroot:[certs]
+$ define /nolog wrk_sslinclude wrk_sslroot:[include]
+$ define /nolog wrk_ssllib wrk_sslroot:[lib]
+$ define /nolog wrk_sslprivate wrk_sslroot:[private]
+$ define /nolog wrk_sslxexe wrk_sslroot:['archd'_exe]
+$ define /nolog wrk_sslxlib wrk_sslroot:['arch'_lib]
 $!
 $! Exhibit the destination directory.
 $!
-$	WRITE SYS$OUTPUT "   Installing to (WRK_SSLROOT) ="
-$	WRITE SYS$OUTPUT "    ''f$trnlnm( "WRK_SSLROOT")'"
-$	WRITE SYS$OUTPUT ""
-$
-$	IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLROOT:[000000]
-$	IF F$PARSE("WRK_SSLXEXE:") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLXEXE:
-$	IF F$PARSE("WRK_SSLXLIB:") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLXLIB:
-$	IF F$PARSE("WRK_SSLLIB:") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLLIB:
-$	IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLINCLUDE:
-$	IF F$PARSE("WRK_SSLCERTS:") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLCERTS:
-$	IF F$PARSE("WRK_SSLPRIVATE:") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLPRIVATE:
-$	IF F$PARSE("WRK_SSLROOT:[VMS]") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLROOT:[VMS]
-$
-$	SDIRS := CRYPTO,SSL,APPS,VMS!,RSAREF,TEST,TOOLS
-$	EXHEADER := e_os2.h
-$
-$	COPY 'EXHEADER' WRK_SSLINCLUDE: /LOG
-$	SET FILE/PROT=WORLD:RE WRK_SSLINCLUDE:'EXHEADER'
-$
-$	I = 0
-$ LOOP_SDIRS: 
-$	D = F$ELEMENT(I, ",", SDIRS)
-$	I = I + 1
-$	IF D .EQS. "," THEN GOTO LOOP_SDIRS_END
-$	WRITE SYS$OUTPUT "Installing ",D," files."
-$	SET DEFAULT [.'D']
-$	@INSTALL 'ROOT']
-$	SET DEFAULT [-]
-$	GOTO LOOP_SDIRS
-$ LOOP_SDIRS_END:
-$
-$	WRITE SYS$OUTPUT ""
-$	WRITE SYS$OUTPUT "	Installation done!"
-$	WRITE SYS$OUTPUT ""
-$	WRITE SYS$OUTPUT "	You might want to purge ",ROOT,"...]"
-$	WRITE SYS$OUTPUT ""
-$
-$ TIDY:
-$	SET DEFAULT 'DEF_ORIG'
-$
-$	DEASSIGN WRK_SSLROOT
-$	DEASSIGN WRK_SSLXLIB
-$	DEASSIGN WRK_SSLLIB
-$	DEASSIGN WRK_SSLINCLUDE
-$	DEASSIGN WRK_SSLXEXE
-$	DEASSIGN WRK_SSLCERTS
-$	DEASSIGN WRK_SSLPRIVATE
-$
-$	EXIT
+$ write sys$output "   Installing to (WRK_SSLROOT) ="
+$ write sys$output "    ''f$trnlnm( "wrk_sslroot")'"
+$ write sys$output ""
+$!
+$ if f$parse("wrk_sslroot:[000000]") .eqs. "" then -
+   create /directory /log wrk_sslroot:[000000]
+$ if f$parse("wrk_sslxexe:") .eqs. "" then -
+   create /directory /log wrk_sslxexe:
+$ if f$parse("wrk_sslxlib:") .eqs. "" then -
+   create /directory /log wrk_sslxlib:
+$ if f$parse("wrk_ssllib:") .eqs. "" then -
+   create /directory /log wrk_ssllib:
+$ if f$parse("wrk_sslinclude:") .eqs. "" then -
+   create /directory /log wrk_sslinclude:
+$ if f$parse("wrk_sslcerts:") .eqs. "" then -
+   create /directory /log wrk_sslcerts:
+$ if f$parse("wrk_sslprivate:") .eqs. "" then -
+   create /directory /log wrk_sslprivate:
+$ if f$parse("wrk_sslroot:[VMS]") .EQS. "" THEN -
+   create /directory /log wrk_sslroot:[VMS]
+$!
+$ sdirs := CRYPTO, SSL, APPS, VMS !!!, RSAREF, TEST, TOOLS
+$ exheader := e_os2.h
+$!
+$ copy /protection = w:re 'exheader' wrk_sslinclude: /log
+$!
+$ i = 0
+$ loop_sdirs: 
+$   d = f$edit( f$element(i, ",", sdirs), "trim")
+$   i = i + 1
+$   if d .eqs. "," then goto loop_sdirs_end
+$   write sys$output "Installing ", d, " files."
+$   set default [.'d']
+$   @ install-'d'.com 'root'] 'p2'
+$   set default 'def_orig'
+$ goto loop_sdirs
+$ loop_sdirs_end:
+$!
+$ write sys$output ""
+$ write sys$output "	Installation done!"
+$ write sys$output ""
+$ if (f$search( root+ "...]*.*;-1") .nes. "")
+$ then
+$   write sys$output "	You might want to purge ", root, "...]"
+$   write sys$output ""
+$ endif
+$!
+$ tidy:
+$!
+$ set default 'def_orig'
+$!
+$ call deass wrk_sslroot
+$ call deass wrk_sslcerts
+$ call deass wrk_sslinclude
+$ call deass wrk_ssllib
+$ call deass wrk_sslprivate
+$ call deass wrk_sslxexe
+$ call deass wrk_sslxlib
+$!
+$ exit
+$!
+$ deass: subroutine
+$ if (f$trnlnm( p1, "LNM$PROCESS") .nes. "")
+$ then
+$   deassign /process 'p1'
+$ endif
+$ endsubroutine
+$!
diff --git a/openssl/makevms.com b/openssl/makevms.com
index 8c59c67ca..eb22f20db 100644
--- a/openssl/makevms.com
+++ b/openssl/makevms.com
@@ -15,7 +15,7 @@ $! The "xxx" denotes the machine architecture of ALPHA, IA64 or VAX.
 $!
 $! This procedures accepts two command line options listed below.
 $!
-$! Specify one of the following build options for P1.
+$! P1 specifies one of the following build options:
 $!
 $!      ALL       Just build "everything".
 $!      CONFIG    Just build the "[.CRYPTO._xxx]OPENSSLCONF.H" file.
@@ -31,19 +31,21 @@ $!      TEST      Just build the "[.xxx.EXE.TEST]" test programs for OpenSSL.
 $!      APPS      Just build the "[.xxx.EXE.APPS]" application programs for OpenSSL.
 $!      ENGINES   Just build the "[.xxx.EXE.ENGINES]" application programs for OpenSSL.
 $!
+$! P2, if defined, specifies the C pointer size.  Ignored on VAX.
+$!      ("64=ARGV" gives more efficient code with HP C V7.3 or newer.)
+$!      Supported values are:
 $!
-$! For 64 bit architectures (Alpha and IA64), specify the pointer size as P2.
-$! For 32 bit architectures (VAX), P2 is ignored.
-$! Currently supported values are:
+$!      ""       Compile with default (/NOPOINTER_SIZE).
+$!      32       Compile with /POINTER_SIZE=32 (SHORT).
+$!      64       Compile with /POINTER_SIZE=64[=ARGV] (LONG[=ARGV]).
+$!               (Automatically select ARGV if compiler supports it.)
+$!      64=      Compile with /POINTER_SIZE=64 (LONG).
+$!      64=ARGV  Compile with /POINTER_SIZE=64=ARGV (LONG=ARGV).
 $!
-$!	32	To ge a library compiled with /POINTER_SIZE=32
-$!	64	To ge a library compiled with /POINTER_SIZE=64
+$! P3 specifies DEBUG or NODEBUG, to compile with or without debugging
+$!    information.
 $!
-$!
-$! Specify DEBUG or NODEBUG as P3 to compile with or without debugging
-$! information.
-$!
-$! Specify which compiler as P4 to try to compile under.
+$! P4 specifies which compiler to try to compile under.
 $!
 $!	  VAXC	 For VAX C.
 $!	  DECC	 For DEC C.
@@ -65,8 +67,18 @@ $!	NONE		to avoid specifying which TCP/IP implementation to
 $!			use at build time (this works with DEC C).  This is
 $!			the default.
 $!
-$! P6, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
+$! P6, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up).
+$!
+$! P7, if defined, specifies a directory where ZLIB files (zlib.h,
+$! libz.olb) may be found.  Optionally, a non-default object library
+$! name may be included ("dev:[dir]libz_64.olb", for example).
+$!
 $!
+$! Announce/identify.
+$!
+$ proc = f$environment( "procedure")
+$ write sys$output "@@@ "+ -
+   f$parse( proc, , , "name")+ f$parse( proc, , , "type")
 $!
 $ DEF_ORIG = F$ENVIRONMENT( "DEFAULT")
 $ ON ERROR THEN GOTO TIDY
@@ -104,6 +116,10 @@ $! End The Architecture Check.
 $!
 $ ENDIF
 $!
+$ ARCHD = ARCH
+$ LIB32 = "32"
+$ POINTER_SIZE = ""
+$!
 $! Get VMS version.
 $!
 $ VMS_VERSION = f$edit( f$getsyi( "VERSION"), "TRIM")
@@ -178,12 +194,12 @@ $ CONFIG:
 $!
 $! Tell The User We Are Creating The [.CRYPTO._xxx]OPENSSLCONF.H File.
 $!
-$ WRITE SYS$OUTPUT "Creating [.CRYPTO._''ARCH']OPENSSLCONF.H Include File."
+$ WRITE SYS$OUTPUT "Creating [.CRYPTO.''ARCHD']OPENSSLCONF.H Include File."
 $!
 $! First, make sure the directory exists.
 $!
-$ IF F$PARSE("SYS$DISK:[.CRYPTO._''ARCH']") .EQS. "" THEN -
-     CREATE/DIRECTORY SYS$DISK:[.CRYPTO._'ARCH']
+$ IF F$PARSE("SYS$DISK:[.CRYPTO.''ARCHD']") .EQS. "" THEN -
+     CREATE/DIRECTORY SYS$DISK:[.CRYPTO.'ARCHD']
 $!
 $! Different tar/UnZip versions/option may have named the file differently
 $ IF F$SEARCH("[.crypto]opensslconf.h_in") .NES. ""
@@ -209,7 +225,7 @@ $!
 $! Create The [.CRYPTO._xxx]OPENSSLCONF.H File.
 $! Make sure it has the right format.
 $!
-$ OSCH_NAME = "SYS$DISK:[.CRYPTO._''ARCH']OPENSSLCONF.H"
+$ OSCH_NAME = "SYS$DISK:[.CRYPTO.''ARCHD']OPENSSLCONF.H"
 $ CREATE /FDL=SYS$INPUT: 'OSCH_NAME'
 RECORD
         FORMAT stream_lf
@@ -228,7 +244,7 @@ $ WRITE H_FILE "# define OPENSSL_SYS_VMS"
 $ WRITE H_FILE "#endif"
 $
 $! One of the best way to figure out what the list should be is to do
-$! the followin on a Unix system:
+$! the following on a Unix system:
 $!   grep OPENSSL_NO_ crypto/*/*.h ssl/*.h engines/*.h engines/*/*.h|grep ':# *if'|sed -e 's/^.*def //'|sort|uniq
 $! For that reason, the list will also always end up in alphabetical order
 $ CONFIG_LOGICALS := AES,-
@@ -326,7 +342,7 @@ $
 $! Architecture specific rule addtions
 $ IF ARCH .EQS. "VAX"
 $ THEN
-$   ! Disable algorithms that require 64 bit integers in C
+$   ! Disable algorithms that require 64-bit integers in C
 $   CONFIG_DISABLE_RULES = CONFIG_DISABLE_RULES + -
 			   ";/GOST" + -
 			   ";/WHIRLPOOL"
@@ -355,7 +371,8 @@ $
 $! Apply cascading disable rules
 $ CONFIG_DISABLE_I = 0
 $ CONFIG_DISABLE_LOOP0:
-$   CONFIG_DISABLE_E = F$EDIT(F$ELEMENT(CONFIG_DISABLE_I,";",CONFIG_DISABLE_RULES),"TRIM")
+$   CONFIG_DISABLE_E = F$EDIT(F$ELEMENT(CONFIG_DISABLE_I,";", -
+     CONFIG_DISABLE_RULES),"TRIM")
 $   CONFIG_DISABLE_I = CONFIG_DISABLE_I + 1
 $   IF CONFIG_DISABLE_E .EQS. "" THEN GOTO CONFIG_DISABLE_LOOP0
 $   IF CONFIG_DISABLE_E .EQS. ";" THEN GOTO CONFIG_DISABLE_LOOP0_END
@@ -365,7 +382,8 @@ $   CONFIG_DISABLE_DEPENDENTS = F$EDIT(F$ELEMENT(1,"/",CONFIG_DISABLE_E),"TRIM")
 $   TO_DISABLE := YES
 $   CONFIG_ALGO_I = 0
 $   CONFIG_DISABLE_LOOP1:
-$     CONFIG_ALGO_E = F$EDIT(F$ELEMENT(CONFIG_ALGO_I,",",CONFIG_DISABLE_ALGOS),"TRIM")
+$     CONFIG_ALGO_E = F$EDIT(F$ELEMENT(CONFIG_ALGO_I,",", -
+       CONFIG_DISABLE_ALGOS),"TRIM")
 $     CONFIG_ALGO_I = CONFIG_ALGO_I + 1
 $     IF CONFIG_ALGO_E .EQS. "" THEN GOTO CONFIG_DISABLE_LOOP1
 $     IF CONFIG_ALGO_E .EQS. "," THEN GOTO CONFIG_DISABLE_LOOP1_END
@@ -382,7 +400,8 @@ $   IF TO_DISABLE
 $   THEN
 $     CONFIG_DEPENDENT_I = 0
 $     CONFIG_DISABLE_LOOP2:
-$	CONFIG_DEPENDENT_E = F$EDIT(F$ELEMENT(CONFIG_DEPENDENT_I,",",CONFIG_DISABLE_DEPENDENTS),"TRIM")
+$	CONFIG_DEPENDENT_E = F$EDIT(F$ELEMENT(CONFIG_DEPENDENT_I,",", -
+         CONFIG_DISABLE_DEPENDENTS),"TRIM")
 $	CONFIG_DEPENDENT_I = CONFIG_DEPENDENT_I + 1
 $	IF CONFIG_DEPENDENT_E .EQS. "" THEN GOTO CONFIG_DISABLE_LOOP2
 $	IF CONFIG_DEPENDENT_E .EQS. "," THEN GOTO CONFIG_DISABLE_LOOP2_END
@@ -390,7 +409,8 @@ $       CONFIG_DISABLED_'CONFIG_DEPENDENT_E' := YES
 $       CONFIG_ENABLED_'CONFIG_DEPENDENT_E' := NO
 $	! Better not to assume defaults at this point...
 $	CONFIG_CHANGED_'CONFIG_DEPENDENT_E' := YES
-$	WRITE SYS$ERROR "''CONFIG_DEPENDENT_E' disabled by rule ''CONFIG_DISABLE_E'"
+$	WRITE SYS$ERROR -
+         "''CONFIG_DEPENDENT_E' disabled by rule ''CONFIG_DISABLE_E'"
 $	GOTO CONFIG_DISABLE_LOOP2
 $     CONFIG_DISABLE_LOOP2_END:
 $   ENDIF
@@ -400,7 +420,8 @@ $
 $! Apply cascading enable rules
 $ CONFIG_ENABLE_I = 0
 $ CONFIG_ENABLE_LOOP0:
-$   CONFIG_ENABLE_E = F$EDIT(F$ELEMENT(CONFIG_ENABLE_I,";",CONFIG_ENABLE_RULES),"TRIM")
+$   CONFIG_ENABLE_E = F$EDIT(F$ELEMENT(CONFIG_ENABLE_I,";", -
+     CONFIG_ENABLE_RULES),"TRIM")
 $   CONFIG_ENABLE_I = CONFIG_ENABLE_I + 1
 $   IF CONFIG_ENABLE_E .EQS. "" THEN GOTO CONFIG_ENABLE_LOOP0
 $   IF CONFIG_ENABLE_E .EQS. ";" THEN GOTO CONFIG_ENABLE_LOOP0_END
@@ -410,7 +431,8 @@ $   CONFIG_ENABLE_DEPENDENTS = F$EDIT(F$ELEMENT(1,"/",CONFIG_ENABLE_E),"TRIM")
 $   TO_ENABLE := YES
 $   CONFIG_ALGO_I = 0
 $   CONFIG_ENABLE_LOOP1:
-$     CONFIG_ALGO_E = F$EDIT(F$ELEMENT(CONFIG_ALGO_I,",",CONFIG_ENABLE_ALGOS),"TRIM")
+$     CONFIG_ALGO_E = F$EDIT(F$ELEMENT(CONFIG_ALGO_I,",", -
+       CONFIG_ENABLE_ALGOS),"TRIM")
 $     CONFIG_ALGO_I = CONFIG_ALGO_I + 1
 $     IF CONFIG_ALGO_E .EQS. "" THEN GOTO CONFIG_ENABLE_LOOP1
 $     IF CONFIG_ALGO_E .EQS. "," THEN GOTO CONFIG_ENABLE_LOOP1_END
@@ -427,7 +449,8 @@ $   IF TO_ENABLE
 $   THEN
 $     CONFIG_DEPENDENT_I = 0
 $     CONFIG_ENABLE_LOOP2:
-$	CONFIG_DEPENDENT_E = F$EDIT(F$ELEMENT(CONFIG_DEPENDENT_I,",",CONFIG_ENABLE_DEPENDENTS),"TRIM")
+$	CONFIG_DEPENDENT_E = F$EDIT(F$ELEMENT(CONFIG_DEPENDENT_I,",", -
+         CONFIG_ENABLE_DEPENDENTS),"TRIM")
 $	CONFIG_DEPENDENT_I = CONFIG_DEPENDENT_I + 1
 $	IF CONFIG_DEPENDENT_E .EQS. "" THEN GOTO CONFIG_ENABLE_LOOP2
 $	IF CONFIG_DEPENDENT_E .EQS. "," THEN GOTO CONFIG_ENABLE_LOOP2_END
@@ -435,7 +458,8 @@ $       CONFIG_DISABLED_'CONFIG_DEPENDENT_E' := NO
 $       CONFIG_ENABLED_'CONFIG_DEPENDENT_E' := YES
 $	! Better not to assume defaults at this point...
 $	CONFIG_CHANGED_'CONFIG_DEPENDENT_E' := YES
-$	WRITE SYS$ERROR "''CONFIG_DEPENDENT_E' enabled by rule ''CONFIG_ENABLE_E'"
+$	WRITE SYS$ERROR -
+         "''CONFIG_DEPENDENT_E' enabled by rule ''CONFIG_ENABLE_E'"
 $	GOTO CONFIG_ENABLE_LOOP2
 $     CONFIG_ENABLE_LOOP2_END:
 $   ENDIF
@@ -465,6 +489,17 @@ $   ENDIF
 $   GOTO CONFIG_LOG_LOOP2
 $ CONFIG_LOG_LOOP2_END:
 $!
+$ WRITE H_FILE ""
+$ WRITE H_FILE "/* 2011-02-23 SMS."
+$ WRITE H_FILE " * On VMS (V8.3), setvbuf() doesn't support a 64-bit"
+$ WRITE H_FILE " * ""in"" pointer, and the help says:"
+$ WRITE H_FILE " *       Please note that the previously documented"
+$ WRITE H_FILE " *       value _IONBF is not supported."
+$ WRITE H_FILE " * So, skip it on VMS."
+$ WRITE H_FILE " */"
+$ WRITE H_FILE "#define OPENSSL_NO_SETVBUF_IONBF"
+$ WRITE H_FILE ""
+$!
 $! Add in the common "crypto/opensslconf.h.in".
 $!
 $ TYPE 'OPENSSLCONF_H_IN' /OUTPUT=H_FILE:
@@ -557,7 +592,7 @@ $ CLOSE H_FILE
 $!
 $! Purge The [.CRYPTO._xxx]OPENSSLCONF.H file
 $!
-$ PURGE SYS$DISK:[.CRYPTO._'ARCH']OPENSSLCONF.H
+$ PURGE SYS$DISK:[.CRYPTO.'ARCHD']OPENSSLCONF.H
 $!
 $! That's All, Time To RETURN.
 $!
@@ -569,11 +604,11 @@ $ BUILDINF:
 $!
 $! Tell The User We Are Creating The [.CRYPTO._xxx]BUILDINF.H File.
 $!
-$ WRITE SYS$OUTPUT "Creating [.CRYPTO._''ARCH']BUILDINF.H Include File."
+$ WRITE SYS$OUTPUT "Creating [.CRYPTO.''ARCHD']BUILDINF.H Include File."
 $!
 $! Create The [.CRYPTO._xxx]BUILDINF.H File.
 $!
-$ BIH_NAME = "SYS$DISK:[.CRYPTO._''ARCH']BUILDINF.H"
+$ BIH_NAME = "SYS$DISK:[.CRYPTO.''ARCHD']BUILDINF.H"
 $ CREATE /FDL=SYS$INPUT: 'BIH_NAME'
 RECORD
         FORMAT stream_lf
@@ -586,8 +621,19 @@ $ TIME = F$TIME()
 $!
 $! Write The [.CRYPTO._xxx]BUILDINF.H File.
 $!
-$ WRITE H_FILE "#define CFLAGS ""/POINTER_SIZE=''POINTER_SIZE'"""
-$ WRITE H_FILE "#define PLATFORM ""VMS ''ARCH' ''VMS_VERSION'"""
+$ CFLAGS = ""
+$ if (POINTER_SIZE .nes. "")
+$ then
+$   CFLAGS = CFLAGS+ "/POINTER_SIZE=''POINTER_SIZE'"
+$ endif
+$ if (ZLIB .nes. "")
+$ then
+$   if (CFLAGS .nes. "") then CFLAGS = CFLAGS+ " "
+$   CFLAGS = CFLAGS+ "/DEFINE=ZLIB"
+$ endif
+$! 
+$ WRITE H_FILE "#define CFLAGS ""''CFLAGS'"""
+$ WRITE H_FILE "#define PLATFORM ""VMS ''ARCHD' ''VMS_VERSION'"""
 $ WRITE H_FILE "#define DATE ""''TIME'"" "
 $!
 $! Close The [.CRYPTO._xxx]BUILDINF.H File.
@@ -596,7 +642,7 @@ $ CLOSE H_FILE
 $!
 $! Purge The [.CRYPTO._xxx]BUILDINF.H File.
 $!
-$ PURGE SYS$DISK:[.CRYPTO._'ARCH']BUILDINF.H
+$ PURGE SYS$DISK:[.CRYPTO.'ARCHD']BUILDINF.H
 $!
 $! Delete [.CRYPTO]BUILDINF.H File, as there might be some residue from Unix.
 $!
@@ -611,44 +657,58 @@ $! Copy a lot of files around.
 $!
 $ SOFTLINKS: 
 $!
-$! Tell The User We Are Partly Rebuilding The [.APPS] Directory.
-$!
-$ WRITE SYS$OUTPUT "Rebuilding The '[.APPS]MD4.C' File."
-$!
-$ DELETE SYS$DISK:[.APPS]MD4.C;*
-$!
-$! Copy MD4.C from [.CRYPTO.MD4] into [.APPS]
-$!
-$ COPY SYS$DISK:[.CRYPTO.MD4]MD4.C SYS$DISK:[.APPS]
-$!
-$! Tell The User We Are Rebuilding The [.INCLUDE.OPENSSL] Directory.
-$!
-$ WRITE SYS$OUTPUT "Rebuilding The '[.INCLUDE.OPENSSL]' Directory."
-$!
-$! First, make sure the directory exists
-$!
-$ IF F$PARSE("SYS$DISK:[.INCLUDE.OPENSSL]") .EQS. "" THEN -
-     CREATE/DIRECTORY SYS$DISK:[.INCLUDE.OPENSSL]
+$!!!! Tell The User We Are Partly Rebuilding The [.APPS] Directory.
+$!!!!
+$!!! WRITE SYS$OUTPUT "Rebuilding The '[.APPS]MD4.C' File."
+$!!!!
+$!!! DELETE SYS$DISK:[.APPS]MD4.C;*
+$!!!!
+$!!!! Copy MD4.C from [.CRYPTO.MD4] into [.APPS]
+$!!!!
+$!!! COPY SYS$DISK:[.CRYPTO.MD4]MD4.C SYS$DISK:[.APPS]
+$!
+$! Ensure that the [.include.openssl] directory contains a full set of
+$! real header files.  The distribution kit may have left real or fake
+$! symlinks there.  Rather than think about what's there, simply delete
+$! the destination files (fake or real symlinks) before copying the real
+$! header files in.  (Copying a real header file onto a real symlink
+$! merely duplicates the real header file at its source.)
+$!
+$! Tell The User We Are Rebuilding The [.include.openssl] Directory.
+$!
+$ WRITE SYS$OUTPUT "Rebuilding The '[.include.openssl]' Directory."
+$!
+$! First, make sure the directory exists.  If it did exist, delete all
+$! the existing header files (or fake or real symlinks).
+$!
+$ if f$parse( "sys$disk:[.include.openssl]") .eqs. ""
+$ then
+$   create /directory sys$disk:[.include.openssl]
+$ else
+$   delete sys$disk:[.include.openssl]*.h;*
+$ endif
 $!
 $! Copy All The ".H" Files From The Main Directory.
 $!
 $ EXHEADER := e_os2.h
-$ COPY 'EXHEADER' SYS$DISK:[.INCLUDE.OPENSSL]
+$ copy 'exheader' sys$disk:[.include.openssl]
 $!
 $! Copy All The ".H" Files From The [.CRYPTO] Directory Tree.
 $!
-$ SDIRS := ,-
-   _'ARCH',-
-   OBJECTS,-
-   MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,WHRLPOOL,-
-   DES,AES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,MODES,-
-   BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,-
-   BUFFER,BIO,STACK,LHASH,RAND,ERR,-
-   EVP,ASN1,PEM,X509,X509V3,CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5,-
-   STORE,CMS,PQUEUE,TS,JPAKE
-$ EXHEADER_ := crypto.h,opensslv.h,ebcdic.h,symhacks.h,ossl_typ.h
-$ EXHEADER__'ARCH' := opensslconf.h
-$ EXHEADER_OBJECTS := objects.h,obj_mac.h
+$ SDIRS := , -
+   'ARCHD', -
+   OBJECTS, -
+   MD2, MD4, MD5, SHA, MDC2, HMAC, RIPEMD, WHRLPOOL, -
+   DES, AES, RC2, RC4, RC5, IDEA, BF, CAST, CAMELLIA, SEED, MODES, -
+   BN, EC, RSA, DSA, ECDSA, DH, ECDH, DSO, ENGINE, -
+   BUFFER, BIO, STACK, LHASH, RAND, ERR, -
+   EVP, ASN1, PEM, X509, X509V3, CONF, TXT_DB, PKCS7, PKCS12, -
+   COMP, OCSP, UI, KRB5, -
+   STORE, CMS, PQUEUE, TS, JPAKE
+$!
+$ EXHEADER_ := crypto.h, opensslv.h, ebcdic.h, symhacks.h, ossl_typ.h
+$ EXHEADER_'ARCHD' := opensslconf.h
+$ EXHEADER_OBJECTS := objects.h, obj_mac.h
 $ EXHEADER_MD2 := md2.h
 $ EXHEADER_MD4 := md4.h
 $ EXHEADER_MD5 := md5.h
@@ -657,7 +717,7 @@ $ EXHEADER_MDC2 := mdc2.h
 $ EXHEADER_HMAC := hmac.h
 $ EXHEADER_RIPEMD := ripemd.h
 $ EXHEADER_WHRLPOOL := whrlpool.h
-$ EXHEADER_DES := des.h,des_old.h
+$ EXHEADER_DES := des.h, des_old.h
 $ EXHEADER_AES := aes.h
 $ EXHEADER_RC2 := rc2.h
 $ EXHEADER_RC4 := rc4.h
@@ -679,66 +739,64 @@ $ EXHEADER_DSO := dso.h
 $ EXHEADER_ENGINE := engine.h
 $ EXHEADER_BUFFER := buffer.h
 $ EXHEADER_BIO := bio.h
-$ EXHEADER_STACK := stack.h,safestack.h
+$ EXHEADER_STACK := stack.h, safestack.h
 $ EXHEADER_LHASH := lhash.h
 $ EXHEADER_RAND := rand.h
 $ EXHEADER_ERR := err.h
 $ EXHEADER_EVP := evp.h
-$ EXHEADER_ASN1 := asn1.h,asn1_mac.h,asn1t.h
-$ EXHEADER_PEM := pem.h,pem2.h
-$ EXHEADER_X509 := x509.h,x509_vfy.h
+$ EXHEADER_ASN1 := asn1.h, asn1_mac.h, asn1t.h
+$ EXHEADER_PEM := pem.h, pem2.h
+$ EXHEADER_X509 := x509.h, x509_vfy.h
 $ EXHEADER_X509V3 := x509v3.h
-$ EXHEADER_CONF := conf.h,conf_api.h
+$ EXHEADER_CONF := conf.h, conf_api.h
 $ EXHEADER_TXT_DB := txt_db.h
 $ EXHEADER_PKCS7 := pkcs7.h
 $ EXHEADER_PKCS12 := pkcs12.h
 $ EXHEADER_COMP := comp.h
 $ EXHEADER_OCSP := ocsp.h
-$ EXHEADER_UI := ui.h,ui_compat.h
+$ EXHEADER_UI := ui.h, ui_compat.h
 $ EXHEADER_KRB5 := krb5_asn.h
-$!EXHEADER_STORE := store.h,str_compat.h
+$!!! EXHEADER_STORE := store.h, str_compat.h
 $ EXHEADER_STORE := store.h
 $ EXHEADER_CMS := cms.h
 $ EXHEADER_PQUEUE := pqueue.h
 $ EXHEADER_TS := ts.h
 $ EXHEADER_JPAKE := jpake.h
-$
-$ I = 0
-$ LOOP_SDIRS: 
-$ D = F$EDIT(F$ELEMENT(I, ",", SDIRS),"TRIM")
-$ I = I + 1
-$ IF D .EQS. "," THEN GOTO LOOP_SDIRS_END
-$ tmp = EXHEADER_'D'
-$ IF D .EQS. ""
-$ THEN
-$   COPY [.CRYPTO]'tmp' SYS$DISK:[.INCLUDE.OPENSSL] !/LOG
-$ ELSE
-$   COPY [.CRYPTO.'D']'tmp' SYS$DISK:[.INCLUDE.OPENSSL] !/LOG
-$ ENDIF
-$ GOTO LOOP_SDIRS
-$ LOOP_SDIRS_END:
+$!
+$ i = 0
+$ loop_sdirs:
+$   sdir = f$edit( f$element( i, ",", sdirs), "trim")
+$   i = i + 1
+$   if (sdir .eqs. ",") then goto loop_sdirs_end
+$   hdr_list = exheader_'sdir'
+$   if (sdir .nes. "") then sdir = "."+ sdir
+$   copy [.crypto'sdir']'hdr_list' sys$disk:[.include.openssl]
+$ goto loop_sdirs
+$ loop_sdirs_end:
 $!
 $! Copy All The ".H" Files From The [.SSL] Directory.
 $!
-$ EXHEADER := ssl.h,ssl2.h,ssl3.h,ssl23.h,tls1.h,dtls1.h,kssl.h
-$ COPY SYS$DISK:[.SSL]'EXHEADER' SYS$DISK:[.INCLUDE.OPENSSL]
+$! (keep these in the same order as ssl/Makefile)
+$ EXHEADER := ssl.h, ssl2.h, ssl3.h, ssl23.h, tls1.h, dtls1.h, kssl.h
+$ copy sys$disk:[.ssl]'exheader' sys$disk:[.include.openssl]
 $!
-$! Purge all doubles
+$! Purge the [.include.openssl] header files.
 $!
-$ PURGE SYS$DISK:[.INCLUDE.OPENSSL]*.H
+$ purge sys$disk:[.include.openssl]*.h
 $!
 $! That's All, Time To RETURN.
 $!
 $ RETURN
 $!
-$! Build The "[.xxx.EXE.CRYPTO]LIBCRYPTO''LIB32'.OLB" Library.
+$! Build The "[.xxx.EXE.CRYPTO]SSL_LIBCRYPTO''LIB32'.OLB" Library.
 $!
 $ CRYPTO:
 $!
 $! Tell The User What We Are Doing.
 $!
 $ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT "Building The [.",ARCH,".EXE.CRYPTO]LIBCRYPTO''LIB32'.OLB Library."
+$ WRITE SYS$OUTPUT -
+   "Building The [.",ARCHD,".EXE.CRYPTO]SSL_LIBCRYPTO''LIB32'.OLB Library."
 $!
 $! Go To The [.CRYPTO] Directory.
 $!
@@ -746,11 +804,13 @@ $ SET DEFAULT SYS$DISK:[.CRYPTO]
 $!
 $! Build The [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library.
 $!  
-$ @CRYPTO-LIB LIBRARY 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''ISSEVEN'" "''BUILDPART'" "''POINTER_SIZE'"
+$ @CRYPTO-LIB LIBRARY 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" -
+   "''ISSEVEN'" "''BUILDPART'" "''POINTER_SIZE'" "''ZLIB'"
 $!
 $! Build The [.xxx.EXE.CRYPTO]*.EXE Test Applications.
 $!  
-$ @CRYPTO-LIB APPS 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''ISSEVEN'" "''BUILDPART'" "''POINTER_SIZE'"
+$ @CRYPTO-LIB APPS 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" -
+   "''ISSEVEN'" "''BUILDPART'" "''POINTER_SIZE'" "''ZLIB'"
 $!
 $! Go Back To The Main Directory.
 $!
@@ -760,14 +820,15 @@ $! Time To RETURN.
 $!
 $ RETURN
 $!
-$! Build The "[.xxx.EXE.SSL]LIBSSL''LIB32'.OLB" Library.
+$! Build The "[.xxx.EXE.SSL]SSL_LIBSSL''LIB32'.OLB" Library.
 $!
 $ SSL:
 $!
 $! Tell The User What We Are Doing.
 $!
 $ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT "Building The [.",ARCH,".EXE.SSL]LIBSSL''LIB32'.OLB Library."
+$ WRITE SYS$OUTPUT -
+   "Building The [.",ARCHD,".EXE.SSL]SSL_LIBSSL''LIB32'.OLB Library."
 $!
 $! Go To The [.SSL] Directory.
 $!
@@ -775,7 +836,8 @@ $ SET DEFAULT SYS$DISK:[.SSL]
 $!
 $! Build The [.xxx.EXE.SSL]LIBSSL.OLB Library.
 $!
-$ @SSL-LIB LIBRARY 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''ISSEVEN'" "''POINTER_SIZE'"
+$ @SSL-LIB LIBRARY 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" -
+   "''ISSEVEN'" "''POINTER_SIZE'" "''ZLIB'"
 $!
 $! Go Back To The Main Directory.
 $!
@@ -792,7 +854,8 @@ $!
 $! Tell The User What We Are Doing.
 $!
 $ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT "Building DECNet Based SSL Engine, [.",ARCH,".EXE.SSL]SSL_TASK.EXE"
+$ WRITE SYS$OUTPUT -
+   "Building DECNet Based SSL Engine, [.",ARCHD,".EXE.SSL]SSL_TASK.EXE"
 $!
 $! Go To The [.SSL] Directory.
 $!
@@ -800,7 +863,8 @@ $ SET DEFAULT SYS$DISK:[.SSL]
 $!
 $! Build The [.xxx.EXE.SSL]SSL_TASK.EXE
 $!
-$ @SSL-LIB SSL_TASK 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''ISSEVEN'" "''POINTER_SIZE'"
+$ @SSL-LIB SSL_TASK 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" -
+   "''ISSEVEN'" "''POINTER_SIZE'" "''ZLIB'"
 $!
 $! Go Back To The Main Directory.
 $!
@@ -817,7 +881,7 @@ $!
 $! Tell The User What We Are Doing.
 $!
 $ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT "Building The OpenSSL [.",ARCH,".EXE.TEST] Test Utilities."
+$ WRITE SYS$OUTPUT "Building The OpenSSL [.",ARCHD,".EXE.TEST] Test Utilities."
 $!
 $! Go To The [.TEST] Directory.
 $!
@@ -825,7 +889,8 @@ $ SET DEFAULT SYS$DISK:[.TEST]
 $!
 $! Build The Test Programs.
 $!
-$ @MAKETESTS 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''ISSEVEN'" "''POINTER_SIZE'"
+$ @MAKETESTS 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''ISSEVEN'" -
+   "''POINTER_SIZE'" "''ZLIB'"
 $!
 $! Go Back To The Main Directory.
 $!
@@ -842,7 +907,7 @@ $!
 $! Tell The User What We Are Doing.
 $!
 $ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT "Building OpenSSL [.",ARCH,".EXE.APPS] Applications."
+$ WRITE SYS$OUTPUT "Building OpenSSL [.",ARCHD,".EXE.APPS] Applications."
 $!
 $! Go To The [.APPS] Directory.
 $!
@@ -850,7 +915,8 @@ $ SET DEFAULT SYS$DISK:[.APPS]
 $!
 $! Build The Application Programs.
 $!
-$ @MAKEAPPS 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''ISSEVEN'" "" "''POINTER_SIZE'"
+$ @MAKEAPPS 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''ISSEVEN'" -
+   "" "''POINTER_SIZE'" "''ZLIB'"
 $!
 $! Go Back To The Main Directory.
 $!
@@ -867,7 +933,7 @@ $!
 $! Tell The User What We Are Doing.
 $!
 $ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT "Building OpenSSL [.",ARCH,".EXE.ENGINES] Engines."
+$ WRITE SYS$OUTPUT "Building OpenSSL [.",ARCHD,".EXE.ENGINES] Engines."
 $!
 $! Go To The [.ENGINES] Directory.
 $!
@@ -875,7 +941,8 @@ $ SET DEFAULT SYS$DISK:[.ENGINES]
 $!
 $! Build The Application Programs.
 $!
-$ @MAKEENGINES ENGINES 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''ISSEVEN'" "''BUILDPART'" "''POINTER_SIZE'"
+$ @MAKEENGINES ENGINES 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" -
+   "''ISSEVEN'" "''BUILDPART'" "''POINTER_SIZE'" "''ZLIB'"
 $!
 $! Go Back To The Main Directory.
 $!
@@ -954,8 +1021,8 @@ $     WRITE SYS$OUTPUT "    ENGINES  :  To Build Just The ENGINES"
 $     WRITE SYS$OUTPUT ""
 $     WRITE SYS$OUTPUT " Where 'xxx' Stands For:"
 $     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "    ALPHA    :  Alpha Architecture."
-$     WRITE SYS$OUTPUT "    IA64     :  IA64 Architecture."
+$     WRITE SYS$OUTPUT "    ALPHA[64]:  Alpha Architecture."
+$     WRITE SYS$OUTPUT "    IA64[64] :  IA64 Architecture."
 $     WRITE SYS$OUTPUT "    VAX      :  VAX Architecture."
 $     WRITE SYS$OUTPUT ""
 $!
@@ -971,55 +1038,51 @@ $! End The P1 Check.
 $!
 $ ENDIF
 $!
-$! Check To See If P2 Is Blank.
+$! Check P2 (POINTER_SIZE).
 $!
-$ IF (P2.EQS."")
+$ IF (P2 .NES. "") .AND. (ARCH .NES. "VAX")
 $ THEN
-$   POINTER_SIZE = ""
-$ ELSE
-$!
-$!  Check is P2 Is Valid
 $!
-$   IF (P2.EQS."32")
+$   IF (P2 .EQS. "32")
 $   THEN
 $     POINTER_SIZE = "32"
-$     IF ARCH .EQS. "VAX"
-$     THEN
-$       LIB32 = ""
-$     ELSE
-$       LIB32 = "32"
-$     ENDIF
 $   ELSE
-$     IF (P2.EQS."64")
+$     POINTER_SIZE = F$EDIT( P2, "COLLAPSE, UPCASE")
+$     IF ((POINTER_SIZE .EQS. "64") .OR. -
+       (POINTER_SIZE .EQS. "64=") .OR. -
+       (POINTER_SIZE .EQS. "64=ARGV"))
 $     THEN
+$       ARCHD = ARCH+ "_64"
 $       LIB32 = ""
-$       IF ARCH .EQS. "VAX"
-$       THEN
-$         POINTER_SIZE = "32"
-$       ELSE
-$         POINTER_SIZE = "64"
-$       ENDIF
 $     ELSE
 $!
-$!      Tell The User Entered An Invalid Option..
+$!      Tell The User Entered An Invalid Option.
 $!
 $       WRITE SYS$OUTPUT ""
-$       WRITE SYS$OUTPUT "The Option ",P2," Is Invalid.  The Valid Options Are:"
+$       WRITE SYS$OUTPUT "The Option ", P2, -
+         " Is Invalid.  The Valid Options Are:"
 $       WRITE SYS$OUTPUT ""
-$       WRITE SYS$OUTPUT "    32  :  Compile with 32 bit pointer size"
-$       WRITE SYS$OUTPUT "    64  :  Compile with 64 bit pointer size"
+$       WRITE SYS$OUTPUT -
+         "    """"       :  Compile with default (short) pointers."
+$       WRITE SYS$OUTPUT -
+         "    32       :  Compile with 32-bit (short) pointers."
+$       WRITE SYS$OUTPUT -
+         "    64       :  Compile with 64-bit (long) pointers (auto ARGV)."
+$       WRITE SYS$OUTPUT -
+         "    64=      :  Compile with 64-bit (long) pointers (no ARGV)."
+$       WRITE SYS$OUTPUT -
+         "    64=ARGV  :  Compile with 64-bit (long) pointers (ARGV)."
 $       WRITE SYS$OUTPUT ""
-$!
+$! 
 $!      Time To EXIT.
 $!
 $       GOTO TIDY
 $!
-$!      End The Valid Arguement Check.
-$!
 $     ENDIF
+$!
 $   ENDIF
 $!
-$! End The P2 Check.
+$! End The P2 (POINTER_SIZE) Check.
 $!
 $ ENDIF
 $!
@@ -1049,7 +1112,7 @@ $!  Else...
 $!
 $   ELSE
 $!
-$!    Tell The User Entered An Invalid Option..
+$!    Tell The User Entered An Invalid Option.
 $!
 $     WRITE SYS$OUTPUT ""
 $     WRITE SYS$OUTPUT "The Option ",P3," Is Invalid.  The Valid Options Are:"
@@ -1128,7 +1191,7 @@ $! Else...
 $!
 $ ELSE
 $!
-$!  Check To See If The User Entered A Valid Paramter.
+$!  Check To See If The User Entered A Valid Parameter.
 $!
 $   IF (P4.EQS."VAXC").OR.(P4.EQS."DECC").OR.(P4.EQS."GNUC")!.OR.(P4.EQS."LINK")
 $   THEN
@@ -1227,7 +1290,8 @@ $! End The P4 Check.
 $!
 $ ENDIF
 $!
-$! Time to check the contents of P5, and to make sure we get the correct library.
+$! Time to check the contents of P5, and to make sure we get the correct
+$! library.
 $!
 $ IF P5.EQS."SOCKETSHR" .OR. P5.EQS."MULTINET" .OR. P5.EQS."UCX" -
      .OR. P5.EQS."TCPIP" .OR. P5.EQS."NONE"
@@ -1240,7 +1304,7 @@ $   THEN
 $!
 $!    Set the library to use SOCKETSHR
 $!
-$     TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT/OPT"
+$     TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT /OPTIONS"
 $!
 $!    Tell the user
 $!
@@ -1274,7 +1338,7 @@ $   THEN
 $!
 $!    Set the library to use UCX.
 $!
-$     TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT/OPT"
+$     TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT /OPTIONS"
 $!
 $!    Tell the user
 $!
@@ -1291,7 +1355,7 @@ $   THEN
 $!
 $!    Set the library to use TCPIP (post UCX).
 $!
-$     TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT"
+$     TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT /OPTIONS"
 $!
 $!    Tell the user
 $!
@@ -1401,11 +1465,69 @@ $! End The P6 Check.
 $!
 $ ENDIF
 $!
+$!
+$! Check To See If We Have A ZLIB Option.
+$!
+$ ZLIB = P7
+$ IF (ZLIB .NES. "")
+$ THEN
+$!
+$!  Check for expected ZLIB files.
+$!
+$   err = 0
+$   file1 = f$parse( "zlib.h", ZLIB, , , "SYNTAX_ONLY")
+$   if (f$search( file1) .eqs. "")
+$   then
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid."
+$     WRITE SYS$OUTPUT "    Can't find header: ''file1'"
+$     err = 1
+$   endif
+$!
+$   file2 = f$parse( ZLIB, "libz.olb", , , "SYNTAX_ONLY")
+$   if (f$search( file2) .eqs. "")
+$   then
+$     if (err .eq. 0)
+$     then
+$       WRITE SYS$OUTPUT ""
+$       WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid."
+$     endif
+$     WRITE SYS$OUTPUT "    Can't find library: ''file2'"
+$     WRITE SYS$OUTPUT ""
+$     err = err+ 2
+$   endif
+$   if (err .eq. 1)
+$   then
+$     WRITE SYS$OUTPUT ""
+$   endif
+$!
+$   if (err .ne. 0)
+$   then
+$     GOTO TIDY
+$   endif
+$!
+$!  Print info
+$!
+$   WRITE SYS$OUTPUT "ZLIB library spec: ", file2
+$!
+$! End The ZLIB Check.
+$!
+$ ENDIF
+$!
 $!  Time To RETURN...
 $!
 $ RETURN
 $!
 $ TIDY:
+$!
+$! Close any open files.
+$!
+$ if (f$trnlnm( "h_file", "LNM$PROCESS", 0, "SUPERVISOR") .nes. "") then -
+   close h_file
+$!
+$! Restore the original default device:[directory].
+$!
 $ SET DEFAULT 'DEF_ORIG'
+$!
 $ EXIT
 $!
diff --git a/openssl/ms/uplink.c b/openssl/ms/uplink.c
index 7b7da08d4..6d59cb1f8 100644
--- a/openssl/ms/uplink.c
+++ b/openssl/ms/uplink.c
@@ -40,7 +40,8 @@ void OPENSSL_Uplink (volatile void **table, int index)
      * should be sufficient [it prohibits compiler to reorder memory
      * access instructions]. */
     do {
-	len = _stprintf (msg,_T("OPENSSL_Uplink(%p,%02X): "),table,index);
+	len = _sntprintf (msg,sizeof(msg)/sizeof(TCHAR),
+			  _T("OPENSSL_Uplink(%p,%02X): "),table,index);
 	_tcscpy (msg+len,_T("unimplemented function"));
 
 	if ((h=apphandle)==NULL)
diff --git a/openssl/openssl.spec b/openssl/openssl.spec
index bcfb32612..e4db87553 100644
--- a/openssl/openssl.spec
+++ b/openssl/openssl.spec
@@ -2,7 +2,7 @@
 %define libmaj 1
 %define libmin 0
 %define librel 0
-%define librev d
+%define librev e
 Release: 1
 
 %define openssldir /var/ssl
diff --git a/openssl/ssl/bio_ssl.c b/openssl/ssl/bio_ssl.c
index af319af30..eedac8a3f 100644
--- a/openssl/ssl/bio_ssl.c
+++ b/openssl/ssl/bio_ssl.c
@@ -348,7 +348,11 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
 		break;
 	case BIO_C_SET_SSL:
 		if (ssl != NULL)
+			{
 			ssl_free(b);
+			if (!ssl_new(b))
+				return 0;
+			}
 		b->shutdown=(int)num;
 		ssl=(SSL *)ptr;
 		((BIO_SSL *)b->ptr)->ssl=ssl;
diff --git a/openssl/ssl/d1_both.c b/openssl/ssl/d1_both.c
index 4ce4064cc..2180c6d4d 100644
--- a/openssl/ssl/d1_both.c
+++ b/openssl/ssl/d1_both.c
@@ -153,7 +153,7 @@
 #endif
 
 static unsigned char bitmask_start_values[] = {0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80};
-static unsigned char bitmask_end_values[]   = {0x00, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f};
+static unsigned char bitmask_end_values[]   = {0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f};
 
 /* XDTLS:  figure out the right values */
 static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28};
@@ -464,20 +464,9 @@ again:
 
 	memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
 
-	s->d1->handshake_read_seq++;
-	/* we just read a handshake message from the other side:
-	 * this means that we don't need to retransmit of the
-	 * buffered messages.  
-	 * XDTLS: may be able clear out this
-	 * buffer a little sooner (i.e if an out-of-order
-	 * handshake message/record is received at the record
-	 * layer.  
-	 * XDTLS: exception is that the server needs to
-	 * know that change cipher spec and finished messages
-	 * have been received by the client before clearing this
-	 * buffer.  this can simply be done by waiting for the
-	 * first data  segment, but is there a better way?  */
-	dtls1_clear_record_buffer(s);
+	/* Don't change sequence numbers while listening */
+	if (!s->d1->listen)
+		s->d1->handshake_read_seq++;
 
 	s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
 	return s->init_num;
@@ -813,9 +802,11 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
 
 	/* 
 	 * if this is a future (or stale) message it gets buffered
-	 * (or dropped)--no further processing at this time 
+	 * (or dropped)--no further processing at this time
+	 * While listening, we accept seq 1 (ClientHello with cookie)
+	 * although we're still expecting seq 0 (ClientHello)
 	 */
-	if ( msg_hdr.seq != s->d1->handshake_read_seq)
+	if (msg_hdr.seq != s->d1->handshake_read_seq && !(s->d1->listen && msg_hdr.seq == 1))
 		return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
 
 	len = msg_hdr.msg_len;
@@ -1322,7 +1313,8 @@ unsigned char *
 dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt,
 			unsigned long len, unsigned long frag_off, unsigned long frag_len)
 	{
-	if ( frag_off == 0)
+	/* Don't change sequence numbers while listening */
+	if (frag_off == 0 && !s->d1->listen)
 		{
 		s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
 		s->d1->next_handshake_write_seq++;
diff --git a/openssl/ssl/d1_clnt.c b/openssl/ssl/d1_clnt.c
index 5bc9eb660..089fa4c7f 100644
--- a/openssl/ssl/d1_clnt.c
+++ b/openssl/ssl/d1_clnt.c
@@ -407,7 +407,8 @@ int dtls1_connect(SSL *s)
 
 		case SSL3_ST_CW_CHANGE_A:
 		case SSL3_ST_CW_CHANGE_B:
-			dtls1_start_timer(s);
+			if (!s->hit)
+				dtls1_start_timer(s);
 			ret=dtls1_send_change_cipher_spec(s,
 				SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
 			if (ret <= 0) goto end;
@@ -442,7 +443,8 @@ int dtls1_connect(SSL *s)
 
 		case SSL3_ST_CW_FINISHED_A:
 		case SSL3_ST_CW_FINISHED_B:
-			dtls1_start_timer(s);
+			if (!s->hit)
+				dtls1_start_timer(s);
 			ret=dtls1_send_finished(s,
 				SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,
 				s->method->ssl3_enc->client_finished_label,
diff --git a/openssl/ssl/d1_lib.c b/openssl/ssl/d1_lib.c
index 96b220e87..48e8b6ffb 100644
--- a/openssl/ssl/d1_lib.c
+++ b/openssl/ssl/d1_lib.c
@@ -129,26 +129,33 @@ int dtls1_new(SSL *s)
 	return(1);
 	}
 
-void dtls1_free(SSL *s)
+static void dtls1_clear_queues(SSL *s)
 	{
     pitem *item = NULL;
     hm_fragment *frag = NULL;
-
-	ssl3_free(s);
+	DTLS1_RECORD_DATA *rdata;
 
     while( (item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL)
         {
+		rdata = (DTLS1_RECORD_DATA *) item->data;
+		if (rdata->rbuf.buf)
+			{
+			OPENSSL_free(rdata->rbuf.buf);
+			}
         OPENSSL_free(item->data);
         pitem_free(item);
         }
-    pqueue_free(s->d1->unprocessed_rcds.q);
 
     while( (item = pqueue_pop(s->d1->processed_rcds.q)) != NULL)
         {
+		rdata = (DTLS1_RECORD_DATA *) item->data;
+		if (rdata->rbuf.buf)
+			{
+			OPENSSL_free(rdata->rbuf.buf);
+			}
         OPENSSL_free(item->data);
         pitem_free(item);
         }
-    pqueue_free(s->d1->processed_rcds.q);
 
     while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL)
         {
@@ -157,7 +164,6 @@ void dtls1_free(SSL *s)
         OPENSSL_free(frag);
         pitem_free(item);
         }
-    pqueue_free(s->d1->buffered_messages);
 
     while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL)
         {
@@ -166,7 +172,6 @@ void dtls1_free(SSL *s)
         OPENSSL_free(frag);
         pitem_free(item);
         }
-	pqueue_free(s->d1->sent_messages);
 
 	while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL)
 		{
@@ -175,6 +180,18 @@ void dtls1_free(SSL *s)
 		OPENSSL_free(frag);
 		pitem_free(item);
 		}
+	}
+
+void dtls1_free(SSL *s)
+	{
+	ssl3_free(s);
+
+	dtls1_clear_queues(s);
+
+    pqueue_free(s->d1->unprocessed_rcds.q);
+    pqueue_free(s->d1->processed_rcds.q);
+    pqueue_free(s->d1->buffered_messages);
+	pqueue_free(s->d1->sent_messages);
 	pqueue_free(s->d1->buffered_app_data.q);
 
 	OPENSSL_free(s->d1);
@@ -182,6 +199,36 @@ void dtls1_free(SSL *s)
 
 void dtls1_clear(SSL *s)
 	{
+    pqueue unprocessed_rcds;
+    pqueue processed_rcds;
+    pqueue buffered_messages;
+	pqueue sent_messages;
+	pqueue buffered_app_data;
+	
+	if (s->d1)
+		{
+		unprocessed_rcds = s->d1->unprocessed_rcds.q;
+		processed_rcds = s->d1->processed_rcds.q;
+		buffered_messages = s->d1->buffered_messages;
+		sent_messages = s->d1->sent_messages;
+		buffered_app_data = s->d1->buffered_app_data.q;
+
+		dtls1_clear_queues(s);
+
+		memset(s->d1, 0, sizeof(*(s->d1)));
+
+		if (s->server)
+			{
+			s->d1->cookie_len = sizeof(s->d1->cookie);
+			}
+
+		s->d1->unprocessed_rcds.q = unprocessed_rcds;
+		s->d1->processed_rcds.q = processed_rcds;
+		s->d1->buffered_messages = buffered_messages;
+		s->d1->sent_messages = sent_messages;
+		s->d1->buffered_app_data.q = buffered_app_data;
+		}
+
 	ssl3_clear(s);
 	if (s->options & SSL_OP_CISCO_ANYCONNECT)
 		s->version=DTLS1_BAD_VER;
@@ -330,6 +377,8 @@ void dtls1_stop_timer(SSL *s)
 	memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
 	s->d1->timeout_duration = 1;
 	BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
+	/* Clear retransmission buffer */
+	dtls1_clear_record_buffer(s);
 	}
 
 int dtls1_handle_timeout(SSL *s)
@@ -349,7 +398,7 @@ int dtls1_handle_timeout(SSL *s)
 		{
 		/* fail the connection, enough alerts have been sent */
 		SSLerr(SSL_F_DTLS1_HANDLE_TIMEOUT,SSL_R_READ_TIMEOUT_EXPIRED);
-		return 0;
+		return -1;
 		}
 
 	state->timeout.read_timeouts++;
diff --git a/openssl/ssl/d1_pkt.c b/openssl/ssl/d1_pkt.c
index c10514222..39aac73e1 100644
--- a/openssl/ssl/d1_pkt.c
+++ b/openssl/ssl/d1_pkt.c
@@ -409,13 +409,13 @@ dtls1_process_record(SSL *s)
 	enc_err = s->method->ssl3_enc->enc(s,0);
 	if (enc_err <= 0)
 		{
-		if (enc_err == 0)
-			/* SSLerr() and ssl3_send_alert() have been called */
-			goto err;
-
-		/* otherwise enc_err == -1 */
-		al=SSL_AD_BAD_RECORD_MAC;
-		goto f_err;
+		/* decryption failed, silently discard message */
+		if (enc_err < 0)
+			{
+			rr->length = 0;
+			s->packet_length = 0;
+			}
+		goto err;
 		}
 
 #ifdef TLS_DEBUG
@@ -658,10 +658,12 @@ again:
 
 	/* If this record is from the next epoch (either HM or ALERT),
 	 * and a handshake is currently in progress, buffer it since it
-	 * cannot be processed at this time. */
+	 * cannot be processed at this time. However, do not buffer
+	 * anything while listening.
+	 */
 	if (is_next_epoch)
 		{
-		if (SSL_in_init(s) || s->in_handshake)
+		if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen)
 			{
 			dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
 			}
diff --git a/openssl/ssl/d1_srvr.c b/openssl/ssl/d1_srvr.c
index 301ceda7a..a6a4c87ea 100644
--- a/openssl/ssl/d1_srvr.c
+++ b/openssl/ssl/d1_srvr.c
@@ -150,6 +150,7 @@ int dtls1_accept(SSL *s)
 	unsigned long alg_k;
 	int ret= -1;
 	int new_state,state,skip=0;
+	int listen;
 
 	RAND_add(&Time,sizeof(Time),0);
 	ERR_clear_error();
@@ -159,11 +160,15 @@ int dtls1_accept(SSL *s)
 		cb=s->info_callback;
 	else if (s->ctx->info_callback != NULL)
 		cb=s->ctx->info_callback;
+	
+	listen = s->d1->listen;
 
 	/* init things to blank */
 	s->in_handshake++;
 	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
 
+	s->d1->listen = listen;
+
 	if (s->cert == NULL)
 		{
 		SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
@@ -273,11 +278,23 @@ int dtls1_accept(SSL *s)
 
 			s->init_num=0;
 
+			/* Reflect ClientHello sequence to remain stateless while listening */
+			if (listen)
+				{
+				memcpy(s->s3->write_sequence, s->s3->read_sequence, sizeof(s->s3->write_sequence));
+				}
+
 			/* If we're just listening, stop here */
-			if (s->d1->listen && s->state == SSL3_ST_SW_SRVR_HELLO_A)
+			if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A)
 				{
 				ret = 2;
 				s->d1->listen = 0;
+				/* Set expected sequence numbers
+				 * to continue the handshake.
+				 */
+				s->d1->handshake_read_seq = 2;
+				s->d1->handshake_write_seq = 1;
+				s->d1->next_handshake_write_seq = 1;
 				goto end;
 				}
 			
@@ -286,7 +303,6 @@ int dtls1_accept(SSL *s)
 		case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
 		case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
 
-			dtls1_start_timer(s);
 			ret = dtls1_send_hello_verify_request(s);
 			if ( ret <= 0) goto end;
 			s->state=SSL3_ST_SW_FLUSH;
@@ -736,9 +752,6 @@ int dtls1_send_hello_verify_request(SSL *s)
 		/* number of bytes to write */
 		s->init_num=p-buf;
 		s->init_off=0;
-
-		/* buffer the message to handle re-xmits */
-		dtls1_buffer_message(s, 0);
 		}
 
 	/* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
@@ -1017,12 +1030,11 @@ int dtls1_send_server_key_exchange(SSL *s)
 				SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
 				goto err;
 				}
-			if (!EC_KEY_up_ref(ecdhp))
+			if ((ecdh = EC_KEY_dup(ecdhp)) == NULL)
 				{
 				SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
 				goto err;
 				}
-			ecdh = ecdhp;
 
 			s->s3->tmp.ecdh=ecdh;
 			if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
diff --git a/openssl/ssl/install-ssl.com b/openssl/ssl/install-ssl.com
new file mode 100644
index 000000000..1bd6ccaa7
--- /dev/null
+++ b/openssl/ssl/install-ssl.com
@@ -0,0 +1,136 @@
+$! INSTALL-SSL.COM -- Installs the files in a given directory tree
+$!
+$! Author: Richard Levitte <richard@levitte.org>
+$! Time of creation: 22-MAY-1998 10:13
+$!
+$! P1  root of the directory tree
+$! P2  "64" for 64-bit pointers.
+$!
+$!
+$! Announce/identify.
+$!
+$ proc = f$environment( "procedure")
+$ write sys$output "@@@ "+ -
+   f$parse( proc, , , "name")+ f$parse( proc, , , "type")
+$!
+$ on error then goto tidy
+$ on control_c then goto tidy
+$!
+$ if p1 .eqs. ""
+$ then
+$   write sys$output "First argument missing."
+$   write sys$output -
+     "It should be the directory where you want things installed."
+$   exit
+$ endif
+$!
+$ if (f$getsyi( "cpu") .lt. 128)
+$ then
+$     arch = "VAX"
+$ else
+$     arch = f$edit( f$getsyi( "arch_name"), "upcase")
+$     if (arch .eqs. "") then arch = "UNK"
+$ endif
+$!
+$ archd = arch
+$ lib32 = "32"
+$ shr = "_SHR32"
+$!
+$ if (p2 .nes. "")
+$ then
+$   if (p2 .eqs. "64")
+$   then
+$     archd = arch+ "_64"
+$     lib32 = ""
+$     shr = "_SHR"
+$   else
+$     if (p2 .nes. "32")
+$     then
+$       write sys$output "Second argument invalid."
+$       write sys$output "It should be "32", "64", or nothing."
+$       exit
+$     endif
+$   endif
+$ endif
+$!
+$ root = f$parse( p1, "[]A.;0", , , "syntax_only, no_conceal") - "A.;0"
+$ root_dev = f$parse(root,,,"device","syntax_only")
+$ root_dir = f$parse(root,,,"directory","syntax_only") - -
+   "[000000." - "][" - "[" - "]"
+$ root = root_dev + "[" + root_dir
+$!
+$ define /nolog wrk_sslroot 'root'.] /trans=conc
+$ define /nolog wrk_sslinclude wrk_sslroot:[include]
+$ define /nolog wrk_sslxexe wrk_sslroot:['archd'_exe]
+$ define /nolog wrk_sslxlib wrk_sslroot:['arch'_lib]
+$!
+$ if f$parse("wrk_sslroot:[000000]") .eqs. "" then -
+   create /directory /log wrk_sslroot:[000000]
+$ if f$parse("wrk_sslinclude:") .eqs. "" then -
+   create /directory /log wrk_sslinclude:
+$ if f$parse("wrk_sslxexe:") .eqs. "" then -
+   create /directory /log wrk_sslxexe:
+$ if f$parse("wrk_sslxlib:") .eqs. "" then -
+   create /directory /log wrk_sslxlib:
+$!
+$ exheader := ssl.h, ssl2.h, ssl3.h, ssl23.h, tls1.h, dtls1.h, kssl.h
+$ e_exe := ssl_task
+$ libs := ssl_libssl
+$!
+$ xexe_dir := [-.'archd'.exe.ssl]
+$!
+$ copy /protection = w:re 'exheader' wrk_sslinclude: /log
+$!
+$ i = 0
+$ loop_exe:
+$   e = f$edit( f$element( i, ",", e_exe), "trim")
+$   i = i + 1
+$   if e .eqs. "," then goto loop_exe_end
+$   set noon
+$   file = xexe_dir+ e+ ".exe"
+$   if f$search( file) .nes. ""
+$   then
+$     copy /protection = w:re 'file' wrk_sslxexe: /log
+$   endif
+$   set on
+$ goto loop_exe
+$ loop_exe_end:
+$!
+$ i = 0
+$ loop_lib: 
+$   e = f$edit(f$element(i, ",", libs),"trim")
+$   i = i + 1
+$   if e .eqs. "," then goto loop_lib_end
+$   set noon
+$! Object library.
+$   file = xexe_dir+ e+ lib32+ ".olb"
+$   if f$search( file) .nes. ""
+$   then
+$     copy /protection = w:re 'file' wrk_sslxlib: /log
+$   endif
+$! Shareable image.
+$   file = xexe_dir+ e+ shr+ ".exe"
+$   if f$search( file) .nes. ""
+$   then
+$     copy /protection = w:re 'file' wrk_sslxlib: /log
+$   endif
+$   set on
+$ goto loop_lib
+$ loop_lib_end:
+$!
+$ tidy:
+$!
+$ call deass wrk_sslroot
+$ call deass wrk_sslinclude
+$ call deass wrk_sslxexe
+$ call deass wrk_sslxlib
+$!
+$ exit
+$!
+$ deass: subroutine
+$ if (f$trnlnm( p1, "LNM$PROCESS") .nes. "")
+$ then
+$   deassign /process 'p1'
+$ endif
+$ endsubroutine
+$!
diff --git a/openssl/ssl/install.com b/openssl/ssl/install.com
deleted file mode 100644
index fe1d7268e..000000000
--- a/openssl/ssl/install.com
+++ /dev/null
@@ -1,90 +0,0 @@
-$! INSTALL.COM -- Installs the files in a given directory tree
-$!
-$! Author: Richard Levitte <richard@levitte.org>
-$! Time of creation: 22-MAY-1998 10:13
-$!
-$! P1	root of the directory tree
-$!
-$	IF P1 .EQS. ""
-$	THEN
-$	    WRITE SYS$OUTPUT "First argument missing."
-$	    WRITE SYS$OUTPUT -
-		  "It should be the directory where you want things installed."
-$	    EXIT
-$	ENDIF
-$
-$	IF (F$GETSYI("CPU").LT.128)
-$	THEN
-$	    ARCH := VAX
-$	ELSE
-$	    ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
-$	    IF (ARCH .EQS. "") THEN ARCH = "UNK"
-$	ENDIF
-$
-$	ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
-$	ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
-$	ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
-		   - "[000000." - "][" - "[" - "]"
-$	ROOT = ROOT_DEV + "[" + ROOT_DIR
-$
-$	DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
-$	DEFINE/NOLOG WRK_SSLXLIB WRK_SSLROOT:['ARCH'_LIB]
-$	DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE]
-$	DEFINE/NOLOG WRK_SSLXEXE WRK_SSLROOT:['ARCH'_EXE]
-$
-$	IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLROOT:[000000]
-$	IF F$PARSE("WRK_SSLXLIB:") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLXLIB:
-$	IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLINCLUDE:
-$	IF F$PARSE("WRK_SSLXEXE:") .EQS. "" THEN -
-	   CREATE/DIR/LOG WRK_SSLXEXE:
-$
-$	EXHEADER := ssl.h,ssl2.h,ssl3.h,ssl23.h,tls1.h,dtls1.h,kssl.h
-$	E_EXE := ssl_task
-$	LIBS := LIBSSL,LIBSSL32
-$
-$	XEXE_DIR := [-.'ARCH'.EXE.SSL]
-$
-$	COPY 'EXHEADER' WRK_SSLINCLUDE:/LOG
-$	SET FILE/PROT=WORLD:RE WRK_SSLINCLUDE:'EXHEADER'
-$
-$	I = 0
-$ LOOP_EXE: 
-$	E = F$EDIT(F$ELEMENT(I, ",", E_EXE),"TRIM")
-$	I = I + 1
-$	IF E .EQS. "," THEN GOTO LOOP_EXE_END
-$	SET NOON
-$	IF F$SEARCH(XEXE_DIR+E+".EXE") .NES. ""
-$	THEN
-$	  COPY 'XEXE_DIR''E'.EXE WRK_SSLXEXE:'E'.EXE/log
-$	  SET FILE/PROT=W:RE WRK_SSLXEXE:'E'.EXE
-$	ENDIF
-$	SET ON
-$	GOTO LOOP_EXE
-$ LOOP_EXE_END:
-$
-$	I = 0
-$ LOOP_LIB: 
-$	E = F$EDIT(F$ELEMENT(I, ",", LIBS),"TRIM")
-$	I = I + 1
-$	IF E .EQS. "," THEN GOTO LOOP_LIB_END
-$	SET NOON
-$! Object library.
-$	IF F$SEARCH(XEXE_DIR+E+".OLB") .NES. ""
-$	THEN
-$	  COPY 'XEXE_DIR''E'.OLB WRK_SSLXLIB:'E'.OLB/log
-$	  SET FILE/PROT=W:RE WRK_SSLXLIB:'E'.OLB
-$	ENDIF
-$! Shareable image.
-$	IF F$SEARCH(XEXE_DIR+E+".EXE") .NES. ""
-$	THEN
-$	  COPY 'XEXE_DIR''E'.EXE WRK_SSLXLIB:'E'.EXE/log
-$	  SET FILE/PROT=W:RE WRK_SSLXLIB:'E'.EXE
-$	ENDIF
-$	SET ON
-$	GOTO LOOP_LIB
-$ LOOP_LIB_END:
-$
-$	EXIT
diff --git a/openssl/ssl/s3_clnt.c b/openssl/ssl/s3_clnt.c
index c22837d05..50bd415b5 100644
--- a/openssl/ssl/s3_clnt.c
+++ b/openssl/ssl/s3_clnt.c
@@ -2243,6 +2243,7 @@ int ssl3_send_client_key_exchange(SSL *s)
 			if (!DH_generate_key(dh_clnt))
 				{
 				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
+				DH_free(dh_clnt);
 				goto err;
 				}
 
@@ -2254,6 +2255,7 @@ int ssl3_send_client_key_exchange(SSL *s)
 			if (n <= 0)
 				{
 				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
+				DH_free(dh_clnt);
 				goto err;
 				}
 
diff --git a/openssl/ssl/s3_lib.c b/openssl/ssl/s3_lib.c
index d6b047c99..62c791cb7 100644
--- a/openssl/ssl/s3_lib.c
+++ b/openssl/ssl/s3_lib.c
@@ -2198,11 +2198,17 @@ void ssl3_clear(SSL *s)
 		}
 #ifndef OPENSSL_NO_DH
 	if (s->s3->tmp.dh != NULL)
+		{
 		DH_free(s->s3->tmp.dh);
+		s->s3->tmp.dh = NULL;
+		}
 #endif
 #ifndef OPENSSL_NO_ECDH
 	if (s->s3->tmp.ecdh != NULL)
+		{
 		EC_KEY_free(s->s3->tmp.ecdh);
+		s->s3->tmp.ecdh = NULL;
+		}
 #endif
 
 	rp = s->s3->rbuf.buf;
diff --git a/openssl/ssl/s3_pkt.c b/openssl/ssl/s3_pkt.c
index e3f6050a2..f9b3629cf 100644
--- a/openssl/ssl/s3_pkt.c
+++ b/openssl/ssl/s3_pkt.c
@@ -246,7 +246,8 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
 		if (i <= 0)
 			{
 			rb->left = left;
-			if (s->mode & SSL_MODE_RELEASE_BUFFERS)
+			if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
+			    SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
 				if (len+left == 0)
 					ssl3_release_read_buffer(s);
 			return(i);
@@ -846,7 +847,8 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
 			{
 			wb->left=0;
 			wb->offset+=i;
-			if (s->mode & SSL_MODE_RELEASE_BUFFERS)
+			if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
+			    SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
 				ssl3_release_write_buffer(s);
 			s->rwstate=SSL_NOTHING;
 			return(s->s3->wpend_ret);
diff --git a/openssl/ssl/s3_srvr.c b/openssl/ssl/s3_srvr.c
index 514f72c97..c3b5ff33f 100644
--- a/openssl/ssl/s3_srvr.c
+++ b/openssl/ssl/s3_srvr.c
@@ -768,15 +768,20 @@ int ssl3_check_client_hello(SSL *s)
 	if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO)
 		{
 		/* Throw away what we have done so far in the current handshake,
-		 * which will now be aborted. (A full SSL_clear would be too much.)
-		 * I hope that tmp.dh is the only thing that may need to be cleared
-		 * when a handshake is not completed ... */
+		 * which will now be aborted. (A full SSL_clear would be too much.) */
 #ifndef OPENSSL_NO_DH
 		if (s->s3->tmp.dh != NULL)
 			{
 			DH_free(s->s3->tmp.dh);
 			s->s3->tmp.dh = NULL;
 			}
+#endif
+#ifndef OPENSSL_NO_ECDH
+		if (s->s3->tmp.ecdh != NULL)
+			{
+			EC_KEY_free(s->s3->tmp.ecdh);
+			s->s3->tmp.ecdh = NULL;
+			}
 #endif
 		return 2;
 		}
@@ -1491,7 +1496,6 @@ int ssl3_send_server_key_exchange(SSL *s)
 
 			if (s->s3->tmp.dh != NULL)
 				{
-				DH_free(dh);
 				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
 				goto err;
 				}
@@ -1552,7 +1556,6 @@ int ssl3_send_server_key_exchange(SSL *s)
 
 			if (s->s3->tmp.ecdh != NULL)
 				{
-				EC_KEY_free(s->s3->tmp.ecdh); 
 				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
 				goto err;
 				}
@@ -1563,12 +1566,11 @@ int ssl3_send_server_key_exchange(SSL *s)
 				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
 				goto err;
 				}
-			if (!EC_KEY_up_ref(ecdhp))
+			if ((ecdh = EC_KEY_dup(ecdhp)) == NULL)
 				{
 				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
 				goto err;
 				}
-			ecdh = ecdhp;
 
 			s->s3->tmp.ecdh=ecdh;
 			if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
@@ -1731,6 +1733,7 @@ int ssl3_send_server_key_exchange(SSL *s)
 			    (unsigned char *)encodedPoint, 
 			    encodedlen);
 			OPENSSL_free(encodedPoint);
+			encodedPoint = NULL;
 			p += encodedlen;
 			}
 #endif
@@ -2440,6 +2443,12 @@ int ssl3_get_client_key_exchange(SSL *s)
 			/* Get encoded point length */
 			i = *p; 
 			p += 1;
+			if (n != 1 + i)
+				{
+				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+				    ERR_R_EC_LIB);
+				goto err;
+				}
 			if (EC_POINT_oct2point(group, 
 			    clnt_ecpoint, p, i, bn_ctx) == 0)
 				{
diff --git a/openssl/ssl/ssl-lib.com b/openssl/ssl/ssl-lib.com
index 35bdd34de..180f3a2d8 100644
--- a/openssl/ssl/ssl-lib.com
+++ b/openssl/ssl/ssl-lib.com
@@ -42,18 +42,33 @@ $!	SOCKETSHR	for SOCKETSHR+NETLIB
 $!
 $!  P5, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
 $!
-$!  For 64 bit architectures (Alpha and IA64), specify the pointer size as P6.
-$!  For 32 bit architectures (VAX), P6 is ignored.
-$!  Currently supported values are:
+$!  P6, if defined, specifies the C pointer size.  Ignored on VAX.
+$!      ("64=ARGV" gives more efficient code with HP C V7.3 or newer.)
+$!      Supported values are:
 $!
-$!	32	To ge a library compiled with /POINTER_SIZE=32
-$!	64	To ge a library compiled with /POINTER_SIZE=64
+$!      ""       Compile with default (/NOPOINTER_SIZE)
+$!      32       Compile with /POINTER_SIZE=32 (SHORT)
+$!      64       Compile with /POINTER_SIZE=64[=ARGV] (LONG[=ARGV])
+$!               (Automatically select ARGV if compiler supports it.)
+$!      64=      Compile with /POINTER_SIZE=64 (LONG).
+$!      64=ARGV  Compile with /POINTER_SIZE=64=ARGV (LONG=ARGV).
 $!
+$!  P7, if defined, specifies a directory where ZLIB files (zlib.h,
+$!  libz.olb) may be found.  Optionally, a non-default object library
+$!  name may be included ("dev:[dir]libz_64.olb", for example).
+$!
+$!
+$! Announce/identify.
+$!
+$ proc = f$environment( "procedure")
+$ write sys$output "@@@ "+ -
+   f$parse( proc, , , "name")+ f$parse( proc, , , "type")
 $!
 $! Define A TCP/IP Library That We Will Need To Link To.
 $! (That Is, If We Need To Link To One.)
 $!
 $ TCPIP_LIB = ""
+$ ZLIB_LIB = ""
 $!
 $! Check What Architecture We Are Using.
 $!
@@ -77,17 +92,33 @@ $! End The Architecture Check.
 $!
 $ ENDIF
 $!
-$! Define The OBJ Directory.
+$ ARCHD = ARCH
+$ LIB32 = "32"
+$ OPT_FILE = ""
+$ POINTER_SIZE = ""
+$!
+$! Check To Make Sure We Have Valid Command Line Parameters.
 $!
-$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.SSL]
+$ GOSUB CHECK_OPTIONS
 $!
-$! Define The EXE Directory.
+$! Define The OBJ and EXE Directories.
 $!
-$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.SSL]
+$ OBJ_DIR := SYS$DISK:[-.'ARCHD'.OBJ.SSL]
+$ EXE_DIR := SYS$DISK:[-.'ARCHD'.EXE.SSL]
 $!
-$! Check To Make Sure We Have Valid Command Line Parameters.
+$! Specify the destination directory in any /MAP option.
 $!
-$ GOSUB CHECK_OPTIONS
+$ if (LINKMAP .eqs. "MAP")
+$ then
+$   LINKMAP = LINKMAP+ "=''EXE_DIR'"
+$ endif
+$!
+$! Add the location prefix to the linker options file name.
+$!
+$ if (OPT_FILE .nes. "")
+$ then
+$   OPT_FILE = EXE_DIR+ OPT_FILE
+$ endif
 $!
 $! Initialise logical names and such
 $!
@@ -95,7 +126,7 @@ $ GOSUB INITIALISE
 $!
 $! Tell The User What Kind of Machine We Run On.
 $!
-$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine."
+$ WRITE SYS$OUTPUT "Host system architecture: ''ARCHD'"
 $!
 $! Check To See If The Architecture Specific OBJ Directory Exists.
 $!
@@ -125,11 +156,15 @@ $ ENDIF
 $!
 $! Define The Library Name.
 $!
-$ SSL_LIB := 'EXE_DIR'LIBSSL'LIB32'.OLB
+$ SSL_LIB := 'EXE_DIR'SSL_LIBSSL'LIB32'.OLB
 $!
 $! Define The CRYPTO-LIB We Are To Use.
 $!
-$ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO'LIB32'.OLB
+$ CRYPTO_LIB := SYS$DISK:[-.'ARCHD'.EXE.CRYPTO]SSL_LIBCRYPTO'LIB32'.OLB
+$!
+$! Set up exceptional compilations.
+$!
+$ CC5_SHOWN = 0
 $!
 $! Check To See What We Are To Do.
 $!
@@ -163,7 +198,7 @@ $! Compile The Library.
 $!
 $ LIBRARY:
 $!
-$! Check To See If We Already Have A "[.xxx.EXE.SSL]LIBSSL''LIB32'.OLB" Library...
+$! Check To See If We Already Have A "[.xxx.EXE.SSL]SSL_LIBSSL''LIB32'.OLB" Library...
 $!
 $ IF (F$SEARCH(SSL_LIB).EQS."")
 $ THEN
@@ -189,6 +224,8 @@ $ LIB_SSL = "s2_meth,s2_srvr,s2_clnt,s2_lib,s2_enc,s2_pkt,"+ -
 	    "ssl_asn1,ssl_txt,ssl_algs,"+ -
 	    "bio_ssl,ssl_err,kssl,t1_reneg"
 $!
+$ COMPILEWITH_CC5 = ""
+$!
 $! Tell The User That We Are Compiling The Library.
 $!
 $ WRITE SYS$OUTPUT "Building The ",SSL_LIB," Library."
@@ -302,42 +339,47 @@ $! End The SSL_TASK.C File Check.
 $!
 $ ENDIF
 $!
+$ COMPILEWITH_CC5 = "" !!! ",ssl_task,"
+$!
+$! Tell The User We Are Creating The SSL_TASK.
+$!
 $! Tell The User We Are Creating The SSL_TASK.
 $!
 $ WRITE SYS$OUTPUT "Creating SSL_TASK OSU HTTP SSL Engine."	
 $!
+$!  Tell The User What File We Are Compiling.
+$!
+$ FILE_NAME = "ssl_task"
+$ WRITE SYS$OUTPUT "	",FILE_NAME,".c"
+$!
 $! Compile The File.
 $!
 $ ON ERROR THEN GOTO SSL_TASK_END
-$ CC5/OBJECT='OBJ_DIR'SSL_TASK.OBJ SYS$DISK:[]SSL_TASK.C
 $!
-$! Link The Program.
-$! Check To See If We Are To Link With A Specific TCP/IP Library.
-$!
-$ IF (TCPIP_LIB.NES."")
+$ FILE_NAME0 = ","+ F$ELEMENT(0,".",FILE_NAME)+ ","
+$ IF COMPILEWITH_CC5 - FILE_NAME0 .NES. COMPILEWITH_CC5
 $ THEN
-$!
-$!  Link With TCP/IP Library.
-$!
-$   LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR'SSL_TASK.EXE -
-        'OBJ_DIR'SSL_TASK.OBJ, -
-	'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, -
-        'TCPIP_LIB','OPT_FILE'/OPTION
-$!
-$! Else...
-$!
+$   if (.not. CC5_SHOWN)
+$   then
+$     CC5_SHOWN = 1
+$     write sys$output "        \Using special rule (5)"
+$     x = "    "+ CC5
+$     write /symbol sys$output x
+$   endif
+$   CC5 /OBJECT='OBJ_DIR''FILE_NAME'.OBJ SYS$DISK:[]'FILE_NAME'.C
 $ ELSE
+$   CC /OBJECT='OBJ_DIR''FILE_NAME'.OBJ SYS$DISK:[]'FILE_NAME'.C
+$ ENDIF
 $!
-$!  Don't Link With TCP/IP Library.
-$!
-$   LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR'SSL_TASK.EXE -
-        'OBJ_DIR'SSL_TASK.OBJ,-
-	'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, -
-        'OPT_FILE'/OPTION
+$! Link The Program.
 $!
-$! End The TCP/IP Library Check.
-$!
-$ ENDIF
+$ LINK /'DEBUGGER' /'LINKMAP' /'TRACEBACK' /EXE='EXE_DIR'SSL_TASK.EXE -
+   'OBJ_DIR'SSL_TASK.OBJ, -
+   'SSL_LIB'/LIBRARY, -
+   'CRYPTO_LIB'/LIBRARY -
+   'TCPIP_LIB' -
+   'ZLIB_LIB' -
+   ,'OPT_FILE' /OPTIONS
 $!
 $! Time To Return.
 $!
@@ -363,7 +405,7 @@ $!
 $     CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File To Link Agianst 
+! Default System Options File To Link Against 
 ! The Sharable VAX C Runtime Library.
 !
 SYS$SHARE:VAXCRTL.EXE/SHARE
@@ -392,7 +434,7 @@ $!
 $     CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File To Link Agianst 
+! Default System Options File To Link Against 
 ! The Sharable C Runtime Library.
 !
 GNU_CC:[000000]GCCLIB/LIBRARY
@@ -427,7 +469,7 @@ $!
 $       CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File To Link Agianst 
+! Default System Options File To Link Against 
 ! The Sharable DEC C Runtime Library.
 !
 SYS$SHARE:DECC$SHR.EXE/SHARE
@@ -442,7 +484,7 @@ $!
 $       CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File For non-VAX To Link Agianst 
+! Default System Options File For non-VAX To Link Against 
 ! The Sharable C Runtime Library.
 !
 SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
@@ -555,8 +597,8 @@ $     WRITE SYS$OUTPUT "    SSL_TASK :  To Compile Just The [.xxx.EXE.SSL]SSL_TA
 $     WRITE SYS$OUTPUT ""
 $     WRITE SYS$OUTPUT " Where 'xxx' Stands For:"
 $     WRITE SYS$OUTPUT ""
-$     WRITE SYS$OUTPUT "    ALPHA    :  Alpha Architecture."
-$     WRITE SYS$OUTPUT "    IA64     :  IA64 Architecture."
+$     WRITE SYS$OUTPUT "    ALPHA[64]:  Alpha Architecture."
+$     WRITE SYS$OUTPUT "    IA64[64] :  IA64 Architecture."
 $     WRITE SYS$OUTPUT "    VAX      :  VAX Architecture."
 $     WRITE SYS$OUTPUT ""
 $!
@@ -577,14 +619,15 @@ $!
 $ IF (P2.EQS."NODEBUG")
 $ THEN
 $!
-$!   P2 Is NODEBUG, So Compile Without Debugger Information.
+$!  P2 Is NODEBUG, So Compile Without Debugger Information.
 $!
-$    DEBUGGER  = "NODEBUG"
-$    TRACEBACK = "NOTRACEBACK" 
-$    GCC_OPTIMIZE = "OPTIMIZE"
-$    CC_OPTIMIZE = "OPTIMIZE"
-$    WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
-$    WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
+$   DEBUGGER  = "NODEBUG"
+$   LINKMAP = "NOMAP"
+$   TRACEBACK = "NOTRACEBACK" 
+$   GCC_OPTIMIZE = "OPTIMIZE"
+$   CC_OPTIMIZE = "OPTIMIZE"
+$   WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
+$   WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
 $!
 $! Else...
 $!
@@ -598,6 +641,7 @@ $!
 $!    Compile With Debugger Information.
 $!
 $     DEBUGGER  = "DEBUG"
+$     LINKMAP = "MAP"
 $     TRACEBACK = "TRACEBACK"
 $     GCC_OPTIMIZE = "NOOPTIMIZE"
 $     CC_OPTIMIZE = "NOOPTIMIZE"
@@ -605,7 +649,7 @@ $     WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile."
 $     WRITE SYS$OUTPUT "Compiling Without Compiler Optimization."
 $   ELSE
 $!
-$!    Tell The User Entered An Invalid Option..
+$!    Tell The User Entered An Invalid Option.
 $!
 $     WRITE SYS$OUTPUT ""
 $     WRITE SYS$OUTPUT "The Option ",P2," Is Invalid.  The Valid Options Are:"
@@ -660,58 +704,59 @@ $! End The P5 Check.
 $!
 $ ENDIF
 $!
-$! Check To See If P6 Is Blank.
+$! Check P6 (POINTER_SIZE).
 $!
-$ IF (P6.EQS."")
+$ IF (P6 .NES. "") .AND. (ARCH .NES. "VAX")
 $ THEN
-$   POINTER_SIZE = ""
-$ ELSE
 $!
-$!  Check is P6 Is Valid
-$!
-$   IF (P6.EQS."32")
+$   IF (P6 .EQS. "32")
 $   THEN
-$     POINTER_SIZE = "/POINTER_SIZE=32"
-$     IF ARCH .EQS. "VAX"
-$     THEN
-$       LIB32 = ""
-$     ELSE
-$       LIB32 = "32"
-$     ENDIF
+$     POINTER_SIZE = " /POINTER_SIZE=32"
 $   ELSE
-$     IF (P6.EQS."64")
+$     POINTER_SIZE = F$EDIT( P6, "COLLAPSE, UPCASE")
+$     IF ((POINTER_SIZE .EQS. "64") .OR. -
+       (POINTER_SIZE .EQS. "64=") .OR. -
+       (POINTER_SIZE .EQS. "64=ARGV"))
 $     THEN
+$       ARCHD = ARCH+ "_64"
 $       LIB32 = ""
-$       IF ARCH .EQS. "VAX"
-$       THEN
-$         POINTER_SIZE = "/POINTER_SIZE=32"
-$       ELSE
-$         POINTER_SIZE = "/POINTER_SIZE=64"
-$       ENDIF
+$       POINTER_SIZE = " /POINTER_SIZE=64"
 $     ELSE
 $!
-$!      Tell The User Entered An Invalid Option..
+$!      Tell The User Entered An Invalid Option.
 $!
 $       WRITE SYS$OUTPUT ""
-$       WRITE SYS$OUTPUT "The Option ",P6," Is Invalid.  The Valid Options Are:"
+$       WRITE SYS$OUTPUT "The Option ", P6, -
+         " Is Invalid.  The Valid Options Are:"
 $       WRITE SYS$OUTPUT ""
-$       WRITE SYS$OUTPUT "    32  :  Compile with 32 bit pointer size"
-$       WRITE SYS$OUTPUT "    64  :  Compile with 64 bit pointer size"
+$       WRITE SYS$OUTPUT -
+         "    """"       :  Compile with default (short) pointers."
+$       WRITE SYS$OUTPUT -
+         "    32       :  Compile with 32-bit (short) pointers."
+$       WRITE SYS$OUTPUT -
+         "    64       :  Compile with 64-bit (long) pointers (auto ARGV)."
+$       WRITE SYS$OUTPUT -
+         "    64=      :  Compile with 64-bit (long) pointers (no ARGV)."
+$       WRITE SYS$OUTPUT -
+         "    64=ARGV  :  Compile with 64-bit (long) pointers (ARGV)."
 $       WRITE SYS$OUTPUT ""
-$!
+$! 
 $!      Time To EXIT.
 $!
-$       GOTO TIDY
-$!
-$!      End The Valid Arguement Check.
+$       EXIT
 $!
 $     ENDIF
+$!
 $   ENDIF
 $!
-$! End The P6 Check.
+$! End The P6 (POINTER_SIZE) Check.
 $!
 $ ENDIF
 $!
+$! Set basic C compiler /INCLUDE directories.
+$!
+$ CC_INCLUDES = "SYS$DISK:[-.CRYPTO],SYS$DISK:[-]"
+$!
 $! Check To See If P3 Is Blank.
 $!
 $ IF (P3.EQS."")
@@ -812,11 +857,64 @@ $ CCDEFS = "TCPIP_TYPE_''P4'"
 $ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
 $ CCEXTRAFLAGS = ""
 $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
+$ CCDISABLEWARNINGS = "" !!! "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
 $ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
 	CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
 $!
-$!  Check To See If The User Entered A Valid Paramter.
+$! Check To See If We Have A ZLIB Option.
+$!
+$ ZLIB = P7
+$ IF (ZLIB .NES. "")
+$ THEN
+$!
+$!  Check for expected ZLIB files.
+$!
+$   err = 0
+$   file1 = f$parse( "zlib.h", ZLIB, , , "SYNTAX_ONLY")
+$   if (f$search( file1) .eqs. "")
+$   then
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid."
+$     WRITE SYS$OUTPUT "    Can't find header: ''file1'"
+$     err = 1
+$   endif
+$   file1 = f$parse( "A.;", ZLIB)- "A.;"
+$!
+$   file2 = f$parse( ZLIB, "libz.olb", , , "SYNTAX_ONLY")
+$   if (f$search( file2) .eqs. "")
+$   then
+$     if (err .eq. 0)
+$     then
+$       WRITE SYS$OUTPUT ""
+$       WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid."
+$     endif
+$     WRITE SYS$OUTPUT "    Can't find library: ''file2'"
+$     WRITE SYS$OUTPUT ""
+$     err = err+ 2
+$   endif
+$   if (err .eq. 1)
+$   then
+$     WRITE SYS$OUTPUT ""
+$   endif
+$!
+$   if (err .ne. 0)
+$   then
+$     EXIT
+$   endif
+$!
+$   CCDEFS = """ZLIB=1"", "+ CCDEFS
+$   CC_INCLUDES = CC_INCLUDES+ ", "+ file1
+$   ZLIB_LIB = ", ''file2' /library"
+$!
+$!  Print info
+$!
+$   WRITE SYS$OUTPUT "ZLIB library spec: ", file2
+$!
+$! End The ZLIB Check.
+$!
+$ ENDIF
+$!
+$!  Check To See If The User Entered A Valid Parameter.
 $!
 $ IF (P3.EQS."VAXC").OR.(P3.EQS."DECC").OR.(P3.EQS."GNUC")
 $ THEN
@@ -839,13 +937,13 @@ $!
 $     CC = "CC"
 $     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
 	 THEN CC = "CC/DECC"
-$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89''POINTER_SIZE'" + -
-           "/NOLIST/PREFIX=ALL" + -
-	   "/INCLUDE=(SYS$DISK:[-.CRYPTO],SYS$DISK:[-])" + CCEXTRAFLAGS
+$     CC = CC + " /''CC_OPTIMIZE' /''DEBUGGER' /STANDARD=RELAXED"+ -
+       "''POINTER_SIZE' /NOLIST /PREFIX=ALL" + -
+       " /INCLUDE=(''CC_INCLUDES') " + CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT"
+$     OPT_FILE = "VAX_DECC_OPTIONS.OPT"
 $!
 $!  End DECC Check.
 $!
@@ -874,7 +972,7 @@ $	EXIT
 $     ENDIF
 $     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
 $     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-	   "/INCLUDE=(SYS$DISK:[-.CRYPTO],SYS$DISK:[-])" + CCEXTRAFLAGS
+	   "/INCLUDE=(''CC_INCLUDES')" + CCEXTRAFLAGS
 $     CCDEFS = CCDEFS + ",""VAXC"""
 $!
 $!    Define <sys> As SYS$COMMON:[SYSLIB]
@@ -883,7 +981,7 @@ $     DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT"
+$     OPT_FILE = "VAX_VAXC_OPTIONS.OPT"
 $!
 $!  End VAXC Check
 $!
@@ -906,11 +1004,11 @@ $!    Use GNU C...
 $!
 $     IF F$TYPE(GCC) .EQS. "" THEN GCC := GCC
 $     CC = GCC+"/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
-	   "/INCLUDE=(SYS$DISK:[-.CRYPTO],SYS$DISK:[-])" + CCEXTRAFLAGS
+	   "/INCLUDE=(''CC_INCLUDES')" + CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT"
+$     OPT_FILE = "VAX_GNUC_OPTIONS.OPT"
 $!
 $!  End The GNU C Check.
 $!
@@ -929,16 +1027,16 @@ $     THEN
 $       CC4DISABLEWARNINGS = "DOLLARID"
 $     ELSE
 $       CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID"
-$       CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
+$       CCDISABLEWARNINGS = " /WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
 $     ENDIF
-$     CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
+$     CC4DISABLEWARNINGS = " /WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
 $   ELSE
 $     CCDISABLEWARNINGS = ""
 $     CC4DISABLEWARNINGS = ""
 $   ENDIF
-$   CC2 = CC + "/DEFINE=(" + CCDEFS + ",_POSIX_C_SOURCE)" + CCDISABLEWARNINGS
-$   CC3 = CC + "/DEFINE=(" + CCDEFS + ISSEVEN + ")" + CCDISABLEWARNINGS
-$   CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
+$   CC2 = CC + " /DEFINE=(" + CCDEFS + ",_POSIX_C_SOURCE)" + CCDISABLEWARNINGS
+$   CC3 = CC + " /DEFINE=(" + CCDEFS + ISSEVEN + ")" + CCDISABLEWARNINGS
+$   CC = CC + " /DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
 $   IF COMPILER .EQS. "DECC"
 $   THEN
 $     CC4 = CC - CCDISABLEWARNINGS + CC4DISABLEWARNINGS
@@ -984,7 +1082,7 @@ $   THEN
 $!
 $!    Set the library to use SOCKETSHR
 $!
-$     TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT/OPT"
+$     TCPIP_LIB = ",SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT /OPTIONS"
 $!
 $!    Done with SOCKETSHR
 $!
@@ -1010,13 +1108,13 @@ $   THEN
 $!
 $!    Set the library to use UCX.
 $!
-$     TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT/OPT"
+$     TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT /OPTIONS"
 $     IF F$TRNLNM("UCX$IPC_SHR") .NES. ""
 $     THEN
-$       TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT"
+$       TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT /OPTIONS"
 $     ELSE
 $       IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN -
-	  TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT/OPT"
+	  TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT /OPTIONS"
 $     ENDIF
 $!
 $!    Done with UCX
@@ -1030,7 +1128,7 @@ $   THEN
 $!
 $!    Set the library to use TCPIP (post UCX).
 $!
-$     TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT"
+$     TCPIP_LIB = ",SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT /OPTIONS"
 $!
 $!    Done with TCPIP
 $!
@@ -1051,7 +1149,7 @@ $   ENDIF
 $!
 $!  Print info
 $!
-$   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB
+$   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB- ","
 $!
 $!  Else The User Entered An Invalid Argument.
 $!
diff --git a/openssl/ssl/ssl_lib.c b/openssl/ssl/ssl_lib.c
index 912592b8b..46732791f 100644
--- a/openssl/ssl/ssl_lib.c
+++ b/openssl/ssl/ssl_lib.c
@@ -1833,7 +1833,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
 #endif
 	X509 *x = NULL;
 	EVP_PKEY *ecc_pkey = NULL;
-	int signature_nid = 0;
+	int signature_nid = 0, pk_nid = 0, md_nid = 0;
 
 	if (c == NULL) return;
 
@@ -1963,18 +1963,15 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
 		    EVP_PKEY_bits(ecc_pkey) : 0;
 		EVP_PKEY_free(ecc_pkey);
 		if ((x->sig_alg) && (x->sig_alg->algorithm))
+			{
 			signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
+			OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
+			}
 #ifndef OPENSSL_NO_ECDH
 		if (ecdh_ok)
 			{
-			const char *sig = OBJ_nid2ln(signature_nid);
-			if (sig == NULL)
-				{
-				ERR_clear_error();
-				sig = "unknown";
-				}
-				
-			if (strstr(sig, "WithRSA"))
+
+			if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa)
 				{
 				mask_k|=SSL_kECDHr;
 				mask_a|=SSL_aECDH;
@@ -1985,7 +1982,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
 					}
 				}
 
-			if (signature_nid == NID_ecdsa_with_SHA1)
+			if (pk_nid == NID_X9_62_id_ecPublicKey)
 				{
 				mask_k|=SSL_kECDHe;
 				mask_a|=SSL_aECDH;
@@ -2039,7 +2036,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs)
 	unsigned long alg_k, alg_a;
 	EVP_PKEY *pkey = NULL;
 	int keysize = 0;
-	int signature_nid = 0;
+	int signature_nid = 0, md_nid = 0, pk_nid = 0;
 
 	alg_k = cs->algorithm_mkey;
 	alg_a = cs->algorithm_auth;
@@ -2057,7 +2054,10 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs)
 	/* This call populates the ex_flags field correctly */
 	X509_check_purpose(x, -1, 0);
 	if ((x->sig_alg) && (x->sig_alg->algorithm))
+		{
 		signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
+		OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid);
+		}
 	if (alg_k & SSL_kECDHe || alg_k & SSL_kECDHr)
 		{
 		/* key usage, if present, must allow key agreement */
@@ -2069,7 +2069,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs)
 		if (alg_k & SSL_kECDHe)
 			{
 			/* signature alg must be ECDSA */
-			if (signature_nid != NID_ecdsa_with_SHA1)
+			if (pk_nid != NID_X9_62_id_ecPublicKey)
 				{
 				SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE);
 				return 0;
@@ -2079,13 +2079,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs)
 			{
 			/* signature alg must be RSA */
 
-			const char *sig = OBJ_nid2ln(signature_nid);
-			if (sig == NULL)
-				{
-				ERR_clear_error();
-				sig = "unknown";
-				}
-			if (strstr(sig, "WithRSA") == NULL)
+			if (pk_nid != NID_rsaEncryption && pk_nid != NID_rsa)
 				{
 				SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE);
 				return 0;
diff --git a/openssl/test/bftest.c b/openssl/test/bftest.c
index e69de29bb..78b1749a4 100644
--- a/openssl/test/bftest.c
+++ b/openssl/test/bftest.c
@@ -0,0 +1 @@
+../crypto/bf/bftest.c
\ No newline at end of file
diff --git a/openssl/test/bntest.c b/openssl/test/bntest.c
index e69de29bb..03f54a238 100644
--- a/openssl/test/bntest.c
+++ b/openssl/test/bntest.c
@@ -0,0 +1 @@
+../crypto/bn/bntest.c
\ No newline at end of file
diff --git a/openssl/test/bntest.com b/openssl/test/bntest.com
index cb6d3abd7..6545d2e5a 100644
--- a/openssl/test/bntest.com
+++ b/openssl/test/bntest.com
@@ -4,6 +4,8 @@ $!
 $! Exit status = 1 (success) if all tests passed,
 $!               0 (warning) if any test failed.
 $!
+$! 2011-02-20 SMS.  Added code to skip "#" comments in the input file.
+$!
 $! 2010-04-05 SMS.  New.  Based (loosely) on perl code in bntest-vms.sh.
 $!
 $!                  Expect data like:
@@ -35,6 +37,11 @@ $!
 $ read_loop:
 $     read /end = read_loop_end /error = tidy result_file line
 $     t1 = f$element( 0, " ", line)
+$!
+$!    Skip "#" comment lines.
+$     if (f$extract( 0, 1, f$edit( line, "TRIM")) .eqs. "#") then -
+       goto read_loop
+$!
 $     if (t1 .eqs. "test")
 $     then
 $         passed = passed+ 1
diff --git a/openssl/test/casttest.c b/openssl/test/casttest.c
index e69de29bb..ac7ede8d7 100644
--- a/openssl/test/casttest.c
+++ b/openssl/test/casttest.c
@@ -0,0 +1 @@
+../crypto/cast/casttest.c
\ No newline at end of file
diff --git a/openssl/test/clean_test.com b/openssl/test/clean_test.com
new file mode 100644
index 000000000..7df633fbe
--- /dev/null
+++ b/openssl/test/clean_test.com
@@ -0,0 +1,35 @@
+$!
+$! Delete various test results files.
+$!
+$ def_orig = f$environment( "default")
+$ proc = f$environment( "procedure")
+$ proc_dev_dir = f$parse( "A.;", proc) - "A.;"
+$!
+$ on control_c then goto tidy
+$ on error then goto tidy
+$!
+$ set default 'proc_dev_dir'
+$!
+$ files := *.cms;*, *.srl;*, *.ss;*, -
+   cms.err;*, cms.out;*, newreq.pem;*, -
+   p.txt-zlib-cipher;*, -
+   smtst.txt;*, testkey.pem;*, testreq.pem;*, -
+   test_*.err;*, test_*.out;*, -
+   .rnd;*
+$!
+$ delim = ","
+$ i = 0
+$ loop:
+$    file = f$edit( f$element( i, delim, files), "trim")
+$    if (file .eqs. delim) then goto loop_end
+$    if (f$search( file) .nes. "") then -
+      delete 'p1' 'file'
+$    i = i+ 1
+$ goto loop
+$ loop_end:
+$!
+$ tidy:
+$ 
+$ if (f$type( def_orig) .nes. "") then -
+   set default 'def_orig'
+$!
diff --git a/openssl/test/cms-test.pl b/openssl/test/cms-test.pl
index 31b84707a..c938bcf00 100644
--- a/openssl/test/cms-test.pl
+++ b/openssl/test/cms-test.pl
@@ -56,8 +56,8 @@
 my $ossl_path;
 my $redir = " 2> cms.err > cms.out";
 # Make VMS work
-if ( $^O eq "VMS" && -f "$ENV{EXE_DIR}openssl.exe" ) {
-    $ossl_path = "pipe mcr $ENV{EXE_DIR}openssl.exe";
+if ( $^O eq "VMS" && -f "OSSLX:openssl.exe" ) {
+    $ossl_path = "pipe mcr OSSLX:openssl";
 }
 # Make MSYS work
 elsif ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) {
diff --git a/openssl/test/destest.c b/openssl/test/destest.c
index e69de29bb..5988c7303 100644
--- a/openssl/test/destest.c
+++ b/openssl/test/destest.c
@@ -0,0 +1 @@
+../crypto/des/destest.c
\ No newline at end of file
diff --git a/openssl/test/dhtest.c b/openssl/test/dhtest.c
index e69de29bb..9a67f9162 100644
--- a/openssl/test/dhtest.c
+++ b/openssl/test/dhtest.c
@@ -0,0 +1 @@
+../crypto/dh/dhtest.c
\ No newline at end of file
diff --git a/openssl/test/dsatest.c b/openssl/test/dsatest.c
index e69de29bb..16a1b5a34 100644
--- a/openssl/test/dsatest.c
+++ b/openssl/test/dsatest.c
@@ -0,0 +1 @@
+../crypto/dsa/dsatest.c
\ No newline at end of file
diff --git a/openssl/test/ecdhtest.c b/openssl/test/ecdhtest.c
index e69de29bb..206d98686 100644
--- a/openssl/test/ecdhtest.c
+++ b/openssl/test/ecdhtest.c
@@ -0,0 +1 @@
+../crypto/ecdh/ecdhtest.c
\ No newline at end of file
diff --git a/openssl/test/ecdsatest.c b/openssl/test/ecdsatest.c
index e69de29bb..441082ba2 100644
--- a/openssl/test/ecdsatest.c
+++ b/openssl/test/ecdsatest.c
@@ -0,0 +1 @@
+../crypto/ecdsa/ecdsatest.c
\ No newline at end of file
diff --git a/openssl/test/ectest.c b/openssl/test/ectest.c
index e69de29bb..df1831f81 100644
--- a/openssl/test/ectest.c
+++ b/openssl/test/ectest.c
@@ -0,0 +1 @@
+../crypto/ec/ectest.c
\ No newline at end of file
diff --git a/openssl/test/enginetest.c b/openssl/test/enginetest.c
index e69de29bb..5c74a6f41 100644
--- a/openssl/test/enginetest.c
+++ b/openssl/test/enginetest.c
@@ -0,0 +1 @@
+../crypto/engine/enginetest.c
\ No newline at end of file
diff --git a/openssl/test/evp_test.c b/openssl/test/evp_test.c
index e69de29bb..074162812 100644
--- a/openssl/test/evp_test.c
+++ b/openssl/test/evp_test.c
@@ -0,0 +1 @@
+../crypto/evp/evp_test.c
\ No newline at end of file
diff --git a/openssl/test/exptest.c b/openssl/test/exptest.c
index e69de29bb..50ccf71cb 100644
--- a/openssl/test/exptest.c
+++ b/openssl/test/exptest.c
@@ -0,0 +1 @@
+../crypto/bn/exptest.c
\ No newline at end of file
diff --git a/openssl/test/hmactest.c b/openssl/test/hmactest.c
index e69de29bb..353ee2c7f 100644
--- a/openssl/test/hmactest.c
+++ b/openssl/test/hmactest.c
@@ -0,0 +1 @@
+../crypto/hmac/hmactest.c
\ No newline at end of file
diff --git a/openssl/test/ideatest.c b/openssl/test/ideatest.c
index e69de29bb..a9bfb3d48 100644
--- a/openssl/test/ideatest.c
+++ b/openssl/test/ideatest.c
@@ -0,0 +1 @@
+../crypto/idea/ideatest.c
\ No newline at end of file
diff --git a/openssl/test/jpaketest.c b/openssl/test/jpaketest.c
index e69de29bb..49f44f8b6 100644
--- a/openssl/test/jpaketest.c
+++ b/openssl/test/jpaketest.c
@@ -0,0 +1 @@
+dummytest.c
\ No newline at end of file
diff --git a/openssl/test/maketests.com b/openssl/test/maketests.com
index 5dd797e35..386e5cf3c 100644
--- a/openssl/test/maketests.com
+++ b/openssl/test/maketests.com
@@ -25,7 +25,7 @@ $!	   VAXC	 For VAX C.
 $!	   DECC	 For DEC C.
 $!	   GNUC	 For GNU C.
 $!
-$!  If you don't speficy a compiler, it will try to determine which
+$!  If you don't specify a compiler, it will try to determine which
 $!  "C" compiler to use.
 $!
 $!  P3, if defined, sets a TCP/IP library to use, through one of the following
@@ -36,54 +36,88 @@ $!	SOCKETSHR	for SOCKETSHR+NETLIB
 $!
 $!  P4, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
 $!
-$!  For 64 bit architectures (Alpha and IA64), specify the pointer size as P5.
-$!  For 32 bit architectures (VAX), P5 is ignored.
-$!  Currently supported values are:
 $!
-$!	32	To ge a library compiled with /POINTER_SIZE=32
-$!	64	To ge a library compiled with /POINTER_SIZE=64
+$!  P5, if defined, specifies the C pointer size.  Ignored on VAX.
+$!      ("64=ARGV" gives more efficient code with HP C V7.3 or newer.)
+$!      Supported values are:
 $!
+$!      ""       Compile with default (/NOPOINTER_SIZE)
+$!      32       Compile with /POINTER_SIZE=32 (SHORT)
+$!      64       Compile with /POINTER_SIZE=64[=ARGV] (LONG[=ARGV])
+$!               (Automatically select ARGV if compiler supports it.)
+$!      64=      Compile with /POINTER_SIZE=64 (LONG).
+$!      64=ARGV  Compile with /POINTER_SIZE=64=ARGV (LONG=ARGV).
+$!
+$!  P6, if defined, specifies a directory where ZLIB files (zlib.h,
+$!  libz.olb) may be found.  Optionally, a non-default object library
+$!  name may be included ("dev:[dir]libz_64.olb", for example).
+$!
+$!
+$! Announce/identify.
+$!
+$ proc = f$environment( "procedure")
+$ write sys$output "@@@ "+ -
+   f$parse( proc, , , "name")+ f$parse( proc, , , "type")
 $!
 $! Define A TCP/IP Library That We Will Need To Link To.
-$! (That is, If Wee Need To Link To One.)
+$! (That is, If We Need To Link To One.)
 $!
 $ TCPIP_LIB = ""
+$ ZLIB_LIB = ""
 $!
 $! Check Which Architecture We Are Using.
 $!
-$ if (f$getsyi( "HW_MODEL") .lt. 1024)
+$ if (f$getsyi( "cpu") .lt. 128)
 $ then
-$    arch = "VAX"
+$    ARCH = "VAX"
 $ else
-$    arch = ""
-$    arch = arch+ f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$    if (arch .eqs. "") then arch = "UNK"
+$    ARCH = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
+$    if (ARCH .eqs. "") then ARCH = "UNK"
 $ endif
 $!
-$! Define The OBJ and EXE Directories (EXE before CHECK_OPTIONS).
-$!
-$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.TEST]
-$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.TEST]
+$ ARCHD = ARCH
+$ LIB32 = "32"
+$ OPT_FILE = ""
+$ POINTER_SIZE = ""
 $!
 $! Check To Make Sure We Have Valid Command Line Parameters.
 $!
 $ GOSUB CHECK_OPTIONS
 $!
+$! Define The OBJ and EXE Directories.
+$!
+$ OBJ_DIR := SYS$DISK:[-.'ARCHD'.OBJ.TEST]
+$ EXE_DIR := SYS$DISK:[-.'ARCHD'.EXE.TEST]
+$!
+$! Specify the destination directory in any /MAP option.
+$!
+$ if (LINKMAP .eqs. "MAP")
+$ then
+$   LINKMAP = LINKMAP+ "=''EXE_DIR'"
+$ endif
+$!
+$! Add the location prefix to the linker options file name.
+$!
+$ if (OPT_FILE .nes. "")
+$ then
+$   OPT_FILE = EXE_DIR+ OPT_FILE
+$ endif
+$!
 $! Initialise logical names and such
 $!
 $ GOSUB INITIALISE
 $!
 $! Tell The User What Kind of Machine We Run On.
 $!
-$ WRITE SYS$OUTPUT "Compiling On ''ARCH'."
+$ WRITE SYS$OUTPUT "Host system architecture: ''ARCHD'"
 $!
 $! Define The CRYPTO-LIB We Are To Use.
 $!
-$ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO'LIB32'.OLB
+$ CRYPTO_LIB := SYS$DISK:[-.'ARCHD'.EXE.CRYPTO]SSL_LIBCRYPTO'LIB32'.OLB
 $!
 $! Define The SSL We Are To Use.
 $!
-$ SSL_LIB := SYS$DISK:[-.'ARCH'.EXE.SSL]LIBSSL'LIB32'.OLB
+$ SSL_LIB := SYS$DISK:[-.'ARCHD'.EXE.SSL]SSL_LIBSSL'LIB32'.OLB
 $!
 $! Create the OBJ and EXE Directories, if needed.
 $!
@@ -231,33 +265,15 @@ $!
 $! Link The Program, Check To See If We Need To Link With RSAREF Or Not.
 $! Check To See If We Are To Link With A Specific TCP/IP Library.
 $!
-$ IF (TCPIP_LIB.NES."")
-$ THEN
-$!
 $!  Don't Link With The RSAREF Routines And TCP/IP Library.
 $!
-$   LINK /'DEBUGGER' /'TRACEBACK' /EXECTABLE = 'EXE_FILE' -
-	'OBJECT_FILE', -
-	'SSL_LIB' /LIBRARY, -
-	'CRYPTO_LIB' /LIBRARY, -
-	'TCPIP_LIB', -
-	'OPT_FILE' /OPTIONS
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$!  Don't Link With The RSAREF Routines And Link With A TCP/IP Library.
-$!
-$   LINK /'DEBUGGER' /'TRACEBACK' /EXECUTABLE = 'EXE_FILE' -
-	'OBJECT_FILE', -
-	'SSL_LIB' /LIBRARY, -
-	'CRYPTO_LIB' /LIBRARY, -
-	'OPT_FILE' /OPTIONS
-$!
-$! End The TCP/IP Library Check.
-$!
-$ ENDIF
+$ LINK /'DEBUGGER' /'LINKMAP' /'TRACEBACK' /EXECTABLE = 'EXE_FILE' -
+   'OBJECT_FILE', -
+   'SSL_LIB' /LIBRARY, -
+   'CRYPTO_LIB' /LIBRARY -
+   'TCPIP_LIB' -
+   'ZLIB_LIB' -
+   ,'OPT_FILE' /OPTIONS
 $!
 $! Go Back And Do It Again.
 $!
@@ -321,7 +337,7 @@ $!
 $     CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File To Link Agianst 
+! Default System Options File To Link Against 
 ! The Sharable C Runtime Library.
 !
 GNU_CC:[000000]GCCLIB.OLB /LIBRARY
@@ -356,7 +372,7 @@ $!
 $       CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File To Link Agianst 
+! Default System Options File To Link Against 
 ! The Sharable DEC C Runtime Library.
 !
 SYS$SHARE:DECC$SHR.EXE /SHAREABLE
@@ -371,7 +387,7 @@ $!
 $       CREATE 'OPT_FILE'
 $DECK
 !
-! Default System Options File For non-VAX To Link Agianst 
+! Default System Options File For non-VAX To Link Against 
 ! The Sharable C Runtime Library.
 !
 SYS$SHARE:CMA$OPEN_LIB_SHR.EXE /SHAREABLE
@@ -450,19 +466,24 @@ $! Check The User's Options.
 $!
 $ CHECK_OPTIONS:
 $!
+$! Set basic C compiler /INCLUDE directories.
+$!
+$ CC_INCLUDES = "SYS$DISK:[-],SYS$DISK:[-.CRYPTO]"
+$!
 $! Check To See If P1 Is Blank.
 $!
 $ IF (P1.EQS."NODEBUG")
 $ THEN
 $!
-$!   P1 Is NODEBUG, So Compile Without Debugger Information.
+$!  P1 Is NODEBUG, So Compile Without Debugger Information.
 $!
-$    DEBUGGER  = "NODEBUG"
-$    TRACEBACK = "NOTRACEBACK" 
-$    GCC_OPTIMIZE = "OPTIMIZE"
-$    CC_OPTIMIZE = "OPTIMIZE"
-$    WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
-$    WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
+$   DEBUGGER  = "NODEBUG"
+$   LINKMAP = "NOMAP"
+$   TRACEBACK = "NOTRACEBACK" 
+$   GCC_OPTIMIZE = "OPTIMIZE"
+$   CC_OPTIMIZE = "OPTIMIZE"
+$   WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
+$   WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
 $!
 $! Else...
 $!
@@ -476,6 +497,7 @@ $!
 $!    Compile With Debugger Information.
 $!
 $     DEBUGGER  = "DEBUG"
+$     LINKMAP = "MAP"
 $     TRACEBACK = "TRACEBACK"
 $     GCC_OPTIMIZE = "NOOPTIMIZE"
 $     CC_OPTIMIZE = "NOOPTIMIZE"
@@ -486,7 +508,7 @@ $!  Else...
 $!
 $   ELSE
 $!
-$!    Tell The User Entered An Invalid Option..
+$!    Tell The User Entered An Invalid Option.
 $!
 $     WRITE SYS$OUTPUT ""
 $     WRITE SYS$OUTPUT "The Option ",P1," Is Invalid.  The Valid Options Are:"
@@ -499,7 +521,7 @@ $!    Time To EXIT.
 $!
 $     EXIT
 $!
-$!  End The Valid Arguement Check.
+$!  End The Valid Argument Check.
 $!
 $   ENDIF
 $!
@@ -507,55 +529,79 @@ $! End The P1 Check.
 $!
 $ ENDIF
 $!
-$! Check To See If P5 Is Blank.
+$! Check P5 (POINTER_SIZE).
 $!
-$ IF (P5.EQS."")
+$ IF (P5 .NES. "") .AND. (ARCH .NES. "VAX")
 $ THEN
-$   POINTER_SIZE = ""
-$ ELSE
-$!
-$!  Check is P5 Is Valid
 $!
-$   IF (P5.EQS."32")
+$   IF (P5 .EQS. "32")
 $   THEN
-$     POINTER_SIZE = "/POINTER_SIZE=32"
-$     IF ARCH .EQS. "VAX"
-$     THEN
-$       LIB32 = ""
-$     ELSE
-$       LIB32 = "32"
-$     ENDIF
+$     POINTER_SIZE = " /POINTER_SIZE=32"
 $   ELSE
-$     IF (P5.EQS."64")
+$     POINTER_SIZE = F$EDIT( P5, "COLLAPSE, UPCASE")
+$     IF ((POINTER_SIZE .EQS. "64") .OR. -
+       (POINTER_SIZE .EQS. "64=") .OR. -
+       (POINTER_SIZE .EQS. "64=ARGV"))
 $     THEN
+$       ARCHD = ARCH+ "_64"
 $       LIB32 = ""
-$       IF ARCH .EQS. "VAX"
+$       IF (F$EXTRACT( 2, 1, POINTER_SIZE) .EQS. "=")
 $       THEN
-$         POINTER_SIZE = "/POINTER_SIZE=32"
+$!        Explicit user choice: "64" or "64=ARGV".
+$         IF (POINTER_SIZE .EQS. "64=") THEN POINTER_SIZE = "64"
 $       ELSE
-$         POINTER_SIZE = "/POINTER_SIZE=64"
+$         SET NOON
+$         DEFINE /USER_MODE SYS$OUTPUT NL:
+$         DEFINE /USER_MODE SYS$ERROR NL:
+$         CC /NOLIST /NOOBJECT /POINTER_SIZE=64=ARGV NL:
+$         IF ($STATUS .AND. %X0FFF0000) .EQ. %X00030000
+$         THEN
+$           ! If we got here, it means DCL complained like this:
+$           ! %DCL-W-NOVALU, value not allowed - remove value specification
+$           !  \64=\
+$           !
+$           ! If the compiler was run, logicals defined in /USER would
+$           ! have been deassigned automatically.  However, when DCL
+$           ! complains, they aren't, so we do it here (it might be
+$           ! unnecessary, but just in case there will be another error
+$           ! message further on that we don't want to miss)
+$           DEASSIGN /USER_MODE SYS$ERROR
+$           DEASSIGN /USER_MODE SYS$OUTPUT
+$         ELSE
+$           POINTER_SIZE = POINTER_SIZE + "=ARGV"
+$         ENDIF
+$         SET ON
 $       ENDIF
+$       POINTER_SIZE = " /POINTER_SIZE=''POINTER_SIZE'"
 $     ELSE
 $!
-$!      Tell The User Entered An Invalid Option..
+$!      Tell The User Entered An Invalid Option.
 $!
 $       WRITE SYS$OUTPUT ""
-$       WRITE SYS$OUTPUT "The Option ",P5," Is Invalid.  The Valid Options Are:"
+$       WRITE SYS$OUTPUT "The Option ", P5, -
+         " Is Invalid.  The Valid Options Are:"
 $       WRITE SYS$OUTPUT ""
-$       WRITE SYS$OUTPUT "    32  :  Compile with 32 bit pointer size"
-$       WRITE SYS$OUTPUT "    64  :  Compile with 64 bit pointer size"
+$       WRITE SYS$OUTPUT -
+         "    """"  :  Compile with default (short) pointers."
+$       WRITE SYS$OUTPUT -
+         "    32  :  Compile with 32-bit (short) pointers."
+$       WRITE SYS$OUTPUT -
+         "    64       :  Compile with 64-bit (long) pointers (auto ARGV)."
+$       WRITE SYS$OUTPUT -
+         "    64=      :  Compile with 64-bit (long) pointers (no ARGV)."
+$       WRITE SYS$OUTPUT -
+         "    64=ARGV  :  Compile with 64-bit (long) pointers (ARGV)."
 $       WRITE SYS$OUTPUT ""
-$!
+$! 
 $!      Time To EXIT.
 $!
-$       GOTO TIDY
-$!
-$!      End The Valid Arguement Check.
+$       EXIT
 $!
 $     ENDIF
+$!
 $   ENDIF
 $!
-$! End The P5 Check.
+$! End The P5 (POINTER_SIZE) Check.
 $!
 $ ENDIF
 $!
@@ -659,11 +705,64 @@ $ CCDEFS = "TCPIP_TYPE_''P3'"
 $ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
 $ CCEXTRAFLAGS = ""
 $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
+$ CCDISABLEWARNINGS = "" !!! "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
 $ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
 	CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
 $!
-$!  Check To See If The User Entered A Valid Paramter.
+$! Check To See If We Have A ZLIB Option.
+$!
+$ ZLIB = P6
+$ IF (ZLIB .NES. "")
+$ THEN
+$!
+$!  Check for expected ZLIB files.
+$!
+$   err = 0
+$   file1 = f$parse( "zlib.h", ZLIB, , , "SYNTAX_ONLY")
+$   if (f$search( file1) .eqs. "")
+$   then
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid."
+$     WRITE SYS$OUTPUT "    Can't find header: ''file1'"
+$     err = 1
+$   endif
+$   file1 = f$parse( "A.;", ZLIB)- "A.;"
+$!
+$   file2 = f$parse( ZLIB, "libz.olb", , , "SYNTAX_ONLY")
+$   if (f$search( file2) .eqs. "")
+$   then
+$     if (err .eq. 0)
+$     then
+$       WRITE SYS$OUTPUT ""
+$       WRITE SYS$OUTPUT "The Option ", ZLIB, " Is Invalid."
+$     endif
+$     WRITE SYS$OUTPUT "    Can't find library: ''file2'"
+$     WRITE SYS$OUTPUT ""
+$     err = err+ 2
+$   endif
+$   if (err .eq. 1)
+$   then
+$     WRITE SYS$OUTPUT ""
+$   endif
+$!
+$   if (err .ne. 0)
+$   then
+$     GOTO EXIT
+$   endif
+$!
+$   CCDEFS = """ZLIB=1"", "+ CCDEFS
+$   CC_INCLUDES = CC_INCLUDES+ ", "+ file1
+$   ZLIB_LIB = ", ''file2' /library"
+$!
+$!  Print info
+$!
+$   WRITE SYS$OUTPUT "ZLIB library spec: ", file2
+$!
+$! End The P8 Check.
+$!
+$ ENDIF
+$!
+$!  Check To See If The User Entered A Valid Parameter.
 $!
 $ IF (P2.EQS."VAXC").OR.(P2.EQS."DECC").OR.(P2.EQS."GNUC")
 $ THEN
@@ -686,13 +785,13 @@ $!
 $     CC = "CC"
 $     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
 	 THEN CC = "CC /DECC"
-$     CC = CC + "/''CC_OPTIMIZE' /''DEBUGGER' /STANDARD=ANSI89 ''POINTER_SIZE'" + -
-           "/NOLIST /PREFIX=ALL" + -
-	   "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS
+$     CC = CC + " /''CC_OPTIMIZE' /''DEBUGGER' /STANDARD=RELAXED"+ -
+       "''POINTER_SIZE' /NOLIST /PREFIX=ALL" + -
+       " /INCLUDE=(''CC_INCLUDES') " + CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT"
+$     OPT_FILE = "VAX_DECC_OPTIONS.OPT"
 $!
 $!  End DECC Check.
 $!
@@ -721,7 +820,7 @@ $	EXIT
 $     ENDIF
 $     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC /VAXC"
 $     CC = CC + "/''CC_OPTIMIZE' /''DEBUGGER' /NOLIST" + -
-	   "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS
+	   "/INCLUDE=(''CC_INCLUDES')" + CCEXTRAFLAGS
 $     CCDEFS = CCDEFS + ",""VAXC"""
 $!
 $!    Define <sys> As SYS$COMMON:[SYSLIB]
@@ -730,7 +829,7 @@ $     DEFINE /NOLOG SYS SYS$COMMON:[SYSLIB]
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT"
+$     OPT_FILE = "VAX_VAXC_OPTIONS.OPT"
 $!
 $!  End VAXC Check
 $!
@@ -752,11 +851,11 @@ $!
 $!    Use GNU C...
 $!
 $     CC = "GCC /NOCASE_HACK /''GCC_OPTIMIZE' /''DEBUGGER' /NOLIST" + -
-	   "/INCLUDE=(SYS$DISK:[-],SYS$DISK:[-.CRYPTO])" + CCEXTRAFLAGS
+	   "/INCLUDE=(''CC_INCLUDES')" + CCEXTRAFLAGS
 $!
 $!    Define The Linker Options File Name.
 $!
-$     OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT"
+$     OPT_FILE = "VAX_GNUC_OPTIONS.OPT"
 $!
 $!  End The GNU C Check.
 $!
@@ -775,20 +874,20 @@ $     THEN
 $       CC4DISABLEWARNINGS = "DOLLARID"
 $     ELSE
 $       CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID"
-$       CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
+$       CCDISABLEWARNINGS = " /WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
 $     ENDIF
-$     CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
+$     CC4DISABLEWARNINGS = " /WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
 $   ELSE
 $     CCDISABLEWARNINGS = ""
 $     CC4DISABLEWARNINGS = ""
 $   ENDIF
-$   CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
+$   CC = CC + " /DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
 $!
 $!  Show user the result
 $!
 $   WRITE /SYMBOL SYS$OUTPUT "Main Compiling Command: ", CC
 $!
-$!  Else The User Entered An Invalid Arguement.
+$!  Else The User Entered An Invalid Argument.
 $!
 $ ELSE
 $!
@@ -820,7 +919,7 @@ $   THEN
 $!
 $!    Set the library to use SOCKETSHR
 $!
-$     TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT /OPTIONS"
+$     TCPIP_LIB = ",SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT /OPTIONS"
 $!
 $!    Done with SOCKETSHR
 $!
@@ -846,13 +945,13 @@ $   THEN
 $!
 $!    Set the library to use UCX.
 $!
-$     TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT /OPTIONS"
+$     TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT /OPTIONS"
 $     IF F$TRNLNM("UCX$IPC_SHR") .NES. ""
 $     THEN
-$       TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT /OPTIONS"
+$       TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT /OPTIONS"
 $     ELSE
 $       IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN -
-	  TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT /OPTIONS"
+	  TCPIP_LIB = ",SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT /OPTIONS"
 $     ENDIF
 $!
 $!    Done with UCX
@@ -866,7 +965,7 @@ $   THEN
 $!
 $!    Set the library to use TCPIP (post UCX).
 $!
-$     TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT /OPTIONS"
+$     TCPIP_LIB = ",SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT /OPTIONS"
 $!
 $!    Done with TCPIP
 $!
@@ -887,9 +986,9 @@ $   ENDIF
 $!
 $!  Print info
 $!
-$   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB
+$   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB- ","
 $!
-$!  Else The User Entered An Invalid Arguement.
+$!  Else The User Entered An Invalid Argument.
 $!
 $ ELSE
 $!
diff --git a/openssl/test/md2test.c b/openssl/test/md2test.c
index e69de29bb..49f44f8b6 100644
--- a/openssl/test/md2test.c
+++ b/openssl/test/md2test.c
@@ -0,0 +1 @@
+dummytest.c
\ No newline at end of file
diff --git a/openssl/test/md4test.c b/openssl/test/md4test.c
index e69de29bb..1509be911 100644
--- a/openssl/test/md4test.c
+++ b/openssl/test/md4test.c
@@ -0,0 +1 @@
+../crypto/md4/md4test.c
\ No newline at end of file
diff --git a/openssl/test/md5test.c b/openssl/test/md5test.c
index e69de29bb..20f4aaf0a 100644
--- a/openssl/test/md5test.c
+++ b/openssl/test/md5test.c
@@ -0,0 +1 @@
+../crypto/md5/md5test.c
\ No newline at end of file
diff --git a/openssl/test/mdc2test.c b/openssl/test/mdc2test.c
index e69de29bb..c4ffe4835 100644
--- a/openssl/test/mdc2test.c
+++ b/openssl/test/mdc2test.c
@@ -0,0 +1 @@
+../crypto/mdc2/mdc2test.c
\ No newline at end of file
diff --git a/openssl/test/randtest.c b/openssl/test/randtest.c
index e69de29bb..a2b107a2b 100644
--- a/openssl/test/randtest.c
+++ b/openssl/test/randtest.c
@@ -0,0 +1 @@
+../crypto/rand/randtest.c
\ No newline at end of file
diff --git a/openssl/test/rc2test.c b/openssl/test/rc2test.c
index e69de29bb..5c53ad984 100644
--- a/openssl/test/rc2test.c
+++ b/openssl/test/rc2test.c
@@ -0,0 +1 @@
+../crypto/rc2/rc2test.c
\ No newline at end of file
diff --git a/openssl/test/rc4test.c b/openssl/test/rc4test.c
index e69de29bb..061ac3773 100644
--- a/openssl/test/rc4test.c
+++ b/openssl/test/rc4test.c
@@ -0,0 +1 @@
+../crypto/rc4/rc4test.c
\ No newline at end of file
diff --git a/openssl/test/rc5test.c b/openssl/test/rc5test.c
index e69de29bb..49f44f8b6 100644
--- a/openssl/test/rc5test.c
+++ b/openssl/test/rc5test.c
@@ -0,0 +1 @@
+dummytest.c
\ No newline at end of file
diff --git a/openssl/test/rmdtest.c b/openssl/test/rmdtest.c
index e69de29bb..ce6646065 100644
--- a/openssl/test/rmdtest.c
+++ b/openssl/test/rmdtest.c
@@ -0,0 +1 @@
+../crypto/ripemd/rmdtest.c
\ No newline at end of file
diff --git a/openssl/test/rsa_test.c b/openssl/test/rsa_test.c
index e69de29bb..aaea20d98 100644
--- a/openssl/test/rsa_test.c
+++ b/openssl/test/rsa_test.c
@@ -0,0 +1 @@
+../crypto/rsa/rsa_test.c
\ No newline at end of file
diff --git a/openssl/test/sha1test.c b/openssl/test/sha1test.c
index e69de29bb..8d66e9ee4 100644
--- a/openssl/test/sha1test.c
+++ b/openssl/test/sha1test.c
@@ -0,0 +1 @@
+../crypto/sha/sha1test.c
\ No newline at end of file
diff --git a/openssl/test/sha256t.c b/openssl/test/sha256t.c
index e69de29bb..952a50867 100644
--- a/openssl/test/sha256t.c
+++ b/openssl/test/sha256t.c
@@ -0,0 +1 @@
+../crypto/sha/sha256t.c
\ No newline at end of file
diff --git a/openssl/test/sha512t.c b/openssl/test/sha512t.c
index e69de29bb..c80d152f1 100644
--- a/openssl/test/sha512t.c
+++ b/openssl/test/sha512t.c
@@ -0,0 +1 @@
+../crypto/sha/sha512t.c
\ No newline at end of file
diff --git a/openssl/test/shatest.c b/openssl/test/shatest.c
index e69de29bb..43cfda78f 100644
--- a/openssl/test/shatest.c
+++ b/openssl/test/shatest.c
@@ -0,0 +1 @@
+../crypto/sha/shatest.c
\ No newline at end of file
diff --git a/openssl/test/ssltest.c b/openssl/test/ssltest.c
index e69de29bb..40191f0da 100644
--- a/openssl/test/ssltest.c
+++ b/openssl/test/ssltest.c
@@ -0,0 +1 @@
+../ssl/ssltest.c
\ No newline at end of file
diff --git a/openssl/test/tcrl.com b/openssl/test/tcrl.com
index 1f606eb85..dd96a2b6d 100644
--- a/openssl/test/tcrl.com
+++ b/openssl/test/tcrl.com
@@ -1,14 +1,17 @@
 $! TCRL.COM  --  Tests crl keys
 $
-$	__arch := VAX
+$	__arch = "VAX"
 $	if f$getsyi("cpu") .ge. 128 then -
 	   __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$	if __arch .eqs. "" then __arch := UNK
-$	exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$	if __arch .eqs. "" then __arch = "UNK"
+$!
+$	if (p2 .eqs. "64") then __arch = __arch+ "_64"
+$!
+$	exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
 $
-$	cmd := mcr 'exe_dir'openssl crl
+$	cmd = "mcr ''exe_dir'openssl crl"
 $
-$	t := testcrl.pem
+$	t = "testcrl.pem"
 $	if p1 .nes. "" then t = p1
 $
 $	write sys$output "testing CRL conversions"
diff --git a/openssl/test/testca.com b/openssl/test/testca.com
index ec7e56dad..78cda9ec5 100644
--- a/openssl/test/testca.com
+++ b/openssl/test/testca.com
@@ -1,11 +1,13 @@
 $! TESTCA.COM
 $
-$	__arch := VAX
+$	__arch = "VAX"
 $	if f$getsyi("cpu") .ge. 128 then -
 	   __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$	if __arch .eqs. "" then __arch := UNK
+$	if __arch .eqs. "" then __arch = "UNK"
+$!
+$       if (p1 .eqs. "64") then __arch = __arch+ "_64"
 $
-$	openssl := mcr 'exe_dir'openssl
+$	openssl = "mcr ''exe_dir'openssl"
 $
 $	SSLEAY_CONFIG="-config ""CAss.cnf"""
 $
diff --git a/openssl/test/testenc.com b/openssl/test/testenc.com
index 621d9a212..75acd6f07 100644
--- a/openssl/test/testenc.com
+++ b/openssl/test/testenc.com
@@ -1,13 +1,16 @@
 $! TESTENC.COM  --  Test encoding and decoding
 $
-$	__arch := VAX
+$	__arch = "VAX"
 $	if f$getsyi("cpu") .ge. 128 then -
 	   __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$	if __arch .eqs. "" then __arch := UNK
+$	if __arch .eqs. "" then __arch = "UNK"
+$!
+$	if (p1 .eqs. 64) then __arch = __arch+ "_64"
 $
-$	testsrc := makefile.
-$	test := p.txt
-$	cmd := mcr 'exe_dir'openssl
+$	exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
+$	testsrc = "makefile."
+$	test = "p.txt"
+$	cmd = "mcr ''exe_dir'openssl"
 $
 $	if f$search(test) .nes. "" then delete 'test';*
 $	convert/fdl=sys$input: 'testsrc' 'test'
diff --git a/openssl/test/testgen.com b/openssl/test/testgen.com
index a4bc574be..e076da2f3 100644
--- a/openssl/test/testgen.com
+++ b/openssl/test/testgen.com
@@ -1,14 +1,15 @@
-$! TETSGEN.COM
+$! TESTGEN.COM
 $
-$	__arch := VAX
+$	__arch = "VAX"
 $	if f$getsyi("cpu") .ge. 128 then -
 	   __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$	if __arch .eqs. "" then __arch := UNK
-$	exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$	if __arch .eqs. "" then __arch = "UNK"
+$	if (p1 .eqs. 64) then __arch = __arch+ "_64"
+$	exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
 $
-$	T := testcert
+$	T = "testcert"
 $	KEY = 512
-$	CA := [-.certs]testca.pem
+$	CA = "[-.certs]testca.pem"
 $
 $	set noon
 $	if f$search(T+".1;*") .nes. "" then delete 'T'.1;*
@@ -20,7 +21,8 @@ $	write sys$output "generating certificate request"
 $
 $	append/new nl: .rnd
 $	open/append random_file .rnd
-$	write random_file "string to make the random number generator think it has entropy"
+$	write random_file -
+	 "string to make the random number generator think it has entropy"
 $	close random_file
 $
 $	set noon
@@ -33,8 +35,10 @@ $	then
 $	    req_new="-newkey dsa:[-.apps]dsa512.pem"
 $	else
 $	    req_new="-new"
-$	    write sys$output "There should be a 2 sequences of .'s and some +'s."
-$	    write sys$output "There should not be more that at most 80 per line"
+$	    write sys$output -
+	     "There should be a 2 sequences of .'s and some +'s."
+$	    write sys$output -
+	     "There should not be more that at most 80 per line"
 $	endif
 $
 $	write sys$output "This could take some time."
diff --git a/openssl/test/tests.com b/openssl/test/tests.com
index f3193d026..373dd16ea 100644
--- a/openssl/test/tests.com
+++ b/openssl/test/tests.com
@@ -1,16 +1,32 @@
 $! TESTS.COM  --  Performs the necessary tests
 $!
 $! P1	tests to be performed.  Empty means all.
-$
+$! P2	Pointer size: "", "32", or "64".
+$!
+$! Announce/identify.
+$!
+$	proc = f$environment( "procedure")
+$	write sys$output "@@@ "+ -
+	 f$parse( proc, , , "name")+ f$parse( proc, , , "type")
+$!
 $	__proc = f$element(0,";",f$environment("procedure"))
 $	__here = f$parse(f$parse("A.;",__proc) - "A.;","[]A.;") - "A.;"
 $	__save_default = f$environment("default")
-$	__arch := VAX
+$	__arch = "VAX"
 $	if f$getsyi("cpu") .ge. 128 then -
 	   __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$	if __arch .eqs. "" then __arch := UNK
-$	texe_dir := sys$disk:[-.'__arch'.exe.test]
-$	exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$	if __arch .eqs. "" then __arch = "UNK"
+$!
+$	__archd = __arch
+$       pointer_size = ""
+$	if (p2 .eq. "64")
+$	then
+$	  pointer_size = "64"
+$	  __archd = __arch+ "_64"
+$	endif
+$!
+$	texe_dir := sys$disk:[-.'__archd'.exe.test]
+$	exe_dir := sys$disk:[-.'__archd'.exe.apps]
 $
 $	set default '__here'
 $
@@ -76,7 +92,7 @@ $	EVPTEST :=	evp_test
 $	IGETEST :=	igetest
 $	JPAKETEST :=	jpaketest
 $	ASN1TEST :=	asn1test
-$
+$!
 $	tests_i = 0
 $ loop_tests:
 $	tests_e = f$element(tests_i,",",tests)
@@ -139,58 +155,69 @@ $ test_rand:
 $	mcr 'texe_dir''randtest'
 $	return
 $ test_enc:
-$	@testenc.com
+$	@testenc.com 'pointer_size'
 $	return
 $ test_x509:
-$	define sys$error nla0:
+$	set noon
+$	define sys$error test_x509.err
 $	write sys$output "test normal x509v1 certificate"
-$	@tx509.com
+$	@tx509.com "" 'pointer_size'
 $	write sys$output "test first x509v3 certificate"
-$	@tx509.com v3-cert1.pem
+$	@tx509.com v3-cert1.pem 'pointer_size'
 $	write sys$output "test second x509v3 certificate"
-$	@tx509.com v3-cert2.pem
+$	@tx509.com v3-cert2.pem 'pointer_size'
 $	deassign sys$error
+$	set on
 $	return
 $ test_rsa:
-$	define sys$error nla0:
-$	@trsa.com
+$	set noon
+$	define sys$error test_rsa.err
+$	@trsa.com "" 'pointer_size'
 $	deassign sys$error
 $	mcr 'texe_dir''rsatest'
+$	set on
 $	return
 $ test_crl:
-$	define sys$error nla0:
-$	@tcrl.com
+$	set noon
+$	define sys$error test_crl.err
+$	@tcrl.com "" 'pointer_size'
 $	deassign sys$error
+$	set on
 $	return
 $ test_sid:
-$	define sys$error nla0:
-$	@tsid.com
+$	set noon
+$	define sys$error test_sid.err
+$	@tsid.com "" 'pointer_size'
 $	deassign sys$error
+$	set on
 $	return
 $ test_req:
-$	define sys$error nla0:
-$	@treq.com
-$	@treq.com testreq2.pem
+$	set noon
+$	define sys$error test_req.err
+$	@treq.com "" 'pointer_size'
+$	@treq.com testreq2.pem 'pointer_size'
 $	deassign sys$error
+$	set on
 $	return
 $ test_pkcs7:
-$	define sys$error nla0:
-$	@tpkcs7.com
-$	@tpkcs7d.com
+$	set noon
+$	define sys$error test_pkcs7.err
+$	@tpkcs7.com "" 'pointer_size'
+$	@tpkcs7d.com "" 'pointer_size'
 $	deassign sys$error
+$	set on
 $	return
 $ test_bn:
 $	write sys$output -
 	      "starting big number library test, could take a while..."
 $	set noon
-$	define sys$error nl:
-$	define sys$output nl:
+$	define sys$error test_bn.err
+$	define sys$output test_bn.out
 $	@ bctest.com
 $	status = $status
 $	deassign sys$error
 $	deassign sys$output
-$	on control_y then goto exit
-$	on error then goto exit
+$	set on
 $	if (status)
 $	then
 $	    create /fdl = sys$input bntest-vms.tmp
@@ -219,7 +246,7 @@ RECORD
 $	    open /append bntest_file bntest-vms.sh
 $	    type /output = bntest_file sys$input:
 << __FOO__ sh -c "`sh ./bctest`" | perl -e '$i=0; while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $1";} elsif (!/^0$/) {die "\nFailed! bc: $_";} else {print STDERR "."; $i++;}} print STDERR "\n$i tests passed\n"'
-$	    define/user sys$output bntest-vms.tmp
+$	    define /user_mode sys$output bntest-vms.tmp
 $	    mcr 'texe_dir''bntest'
 $	    copy bntest-vms.tmp bntest_file
 $	    delete bntest-vms.tmp;*
@@ -249,7 +276,7 @@ $	return
 $ test_verify:
 $	write sys$output "The following command should have some OK's and some failures"
 $	write sys$output "There are definitly a few expired certificates"
-$	@tverify.com
+$	@tverify.com 'pointer_size'
 $	return
 $ test_dh:
 $	write sys$output "Generate a set of DH parameters"
@@ -261,7 +288,7 @@ $	mcr 'texe_dir''dsatest'
 $	return
 $ test_gen:
 $	write sys$output "Generate and verify a certificate request"
-$	@testgen.com
+$	@testgen.com 'pointer_size'
 $	return
 $ maybe_test_ss:
 $	testss_RDT = f$cvtime(f$file_attributes("testss.com","RDT"))
@@ -274,7 +301,7 @@ $	if f$cvtime(f$file_attributes("certCA.ss","RDT")) .les. testss_RDT then -
 $	return
 $ test_ss:
 $	write sys$output "Generate and certify a test certificate"
-$	@testss.com
+$	@testss.com 'pointer_size'
 $	return
 $ test_engine: 
 $	write sys$output "Manipulate the ENGINE structures"
@@ -283,11 +310,11 @@ $	return
 $ test_ssl:
 $	write sys$output "test SSL protocol"
 $	gosub maybe_test_ss
-$	@testssl.com keyU.ss certU.ss certCA.ss
+$	@testssl.com keyU.ss certU.ss certCA.ss 'pointer_size'
 $	return
 $ test_ca:
 $	set noon
-$	define/user sys$output nla0:
+$	define /user_mode sys$output test_ca.out
 $	mcr 'exe_dir'openssl no-rsa
 $	save_severity=$SEVERITY
 $	set on
@@ -296,7 +323,7 @@ $	then
 $	    write sys$output "skipping CA.com test -- requires RSA"
 $	else
 $	    write sys$output "Generate and certify a test certificate via the 'ca' program"
-$	    @testca.com
+$	    @testca.com 'pointer_size'
 $	endif
 $	return
 $ test_aes: 
@@ -305,7 +332,7 @@ $!	!mcr 'texe_dir''aestest'
 $	return
 $ test_tsa:
 $	set noon
-$	define/user sys$output nla0:
+$	define /user_mode sys$output nla0:
 $	mcr 'exe_dir'openssl no-rsa
 $	save_severity=$SEVERITY
 $	set on
@@ -313,7 +340,7 @@ $	if save_severity
 $	then
 $	    write sys$output "skipping testtsa.com test -- requires RSA"
 $	else
-$	    @testtsa.com
+$	    @testtsa.com "" "" "" 'pointer_size'
 $	endif
 $	return
 $ test_ige: 
@@ -326,8 +353,8 @@ $	mcr 'texe_dir''jpaketest'
 $	return
 $ test_cms:
 $	write sys$output "CMS consistency test"
-$	! The following makes perl include the DCL symbol table in the env.
-$	define/user perl_env_tables clisym_local,lnm$file_dev,ctrl_env
+$	! Define the logical name used to find openssl.exe in the perl script.
+$	define /user_mode osslx 'exe_dir'
 $	perl CMS-TEST.PL
 $	return
 $
diff --git a/openssl/test/testss.com b/openssl/test/testss.com
index 6598106b0..32a74d0fc 100644
--- a/openssl/test/testss.com
+++ b/openssl/test/testss.com
@@ -1,16 +1,19 @@
 $! TESTSS.COM
 $
-$	__arch := VAX
+$	__arch = "VAX"
 $	if f$getsyi("cpu") .ge. 128 then -
 	   __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$	if __arch .eqs. "" then __arch := UNK
-$	exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$	if __arch .eqs. "" then __arch = "UNK"
+$!
+$	if (p1 .eqs. "64") then __arch = __arch+ "_64"
+$!
+$	exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
 $
 $	digest="-md5"
-$	reqcmd := mcr 'exe_dir'openssl req
-$	x509cmd := mcr 'exe_dir'openssl x509 'digest'
-$	verifycmd := mcr 'exe_dir'openssl verify
-$	dummycnf := sys$disk:[-.apps]openssl-vms.cnf
+$	reqcmd = "mcr ''exe_dir'openssl req"
+$	x509cmd = "mcr ''exe_dir'openssl x509 ''digest'"
+$	verifycmd = "mcr ''exe_dir'openssl verify"
+$	dummycnf = "sys$disk:[-.apps]openssl-vms.cnf"
 $
 $	CAkey="""keyCA.ss"""
 $	CAcert="""certCA.ss"""
diff --git a/openssl/test/testssl.com b/openssl/test/testssl.com
index 88580291f..f19edc471 100644
--- a/openssl/test/testssl.com
+++ b/openssl/test/testssl.com
@@ -1,11 +1,14 @@
 $! TESTSSL.COM
 $
-$	__arch := VAX
+$	__arch = "VAX"
 $	if f$getsyi("cpu") .ge. 128 then -
 	   __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$	if __arch .eqs. "" then __arch := UNK
-$	texe_dir := sys$disk:[-.'__arch'.exe.test]
-$	exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$	if __arch .eqs. "" then __arch = "UNK"
+$!
+$	if (p4 .eqs. "64") then __arch = __arch+ "_64"
+$!
+$	texe_dir = "sys$disk:[-.''__arch'.exe.test]"
+$	exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
 $
 $	if p1 .eqs. ""
 $	then
@@ -19,8 +22,9 @@ $	    cert="[-.apps]server.pem"
 $	else
 $	    cert=p2
 $	endif
-$	ssltest := mcr 'texe_dir'ssltest -key 'key' -cert 'cert' -c_key 'key' -c_cert 'cert'
-$
+$	ssltest = "mcr ''texe_dir'ssltest -key ''key'"+ -
+	 " -cert ''cert' -c_key ''key' -c_cert ''cert'"
+$!
 $	set noon
 $	define/user sys$output testssl-x509-output.
 $	define/user sys$error nla0:
@@ -29,9 +33,9 @@ $	define/user sys$error nla0:
 $	search/output=nla0: testssl-x509-output. "DSA Public Key"/exact
 $	if $severity .eq. 1
 $	then
-$	    dsa_cert := YES
+$	    dsa_cert = "YES"
 $	else
-$	    dsa_cert := NO
+$	    dsa_cert = "NO"
 $	endif
 $	delete testssl-x509-output.;*
 $
diff --git a/openssl/test/testtsa.com b/openssl/test/testtsa.com
index 2ca1adac5..29fb1d0e6 100644
--- a/openssl/test/testtsa.com
+++ b/openssl/test/testtsa.com
@@ -2,14 +2,17 @@ $!
 $! A few very basic tests for the 'ts' time stamping authority command.
 $!
 $
-$	__arch := VAX
+$	__arch = "VAX"
 $	if f$getsyi("cpu") .ge. 128 then -
 	   __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$	if __arch .eqs. "" then __arch := UNK
-$	exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$	if __arch .eqs. "" then __arch = "UNK"
+$!
+$	if (p4 .eqs. "64") then __arch = __arch+ "_64"
+$!
+$	exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
 $
-$	openssl := mcr 'f$parse(exe_dir+"openssl.exe")'
-$	OPENSSL_CONF := [-]CAtsa.cnf
+$	openssl = "mcr ''f$parse(exe_dir+"openssl.exe")'"
+$	OPENSSL_CONF = "[-]CAtsa.cnf"
 $	! Because that's what ../apps/CA.sh really looks at
 $	SSLEAY_CONFIG = "-config " + OPENSSL_CONF
 $
@@ -114,8 +117,8 @@ $
 $ time_stamp_response_token_test:
 $	subroutine
 $
-$		RESPONSE2:='p2'.copy_tsr
-$		TOKEN_DER:='p2'.token_der
+$		RESPONSE2 = p2+ "-copy_tsr"
+$		TOKEN_DER = p2+ "-token_der"
 $		openssl ts -reply -in 'p2' -out 'TOKEN_DER' -token_out
 $		if $severity .ne. 1 then call error
 $		openssl ts -reply -in 'TOKEN_DER' -token_in -out 'RESPONSE2'
@@ -145,13 +148,13 @@ $ verify_time_stamp_token:
 $	subroutine
 $
 $		! create the token from the response first
-$		openssl ts -reply -in 'p2' -out 'p2'.token -token_out
+$		openssl ts -reply -in "''p2'" -out "''p2'-token" -token_out
 $		if $severity .ne. 1 then call error
-$		openssl ts -verify -queryfile 'p1' -in 'p2'.token -token_in -
-			"-CAfile" tsaca.pem -untrusted tsa_cert1.pem
+$		openssl ts -verify -queryfile "''p1'" -in "''p2'-token" -
+		 -token_in "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
 $		if $severity .ne. 1 then call error
-$		openssl ts -verify -data 'p3' -in 'p2'.token -token_in -
-			"-CAfile" tsaca.pem -untrusted tsa_cert1.pem
+$		openssl ts -verify -data "''p3'" -in "''p2'-token" -
+		 -token_in "-CAfile" tsaca.pem -untrusted tsa_cert1.pem
 $		if $severity .ne. 1 then call error
 $	endsubroutine
 $
@@ -185,64 +188,64 @@ $	write sys$output "Creating req1.req time stamp request for file testtsa..."
 $	call create_time_stamp_request1
 $
 $	write sys$output "Printing req1.req..."
-$	call print_request req1.tsq
+$	call print_request "req1.tsq"
 $
 $	write sys$output "Generating valid response for req1.req..."
-$	call create_time_stamp_response req1.tsq resp1.tsr tsa_config1
+$	call create_time_stamp_response "req1.tsq" "resp1.tsr" "tsa_config1"
 $
 $	write sys$output "Printing response..."
-$	call print_response resp1.tsr
+$	call print_response "resp1.tsr"
 $
 $	write sys$output "Verifying valid response..."
-$	call verify_time_stamp_response req1.tsq resp1.tsr [-]testtsa.com
+$	call verify_time_stamp_response "req1.tsq" "resp1.tsr" "[-]testtsa.com"
 $
 $	write sys$output "Verifying valid token..."
-$	call verify_time_stamp_token req1.tsq resp1.tsr [-]testtsa.com
+$	call verify_time_stamp_token "req1.tsq" "resp1.tsr" "[-]testtsa.com"
 $
 $	! The tests below are commented out, because invalid signer certificates
 $	! can no longer be specified in the config file.
 $
 $	! write sys$output "Generating _invalid_ response for req1.req..."
-$	! call create_time_stamp_response req1.tsq resp1_bad.tsr tsa_config2
+$	! call create_time_stamp_response "req1.tsq" "resp1_bad.tsr" "tsa_config2"
 $
 $	! write sys$output "Printing response..."
-$	! call print_response resp1_bad.tsr
+$	! call print_response "resp1_bad.tsr"
 $
 $	! write sys$output "Verifying invalid response, it should fail..."
-$	! call verify_time_stamp_response_fail req1.tsq resp1_bad.tsr
+$	! call verify_time_stamp_response_fail "req1.tsq" "resp1_bad.tsr"
 $
 $	write sys$output "Creating req2.req time stamp request for file testtsa..."
 $	call create_time_stamp_request2
 $
 $	write sys$output "Printing req2.req..."
-$	call print_request req2.tsq
+$	call print_request "req2.tsq"
 $
 $	write sys$output "Generating valid response for req2.req..."
-$	call create_time_stamp_response req2.tsq resp2.tsr tsa_config1
+$	call create_time_stamp_response "req2.tsq" "resp2.tsr" "tsa_config1"
 $
 $	write sys$output "Checking '-token_in' and '-token_out' options with '-reply'..."
-$	call time_stamp_response_token_test req2.tsq resp2.tsr
+$	call time_stamp_response_token_test "req2.tsq" "resp2.tsr"
 $
 $	write sys$output "Printing response..."
-$	call print_response resp2.tsr
+$	call print_response "resp2.tsr"
 $
 $	write sys$output "Verifying valid response..."
-$	call verify_time_stamp_response req2.tsq resp2.tsr [-]testtsa.com
+$	call verify_time_stamp_response "req2.tsq" "resp2.tsr" "[-]testtsa.com"
 $
 $	write sys$output "Verifying response against wrong request, it should fail..."
-$	call verify_time_stamp_response_fail req1.tsq resp2.tsr
+$	call verify_time_stamp_response_fail "req1.tsq" "resp2.tsr"
 $
 $	write sys$output "Verifying response against wrong request, it should fail..."
-$	call verify_time_stamp_response_fail req2.tsq resp1.tsr
+$	call verify_time_stamp_response_fail "req2.tsq" "resp1.tsr"
 $
 $	write sys$output "Creating req3.req time stamp request for file CAtsa.cnf..."
 $	call create_time_stamp_request3
 $
 $	write sys$output "Printing req3.req..."
-$	call print_request req3.tsq
+$	call print_request "req3.tsq"
 $
 $	write sys$output "Verifying response against wrong request, it should fail..."
-$	call verify_time_stamp_response_fail req3.tsq resp1.tsr
+$	call verify_time_stamp_response_fail "req3.tsq" "resp1.tsr"
 $
 $	write sys$output "Cleaning up..."
 $	call clean_up_dir
diff --git a/openssl/test/tpkcs7.com b/openssl/test/tpkcs7.com
index e107cc141..3fc4982bb 100644
--- a/openssl/test/tpkcs7.com
+++ b/openssl/test/tpkcs7.com
@@ -1,14 +1,17 @@
 $! TPKCS7.COM  --  Tests pkcs7 keys
 $
-$	__arch := VAX
+$	__arch = "VAX"
 $	if f$getsyi("cpu") .ge. 128 then -
 	   __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$	if __arch .eqs. "" then __arch := UNK
-$	exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$	if __arch .eqs. "" then __arch = "UNK"
+$!
+$	if (p2 .eqs. "64") then __arch = __arch+ "_64"
+$!
+$	exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
 $
-$	cmd := mcr 'exe_dir'openssl pkcs7
+$	cmd = "mcr ''exe_dir'openssl pkcs7"
 $
-$	t := testp7.pem
+$	t = "testp7.pem"
 $	if p1 .nes. "" then t = p1
 $
 $	write sys$output "testing PKCS7 conversions"
diff --git a/openssl/test/tpkcs7d.com b/openssl/test/tpkcs7d.com
index 5ff653cce..eea8c888e 100644
--- a/openssl/test/tpkcs7d.com
+++ b/openssl/test/tpkcs7d.com
@@ -1,14 +1,17 @@
 $! TPKCS7.COM  --  Tests pkcs7 keys
 $
-$	__arch := VAX
+$	__arch = "VAX"
 $	if f$getsyi("cpu") .ge. 128 then -
 	   __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$	if __arch .eqs. "" then __arch := UNK
-$	exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$	if __arch .eqs. "" then __arch = "UNK"
+$!
+$	if (p2 .eqs. "64") then __arch = __arch+ "_64"
+$!
+$	exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
 $
-$	cmd := mcr 'exe_dir'openssl pkcs7
+$	cmd = "mcr ''exe_dir'openssl pkcs7"
 $
-$	t := pkcs7-1.pem
+$	t = "pkcs7-1.pem"
 $	if p1 .nes. "" then t = p1
 $
 $	write sys$output "testing PKCS7 conversions (2)"
diff --git a/openssl/test/treq.com b/openssl/test/treq.com
index d2594be6a..acf08b79e 100644
--- a/openssl/test/treq.com
+++ b/openssl/test/treq.com
@@ -1,14 +1,17 @@
 $! TREQ.COM  --  Tests req keys
 $
-$	__arch := VAX
+$	__arch = "VAX"
 $	if f$getsyi("cpu") .ge. 128 then -
 	   __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$	if __arch .eqs. "" then __arch := UNK
-$	exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$	if __arch .eqs. "" then __arch = "UNK"
+$!
+$	if (p2 .eqs. "64") then __arch = __arch+ "_64"
+$!
+$	exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
 $
-$	cmd := mcr 'exe_dir'openssl req -config [-.apps]openssl-vms.cnf
+$	cmd = "mcr ''exe_dir'openssl req -config [-.apps]openssl-vms.cnf"
 $
-$	t := testreq.pem
+$	t = "testreq.pem"
 $	if p1 .nes. "" then t = p1
 $
 $	write sys$output "testing req conversions"
diff --git a/openssl/test/trsa.com b/openssl/test/trsa.com
index d3a8a605b..54180843e 100644
--- a/openssl/test/trsa.com
+++ b/openssl/test/trsa.com
@@ -1,10 +1,13 @@
 $! TRSA.COM  --  Tests rsa keys
 $
-$	__arch := VAX
+$	__arch = "VAX"
 $	if f$getsyi("cpu") .ge. 128 then -
 	   __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$	if __arch .eqs. "" then __arch := UNK
-$	exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$	if __arch .eqs. "" then __arch = "UNK"
+$!
+$	if (p2 .eqs. "64") then __arch = __arch+ "_64"
+$!
+$	exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
 $
 $	set noon
 $	define/user sys$output nla0:
@@ -17,9 +20,9 @@ $	    write sys$output "skipping RSA conversion test"
 $	    exit
 $	endif
 $
-$	cmd := mcr 'exe_dir'openssl rsa
+$	cmd = "mcr ''exe_dir'openssl rsa"
 $
-$	t := testrsa.pem
+$	t = "testrsa.pem"
 $	if p1 .nes. "" then t = p1
 $
 $	write sys$output "testing RSA conversions"
diff --git a/openssl/test/tsid.com b/openssl/test/tsid.com
index 267ace113..b6c4e4947 100644
--- a/openssl/test/tsid.com
+++ b/openssl/test/tsid.com
@@ -1,14 +1,17 @@
 $! TSID.COM  --  Tests sid keys
 $
-$	__arch := VAX
+$	__arch = "VAX"
 $	if f$getsyi("cpu") .ge. 128 then -
 	   __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$	if __arch .eqs. "" then __arch := UNK
-$	exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$	if __arch .eqs. "" then __arch = "UNK"
+$!
+$	if (p2 .eqs. "64") then __arch = __arch+ "_64"
+$!
+$	exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
 $
-$	cmd := mcr 'exe_dir'openssl sess_id
+$	cmd = "mcr ''exe_dir'openssl sess_id"
 $
-$	t := testsid.pem
+$	t = "testsid.pem"
 $	if p1 .nes. "" then t = p1
 $
 $	write sys$output "testing session-id conversions"
diff --git a/openssl/test/tverify.com b/openssl/test/tverify.com
index 01431f4aa..d88834463 100644
--- a/openssl/test/tverify.com
+++ b/openssl/test/tverify.com
@@ -1,13 +1,15 @@
 $! TVERIFY.COM
 $
-$	__arch := VAX
+$	__arch = "VAX"
 $	if f$getsyi("cpu") .ge. 128 then -
 	   __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$	if __arch .eqs. "" then __arch := UNK
+$	if __arch .eqs. "" then __arch = "UNK"
+$!
+$	if (p1 .eqs. "64") then __arch = __arch+ "_64"
 $!
 $	line_max = 255 ! Could be longer on modern non-VAX.
 $	temp_file_name = "certs_"+ f$getjpi( "", "PID")+ ".tmp"
-$	exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$	exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
 $	cmd = "mcr ''exe_dir'openssl verify ""-CAfile"" ''temp_file_name'"
 $	cmd_len = f$length( cmd)
 $	pems = "[-.certs...]*.pem"
@@ -19,7 +21,7 @@ $!
 $!	Loop through all the certificate files.
 $!
 $	args = ""
-$	old_f :=
+$	old_f = ""
 $ loop_file: 
 $	    f = f$search( pems)
 $	    if ((f .nes. "") .and. (f .nes. old_f))
diff --git a/openssl/test/tx509.com b/openssl/test/tx509.com
index 399eb0149..93ce988b4 100644
--- a/openssl/test/tx509.com
+++ b/openssl/test/tx509.com
@@ -1,14 +1,17 @@
 $! TX509.COM  --  Tests x509 certificates
 $
-$	__arch := VAX
+$	__arch = "VAX"
 $	if f$getsyi("cpu") .ge. 128 then -
 	   __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE")
-$	if __arch .eqs. "" then __arch := UNK
-$	exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$	if __arch .eqs. "" then __arch = "UNK"
+$!
+$	if (p2 .eqs. "64") then __arch = __arch+ "_64"
+$!
+$	exe_dir = "sys$disk:[-.''__arch'.exe.apps]"
 $
-$	cmd := mcr 'exe_dir'openssl x509
+$	cmd = "mcr ''exe_dir'openssl x509"
 $
-$	t := testx509.pem
+$	t = "testx509.pem"
 $	if p1 .nes. "" then t = p1
 $
 $	write sys$output "testing X509 conversions"
diff --git a/openssl/test/wp_test.c b/openssl/test/wp_test.c
index e69de29bb..81b2021f3 100644
--- a/openssl/test/wp_test.c
+++ b/openssl/test/wp_test.c
@@ -0,0 +1 @@
+../crypto/whrlpool/wp_test.c
\ No newline at end of file
diff --git a/openssl/util/libeay.num b/openssl/util/libeay.num
index 08808fec5..b23619f20 100644
--- a/openssl/util/libeay.num
+++ b/openssl/util/libeay.num
@@ -4189,3 +4189,8 @@ CRYPTO_cts128_encrypt_block             4560	EXIST::FUNCTION:
 CRYPTO_cbc128_decrypt                   4561	EXIST::FUNCTION:
 CRYPTO_cfb128_encrypt                   4562	EXIST::FUNCTION:
 CRYPTO_cfb128_8_encrypt                 4563	EXIST::FUNCTION:
+OPENSSL_strcasecmp                      4564	EXIST::FUNCTION:
+OPENSSL_memcmp                          4565	EXIST::FUNCTION:
+OPENSSL_strncasecmp                     4566	EXIST::FUNCTION:
+OPENSSL_gmtime                          4567	EXIST::FUNCTION:
+OPENSSL_gmtime_adj                      4568	EXIST::FUNCTION:
diff --git a/openssl/util/mkdef.pl b/openssl/util/mkdef.pl
index 40ed2ddeb..ab4732909 100644
--- a/openssl/util/mkdef.pl
+++ b/openssl/util/mkdef.pl
@@ -257,6 +257,8 @@ $ssl.=" ssl/tls1.h";
 
 my $crypto ="crypto/crypto.h";
 $crypto.=" crypto/o_dir.h";
+$crypto.=" crypto/o_str.h";
+$crypto.=" crypto/o_time.h";
 $crypto.=" crypto/des/des.h crypto/des/des_old.h" ; # unless $no_des;
 $crypto.=" crypto/idea/idea.h" ; # unless $no_idea;
 $crypto.=" crypto/rc4/rc4.h" ; # unless $no_rc4;
diff --git a/openssl/util/mkerr.pl b/openssl/util/mkerr.pl
index d8ea43a5d..2c99467d3 100644
--- a/openssl/util/mkerr.pl
+++ b/openssl/util/mkerr.pl
@@ -576,7 +576,7 @@ EOF
 	print OUT <<"EOF";
 /* $cfile */
 /* ====================================================================
- * Copyright (c) 1999-2010 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
-- 
cgit v1.2.3